Fraud Protection APIServer-Side Integration

Fraud Risk Scoring for Backends, APIs, and Mobile Apps.

Send submission data from your backend and receive a complete fraud risk assessment in a single synchronous API call. Email, IP, content, velocity, and geographic signals scored in parallel. Your team decides what to do with the result.

6
intelligence sources evaluated in parallel
200–1000
normalized risk score with reason codes
1 call
synchronous response, no webhook needed
View API Reference

14-day free trial. No credit card required.

POST/intel/v1/fraud/analyze
{
  "email": "john.doe@example.com",
  "phone1": "+14155551234",
  "phone2": "+14155559876",
  "userIp": "203.0.113.42",
  "firstName": "John",
  "lastName": "Doe",
  "fullName": "John Doe",
  "username": "johndoe_92",
  "companyName": "Acme Corp",
  "website": "https://acme.example.com",
  "subject": "Partnership inquiry",
  "message": "Hello, I am interested in your services...",
  "address1": "123 Main St",
  "address2": "Suite 400",
  "city": "San Francisco",
  "region": "CA",
  "country": "US",
  "postalCode": "94105",
  "origin": "www.example.com",
  "submissionType": "registration",
  "formData": {
    "referral_code": "ABC123",
    "newsletter_opt_in": "true"
  },
  "opportifyToken": "opptok_v1.YWJjMTIz.ZGVmNDU2.Z2hpNzg5",
  "opportifyFormUUID": "f47ac10b-58cc-4372-a567-0e02b2c3d479"
}

Integrate in 4 Steps

One endpoint. Synchronous response. Your backend stays in control.

1

Generate Your API Key

Create a private API key from your dashboard. Pass it in the x-opportify-token header on every request. All fields are transmitted in the request body to prevent PII from appearing in access logs.

# Request header
x-opportify-token:
sk_live_your_api_key
2

Send Submission Data

POST to /intel/v1/fraud/analyze with the submission fields your backend already captures. At minimum, provide email or userIp. Add phone, name, IP, and content fields for stronger signal coverage.

emailuserIpphone1firstNamelastNamecompanyNameoriginsubmissionType
3

Receive the Risk Assessment

The API responds synchronously with a complete risk report: score, level, reason codes, and per-source breakdowns for email, IP, phone, content, velocity, and geographic signals.

LOWESTLOWMEDIUMHIGHHIGHEST
4

Apply Your Business Logic

The risk assessment is advisory. Accept, flag, queue for review, or route based on the score and reason codes. Your backend owns the decision. No automatic blocking or gating occurs on our side.

Accept (lowest/low)Review (medium)Flag (high)Restrict (highest)

Signal Coverage

Six intelligence sources evaluated in parallel on every API call. Behavioral signals are added in hybrid mode.

Signal CategoryAPI OnlyClient-Side (JS) OnlyHybrid (API + JS Client)

Email Intelligence

  • Deliverability check (SMTP-verified)
  • Disposable and role-based address detection
  • Free provider classification
  • Domain age and SSL certificate
  • MX, SPF, DKIM, DMARC validation
  • Catch-all and mailbox-full detection

IP Intelligence

  • Geolocation (country, city, region, timezone)
  • Connection type (wired, mobile, satellite)
  • VPN, proxy, Tor exit node detection
  • Datacenter IP classification
  • Blocklist status across multiple sources
  • Trusted ZTNA provider recognition

Content Analysis

  • Gibberish detection on name fields
  • Spam pattern recognition in message text
  • Name consistency scoring
  • Subject line risk signals

Velocity Analysis

  • Submission frequency per email (60s, 300s, 3600s windows)
  • Submission frequency per IP across time windows
  • Anomaly detection on submission rates

Geographic Cross-Referencing

  • IP geolocation vs. declared country consistency
  • Email domain country signals
  • Cross-signal geographic coherence scoring

Behavioral & Session Intelligence

  • Typing cadence and keystroke dynamics
  • Automation and headless browser detection
  • Honeypot trigger signals
  • Device fingerprint (browser, OS, screen, viewport)
  • User agent consistency checks
  • Session origin and provenance validation

Available automatically with the JS client; added to API scoring in hybrid mode

All signals are bundled into a single analysis. Billing is per completed analysis, not per signal.

Hybrid Mode

Add Behavioral Signals to Your API Calls

Deploy the JS client alongside the API to incorporate behavioral telemetry into your synchronous risk assessment. Typing patterns, automation detection, device fingerprinting, and honeypot triggers become part of the score.

How Hybrid Mode Works

  1. 1

    Add the JS client to your page

    Same snippet as Form Fraud Protection. The client collects behavioral telemetry and device signals in the background.

  2. 2

    JS client injects opportifyToken into the form

    After the session initializes, the client automatically adds hidden opportifyToken and opportifyFormUUID fields to your form.

  3. 3

    Your backend extracts both tokens from the payload

    Read opportifyToken and opportifyFormUUID from the submitted form data. Both are required for full session resolution.

  4. 4

    Include tokens in your API request

    Pass opportifyToken, opportifyFormUUID, and origin in your POST to /intel/v1/fraud/analyze. The API resolves the session and incorporates all behavioral signals into the risk assessment.

Behavioral Signals Added in Hybrid Mode

  • Typing cadence

    Keystroke timing patterns across all fields, compared to human baseline distributions

  • Automation detection

    Headless browser flags, scripted interaction patterns, and missing micro-interactions

  • Honeypot triggers

    Hidden field interactions that real users never encounter but bots frequently trigger

  • Device fingerprint

    Stable HMAC-based device identity from browser, OS, screen, viewport, CPU, and preference signals

  • User agent consistency

    Cross-check between the declared UA, client hints, and observed browser behavior

  • Session origin validation

    Verifies that the submission origin matches the session context and allowed domain

Both opportifyToken and opportifyFormUUID are required for full session resolution. Sending only the token without the form UUID results in a lightweight fallback with no behavioral enrichment.

Built for Every Backend Use Case

Score submissions wherever your backend processes them, with no frontend dependency required.

SaaS Registration Flows

  • Score every sign-up before creating an account. Detect disposable emails, datacenter IPs, and synthetic identities at registration time.

  • Flag trial abuse and multi-account patterns using velocity analysis across email, IP, and device combinations.

  • Apply risk-based routing: fast-track low-risk registrations and send high-risk sign-ups to manual review before provisioning.

Mobile Apps and API-First Flows

  • Score mobile sign-ups and onboarding steps from your backend. No JS client needed for pure API-mode scoring.

  • Analyze email, phone, IP, and content signals without any frontend instrumentation.

  • Deploy hybrid mode for maximum coverage: add the JS client to your mobile web view to incorporate behavioral signals into API scoring.

Backend Workflows and Webhooks

  • Score inbound leads, form submissions, and contact requests received via your own backend before routing to CRM.

  • Integrate into serverless functions, webhook processors, or middleware to screen submissions at any point in your pipeline.

  • Receive synchronous risk assessments with no external webhook configuration required.

Pre-KYC Screening

  • Filter high-risk and synthetic submissions before they enter identity verification workflows, reducing unnecessary KYC spend.

  • Catch fabricated identities and VOIP numbers using email, phone, and IP risk signals before KYC begins.

  • Route high-risk applicants to enhanced review while fast-tracking low-risk users through onboarding.

Fraud Protection · No Credit Card Required

Start scoring submissions from your backend

Integrate the Fraud Protection API in hours. Synchronous risk assessment across six intelligence sources. 14-day free trial.

  • Access to Email and IP Insights
  • Pre-built workflows and SDKs included
View API Reference

Need a no-code form integration instead? See Form Fraud Protection.

Frequently Asked Questions

What is the Fraud Protection API?

The Fraud Protection API is a synchronous server-to-server REST endpoint: POST /intel/v1/fraud/analyze. Your backend sends submission fields and receives a complete risk assessment in a single HTTP response. No webhook configuration is needed; the risk score, level, and reason codes are returned synchronously.

What fields are required?

At minimum, provide email or userIp. Adding more fields (name, content, origin, submissionType) activates additional intelligence sources and produces a more complete risk assessment. Phone numbers (phone1, phone2) are accepted and contribute to velocity analysis and geographic cross-referencing. The more signals provided, the richer the risk report.

How is the API different from Form Fraud Protection?

Form Fraud Protection is a client-side integration: you add one JavaScript snippet, point your form to a secure endpoint, and submissions are scored asynchronously with results delivered via webhook.

The Fraud Protection API is a server-side integration: your backend calls the API directly and receives the risk assessment synchronously in the response. You apply your own business logic before creating accounts, routing data, or processing submissions.

Form Fraud Protection includes behavioral signals (device fingerprint, typing patterns, automation detection) automatically. The API includes behavioral signals only in hybrid mode, when both the JS client and the API are deployed together.

Does the API include behavioral signals?

Behavioral signals (typing cadence, automation detection, device fingerprinting, honeypot triggers) are available in hybrid mode. Deploy the Opportify JS client on your frontend and include opportifyToken and opportifyFormUUID in your API request. The API resolves the session and incorporates all behavioral signals into the synchronous risk assessment.

In API-only mode (no JS client), behavioral signals are not available. The assessment uses email, IP, phone, content, velocity, and geographic signals.

How do I authenticate API requests?

Pass your private API key in the x-opportify-token request header. Generate your key from the dashboard. All submission fields are passed in the request body, never in query parameters, to prevent PII from appearing in access logs or cached URLs.

What does the response look like?

The response includes a top-level score (200–1000), level (lowest, low, medium, high, highest), factors (reason codes), and a sources object with per-source breakdowns for email, IP, content, session, velocity, and geographic signals.

Are the outputs advisory or does the API make decisions?

All outputs are advisory risk signals. The API returns a score and reason codes; your team and your backend logic decide what to do with the result. No automatic blocking, gating, or decisioning occurs on our side. Customers are responsible for all decisions made based on risk signals.

Is there a request size limit?

Yes. The request body size limit is 64 KB. Requests exceeding this limit are rejected with a 400 error. In practice, standard submission payloads are well within this limit.

What is the pricing?

Fraud Protection uses analysis-based monthly subscription pricing. Billing is triggered only by completed analyses, whether submitted through the API or through Form Fraud Protection. Pricing is shown in your local currency on the pricing page. View current plans and pricing.

Is there a free trial?

Yes. A 14-day free trial is available with no credit card required. You get full access to all Fraud Protection features, including the API endpoint, during the trial period.