Glossary
Short, answer-first definitions. Use search & toggle views.
A
- ACL Rules
- IP-based allowlist restricting which source addresses can call the API.
- Active Reports
- Current blocklist detections associated with an IP.
- API Key
- Secret token used to authenticate requests; store securely and rotate regularly.
- API Key Rotation
- Periodic regeneration of API keys to limit exposure risk.
- ASN
- Autonomous System Number identifying a routing domain on the internet.
B
- Base Analysis
- Underlying set of risk factors contributing to a risk score.
- Batch Analysis
- Submit multiple emails or IPs in a single async request and poll for completion.
- Batch Job
- Asynchronous processing task created by a bulk submission.
- BCP 47
- Standard for language and locale tags (e.g., en-US).
- Behavioral Telemetry
- Keystroke timing, typing speed, scroll patterns, and interaction events collected by the Fraud Protection JS Script and sent to the Opportify backend for behavioral risk analysis.
- Blocklisted
- Flag indicating listing in one or more external blocklists.
- Bot Signal
- An individual fraud detection flag emitted by the Fraud Protection JS Script — e.g., honeypot triggered, gibberish content detected, automation tool identified, or unusual typing pattern.
C
- Catch-All Domain
- Domain configured to accept mail for any local part.
- CIDR
- IP range notation combining address and prefix length (e.g., 192.168.0.0/24).
- Connection Type
- Network origin category (wired, mobile, vpn, cloud-provider, open-proxy, tor, satellite, enterprise).
D
- Deliverable
- SMTP simulation indicates mailbox exists and accepts mail.
- Disposable Email
- Temporary address from a throwaway provider used for short-lived signups.
- Domain Allowlist
- List of website domains permitted to initialize Fraud Protection sessions with a given public key. Requests from unlisted domains are rejected before scoring. Managed in Admin Console → Fraud Protection → Allowed Websites.
E
- Email Correction
- Suggested fix for a likely misspelled email address.
- Email Insights
- Verification, risk, and deliverability intelligence for email addresses.
- Email Provider
- Service or domain responsible for handling a mailbox.
- Email Type
- Classification of an address (free, disposable, private, unknown).
F
- Form Endpoint
- The bridge between a specific form on your website and the Opportify risk engine. Each endpoint has a unique Submit URL (used as the form action), a name, and an associated public key. Managed in Admin Console → Fraud Protection → Form Endpoints.
- Fraud Protection
- Opportify product that intercepts form submissions before they reach your backend, combining behavioral telemetry, device fingerprinting, IP intelligence, and email risk signals into a single AI-powered risk score.
G
- Geolocation Confidence
- Probability tiers indicating accuracy at continent, country, region, city granularity.
H
- Host Reverse
- Reverse DNS hostname resolved from an IP (PTR record).
I
- Idempotency
- Pattern using unique request IDs to safely retry without duplication.
- Identifier Trust Layers (ITL)
- Opportify's positioning framework describing five layers of pre-onboarding trust: ITL-0 Traffic Filtering, ITL-1 Interaction & Session Intelligence, ITL-2 Input & Signal Intelligence, ITL-3 Identity Verification, ITL-4 Transaction Fraud. Opportify covers ITL-1 and ITL-2.
- Insight Score
- Normalized indicator derived from internal models for automated decisions.
- Interaction Provenance
- Classification of how a form field was filled: human typing, browser autofill or password manager, or programmatic injection. Detected by the Fraud Protection JS Script.
- IP Insights
- Enrichment & risk scoring for IPs (geo, WHOIS, connection, blocklist, risk).
J
- Job ID
- Unique identifier returned for a batch job.
- Job Status
- Lifecycle state of a batch job (QUEUED, PROCESSING, COMPLETED, ERROR).
M
- MX Record
- DNS record listing mail exchange servers for a domain.
N
- No Query Parameters Policy
- Security measure avoiding sensitive data in URLs; all inputs via body or headers.
- Normalization
- Standardization of external signals into consistent internal attributes.
- Normalized Score
- Risk model output mapped to a 200–1000 scale.
O
- opportifyFormUUID
- A UUID injected as a hidden input field by the Fraud Protection JS Script. It identifies which Form Endpoint this form maps to. Included automatically in every form POST.
- opportifyToken
- A per-session, per-form cryptographic submit token injected as a hidden input by the Fraud Protection JS Script. Required for form submission validation. Read from the DOM via document.querySelector('input[name="opportifyToken"]').value.
- Organization ID
- Registry-issued identifier representing an organization.
P
- PII
- Personally Identifiable Information; sensitive data linked to an individual.
- Pre-Signed URL
- Time-limited link granting access to a batch results file.
- Public Key
- Opportify key starting with pk_live_ or pk_test_ used to initialize the Fraud Protection JS Script. Readable from page source — it is not a secret. Used for request signing, not authentication.
R
- Rate Limit
- Max number of requests allowed in a time window; exceeding returns HTTP 429.
- Retry-After
- HTTP header telling how many seconds to wait before retrying.
- Reverse DNS
- PTR lookup mapping an IP address to a hostname.
- RIR
- Regional Internet Registry allocating IP address space.
- Risk Level
- Categorical mapping of normalized score (200–1000) to five severity tiers: lowest (≤300), low (301–400), medium (401–600), high (601–800), highest (>800).
S
- SDK
- Language helper library wrapping REST endpoints with idiomatic functions.
- Session Context
- The full enrichment object attached to a Fraud Protection submission asynchronously: device fingerprint, network fingerprint, all behavioral detections, device object (browser, OS, screen), and session creation timestamp.
- Status Description
- Human-readable context associated with a batch job status.
- Submit Interception
- The Fraud Protection JS Script capability of intercepting a form submit event and proxying the POST to the Opportify Submit URL. Can be disabled per-form with data-opty-submit-interception="disabled" for forms with custom submit handlers.
- Submit URL
- The unique Opportify endpoint URL set as a form action. Format: https://api.opportify.ai/intel/v1/submit/<endpoint-id>. Every submission is proxied through this URL for analysis.
T
- Trusted Provider
- Known provider/network classified as low-risk or enterprise (e.g., ZTNA providers such as Zscaler, Cloudflare Access). Reduces IP risk score by 90 points.
W
- Webhook
- HTTP callback that fires per Fraud Protection form submission, pushing the full risk report to a configured URL. Supports risk level filtering, custom headers, field mapping, test mode, and delivery logs.
- WHOIS
- Public registry data describing ownership of Internet resources.
Z
- ZTNA
- Zero Trust Network Access security model emphasizing identity & context over perimeter.
Missing a term? Open a pull request.