FraudRadar API Documentation
Integrate IP risk scoring into your application in minutes. Our API detects VPNs, proxies, Tor nodes, and datacenter IPs to help you prevent fraud.
Quick Start
Get started with IP risk checking in 3 simple steps:
1. Get Your API Key
Sign up at portal.iphub.live to get your API key. Free tier includes 1,000 checks per month.
2. Make Your First Request
bash
curl "https://api.iphub.live/api/v1/ip/check?ip=8.8.8.8" \
-H "X-API-Key: hub_live_your_api_key"3. Handle the Response
json
{
"status": "success",
"data": {
"ip": "8.8.8.8",
"decision": "allow",
"risk": {
"score": 5,
"level": "minimal",
"confidence": "high"
},
"connection_profile": {
"type": "datacenter",
"isp": "Google LLC",
"asn": 15169,
"flags": {
"vpn": false,
"tor": false,
"proxy": false,
"datacenter": true,
"proxy_type": ""
}
},
"geo": {
"country_code": "US",
"country_name": "United States",
"region": "California",
"city": "Mountain View",
"timezone": "America/Los_Angeles"
}
},
"request_id": "550e8400-e29b-41d4-a716-446655440000"
}Authentication
All API requests require authentication via the X-API-Key header or Authorization: Bearer header.
http
# Header authentication (recommended)
X-API-Key: hub_live_your_api_key
# Bearer token authentication
Authorization: Bearer hub_live_your_api_key
# Query parameter (GET requests only)
/api/v1/ip/check?ip=8.8.8.8&key=hub_live_your_api_keyKeep your API key secret! Never expose it in client-side code or public repositories. Use environment variables to store your key securely.
API Key Types
| Prefix | Environment | Use Case |
|---|---|---|
hub_live_ | Production | Live traffic, real billing |
hub_test_ | Test | Development, testing |
API Reference
IP Check GET POST
Check the risk score of an IP address.
| Endpoint | Method |
|---|---|
/api/v1/ip/check | GET, POST |
Request Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
ip | string | Yes | IPv4 address to check |
context | string | No | Context hint: checkout, login, signup |
GET Request
GET /api/v1/ip/check
curl -X GET "https://api.iphub.live/api/v1/ip/check?ip=8.8.8.8" \
-H "X-API-Key: hub_live_your_api_key"POST Request
POST /api/v1/ip/check
curl -X POST "https://api.iphub.live/api/v1/ip/check" \
-H "X-API-Key: hub_live_your_api_key" \
-H "Content-Type: application/json" \
-d '{"ip": "8.8.8.8", "context": "checkout"}'Response Format
Success Response (200 OK)
json
{
"status": "success",
"data": {
"ip": "8.8.8.8",
"decision": "allow", // allow | review | challenge | block
"risk": {
"score": 5, // 0-100 (higher = riskier)
"level": "minimal", // minimal | low | medium | high | critical
"confidence": "high" // high | medium | low
},
"connection_profile": {
"type": "datacenter", // residential | datacenter | mobile
"isp": "Google LLC",
"asn": 15169,
"flags": {
"vpn": false,
"tor": false,
"proxy": false,
"datacenter": true,
"proxy_type": "" // VPN | TOR | DCH | PUB | WEB | RES | ...
}
},
"geo": {
"country_code": "US",
"country_name": "United States",
"region": "California",
"city": "Mountain View",
"timezone": "America/Los_Angeles",
"accuracy_km": 5
},
"explanation": ["IP belongs to Google datacenter"]
}
}Decision Values
| Decision | Risk Score | Recommended Action |
|---|---|---|
allow | 0-29 | Low risk, allow traffic |
review | 30-59 | Medium risk, log for review |
challenge | 60-79 | High risk, present CAPTCHA |
block | 80-100 | Critical risk, block traffic |
Risk Levels
| Level | Score Range | Description |
|---|---|---|
minimal | 0-9 | Clean IP, very low risk |
low | 10-29 | Minor signals detected |
medium | 30-59 | Moderate risk indicators |
high | 60-79 | High risk, likely VPN/proxy |
critical | 80-100 | Known malicious or high-risk IP |
Proxy Types
| Code | Description |
|---|---|
VPN | VPN service |
TOR | Tor exit node |
DCH | Datacenter/hosting |
PUB | Public proxy |
WEB | Web proxy |
SES | Search engine spider |
RES | Residential proxy |
CPN | Corporate proxy |
EPN | Education proxy |
Error Handling
The API uses standard HTTP status codes and returns structured error responses.
Error Response Format
json
{
"status": "error",
"error": {
"code": "INVALID_IP",
"message": "Invalid IP address format",
"details": { "field": "ip", "input": "not-an-ip" }
},
"detail": "Invalid IP address format",
"request_id": "550e8400-e29b-41d4-a716-446655440000"
}Error Codes
| HTTP | Code | Description | Action |
|---|---|---|---|
| 401 | UNAUTHORIZED | Invalid or missing API key | Verify API key |
| 403 | FORBIDDEN | Access denied | Check permissions |
| 422 | INVALID_IP | Malformed IP address format | Validate IP before request |
| 422 | PRIVATE_IP | RFC1918 private IP (10.x, 172.16.x, 192.168.x) | Use public IP |
| 422 | RESERVED_IP | IANA reserved IP range | Use public IP |
| 422 | LOOPBACK_IP | Loopback address (127.x.x.x, ::1) | Use public IP |
| 422 | MULTICAST_IP | Multicast address (224.x.x.x+) | Use public IP |
| 422 | LINK_LOCAL_IP | Link-local address (169.254.x.x) | Use public IP |
| 429 | RATE_LIMITED | Rate limit exceeded | Wait and retry with backoff |
| 500 | INTERNAL_ERROR | Server error | Retry with backoff |
Rate Limiting
Rate limits are applied per API key and per source IP.
Default Limits
| Tier | Requests/minute | Requests/month |
|---|---|---|
| Free | 20 | 1,000 |
| Pro | 100 | 100,000 |
| Enterprise | Custom | Unlimited |
Rate Limit Headers
http
X-RateLimit-Limit: 100
X-RateLimit-Remaining: 95
X-RateLimit-Reset: 1704412800Handling 429 Responses
python
import time
import requests
API_KEY = "hub_live_your_api_key"
BASE_URL = "https://api.iphub.live/api/v1"
def check_ip_with_retry(ip, max_retries=3):
for attempt in range(max_retries):
response = requests.get(
f"{BASE_URL}/ip/check",
params={"ip": ip},
headers={"X-API-Key": API_KEY}
)
if response.status_code == 429:
retry_after = int(response.headers.get("Retry-After", 60))
time.sleep(retry_after)
continue
response.raise_for_status()
return response.json()
raise Exception("Max retries exceeded")Best Practices
1. Cache Results
IP risk scores don't change frequently. Cache results for 5-15 minutes to reduce API calls.
2. Use Context Parameter
Pass the context parameter to get more relevant risk assessments. Checkout flows may have different risk thresholds than login attempts.
3. Handle Errors Gracefully
Always handle API errors. Use a fallback strategy (e.g., allow with flag for review) if the API is unavailable.
4. Don't Block on VPN Alone
Many legitimate users use VPNs for privacy. Consider VPN detection as one factor among many, not an automatic block.
5. Log Request IDs
Include the request_id from responses in your logs for debugging and support requests.
Complete Code Examples
Python Integration
python
# requirements.txt: requests>=2.28.0
import requests
from typing import Optional
import os
class IPHubClient:
def __init__(self, api_key: Optional[str] = None):
self.api_key = api_key or os.getenv("IPHUB_API_KEY")
self.base_url = "https://api.iphub.live/api/v1"
def check_ip(self, ip: str, context: str = None) -> dict:
"""
Check IP risk score.
Args:
ip: IPv4 address to check
context: Optional context (checkout, login, signup)
Returns:
API response dict with risk data
"""
params = {"ip": ip}
if context:
params["context"] = context
response = requests.get(
f"{self.base_url}/ip/check",
params=params,
headers={"X-API-Key": self.api_key},
timeout=5
)
response.raise_for_status()
return response.json()
def should_block(self, ip: str) -> bool:
"""Quick check if IP should be blocked."""
result = self.check_ip(ip)
return result["data"]["decision"] == "block"
# Usage
client = IPHubClient("hub_live_your_api_key")
# Check single IP
result = client.check_ip("8.8.8.8", context="checkout")
print(f"Decision: {result['data']['decision']}")
print(f"Is VPN: {result['data']['connection_profile']['flags']['vpn']}")
# Quick block check
if client.should_block(user_ip):
return {"error": "Access denied"}Node.js / JavaScript Integration
javascript
// npm install node-fetch (for Node.js < 18)
class IPHubClient {
constructor(apiKey) {
this.apiKey = apiKey || process.env.IPHUB_API_KEY;
this.baseUrl = "https://api.iphub.live/api/v1";
}
async checkIP(ip, context = null) {
const params = new URLSearchParams({ ip });
if (context) params.append("context", context);
const response = await fetch(
`${this.baseUrl}/ip/check?${params}`,
{
headers: { "X-API-Key": this.apiKey },
signal: AbortSignal.timeout(5000)
}
);
if (!response.ok) {
const error = await response.json();
throw new Error(error.error?.message || `HTTP ${response.status}`);
}
return response.json();
}
async shouldBlock(ip) {
const result = await this.checkIP(ip);
return result.data.decision === "block";
}
}
// Usage
const client = new IPHubClient("hub_live_your_api_key");
// Express.js middleware example
app.use(async (req, res, next) => {
const ip = req.ip || req.headers["x-forwarded-for"];
try {
const result = await client.checkIP(ip, "api");
req.riskScore = result.data.risk.score;
req.isVPN = result.data.connection_profile.flags.vpn;
if (result.data.decision === "block") {
return res.status(403).json({ error: "Access denied" });
}
next();
} catch (error) {
console.error("IP check failed:", error);
next(); // Fail open
}
});PHP Integration
php
<?php
// composer require guzzlehttp/guzzle (optional, for better HTTP client)
class IPHubClient {
private $apiKey;
private $baseUrl = "https://api.iphub.live/api/v1";
public function __construct($apiKey = null) {
$this->apiKey = $apiKey ?: getenv("IPHUB_API_KEY");
}
public function checkIP($ip, $context = null) {
$params = ["ip" => $ip];
if ($context) {
$params["context"] = $context;
}
$url = $this->baseUrl . "/ip/check?" . http_build_query($params);
$ch = curl_init();
curl_setopt_array($ch, [
CURLOPT_URL => $url,
CURLOPT_RETURNTRANSFER => true,
CURLOPT_TIMEOUT => 5,
CURLOPT_HTTPHEADER => [
"X-API-Key: " . $this->apiKey
]
]);
$response = curl_exec($ch);
$httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);
if ($httpCode !== 200) {
throw new Exception("API Error: HTTP " . $httpCode);
}
return json_decode($response, true);
}
public function shouldBlock($ip) {
$result = $this->checkIP($ip);
return $result["data"]["decision"] === "block";
}
}
// Usage
$client = new IPHubClient("hub_live_your_api_key");
// Laravel middleware example
class CheckIPRisk {
public function handle($request, Closure $next) {
$client = new IPHubClient();
$ip = $request->ip();
try {
$result = $client->checkIP($ip, "api");
$request->attributes->set("risk_score", $result["data"]["risk"]["score"]);
$request->attributes->set("is_vpn", $result["data"]["connection_profile"]["flags"]["vpn"]);
if ($result["data"]["decision"] === "block") {
return response()->json(["error" => "Access denied"], 403);
}
} catch (Exception $e) {
Log::warning("IP check failed: " . $e->getMessage());
}
return $next($request);
}
}cURL Examples
bash
# Basic GET request
curl "https://api.iphub.live/api/v1/ip/check?ip=8.8.8.8" \
-H "X-API-Key: hub_live_your_api_key"
# GET with query param auth
curl "https://api.iphub.live/api/v1/ip/check?ip=8.8.8.8&key=hub_live_your_api_key"
# POST request with context
curl -X POST "https://api.iphub.live/api/v1/ip/check" \
-H "X-API-Key: hub_live_your_api_key" \
-H "Content-Type: application/json" \
-d '{"ip": "8.8.8.8", "context": "checkout"}'
# With custom request ID for tracing
curl "https://api.iphub.live/api/v1/ip/check?ip=8.8.8.8" \
-H "X-API-Key: hub_live_your_api_key" \
-H "X-Request-ID: my-trace-id-123"