IPQS
Getting Started
About Fraud Flows

Fraud Flows is a low-code / no-code way to build a hosted user verification experience using IPQS fraud detection and validation products. Fraud Flows allow you to assemble a “flow” made up of one or more verification steps, customize the end-user experience, and then send a link to the user to complete the verification.

Fraud Flows are created and managed entirely within the Fraud Flows UI. You can:

  • Select the IPQS products you want to run during the flow.

  • Add custom form fields to capture end-user input (such as email, phone number, or other application details).

  • Customize styling so the verification experience matches your brand.

  • Send a flow link via SMS, email, or place the link anywhere you want (such as in an account recovery page, support workflow, or onboarding process).


Most Fraud Flows steps run in the background to reduce friction for legitimate users. If you include ID Verification, the user will be prompted to photograph an ID and take a selfie, which will be validated and compared for a match. 

When the user completes the flow, you can review the results for each step in your IPQS dashboard or retrieve the results programmatically to make an automated decision in your own systems.

Fraud Flows Use Cases
  • Account Recovery Verification: Confirm a user’s risk profile during password reset and recovery workflows before allowing sensitive account changes.

  • Customer Support User Verification: Send a verification link during support interactions to validate a user before discussing account details or performing account actions.

  • Account Registration & Onboarding: Reduce fake signups by running checks in the background (proxy risk, device signals, email and phone validation) and escalating to stronger verification only when needed.

  • High-Risk Account Actions: Add verification steps before actions like changing a password, updating an email or phone number, enabling 2FA, or updating payout and billing details.

  • Identity Verification (KYC-Style Checks): Use ID + selfie verification for workflows that require stronger identity assurance, such as financial access, marketplaces, or regulated user actions.

  • Applications & Form-Based Workflows: Build a full application experience directly in Fraud Flows using custom form elements (such as university applications, eligibility checks, or internal approval workflows) without building a separate front-end form system.

  • Manual Review & Escalation Paths: Trigger a Fraud Flow link when a user trips internal risk rules, allowing you to collect additional verification signals before approving, denying, or routing to manual review.

  • Promotions & Abuse Prevention: Validate users during coupon redemption, free trials, referrals, and other high-abuse events where fraudsters commonly create duplicate or automated submissions.
Creating a Fraud Flow
  1. Log into the IPQS dashboard.

  2. In the navbar on the left, select Fraud Flows.

  3. Click New Flow.

  4. Select the first validation step for your flow. We recommend starting and ending your flow with Form Page steps. Use the first to explain what the user will do, and the last to confirm the verification is complete.
    • Form Page
    • Proxy/VPN
    • Device Fingerprint
    • Phone Validation
    • ID Verification

  5. Most validation steps do not require any configuration. However, the Form Page step requires you to design the form.
    1. Click Add Field.
    2. From the Type menu, select the type of field (e.g., "Text Field", "Email Field").
    3. If applicable, enter a name for the field and a placeholder value. For example, you could name an email field "Your email address" and give it a default value of "user@example.com".

  6. To add additional steps to the flow, click Add Step.

  7. You can customize the appearance of your flow by clicking Styles. This menu allows you to select from various default styles, or create your own by entering your own CSS.
    1. Click New
    2. In the Style Name field enter a name for the style.
    3. In the Stylesheet CSS field, enter custom CSS.
    4. Click Save.

  8. When you are finished creating the flow, click Save.


You can also duplicate an existing flow by clicking Clone to the right of a flow.

Editing a Fraud Flow

Click directly on the flow you want to edit.

Deleting a Fraud Flow

Click Delete to the right of the flow you want to delete. You will be asked to confirm deletion of the flow. Flows can't be recovered once deleted.

Using a Fraud Flow

End users complete Fraud Flows in a hosted web experience accessed through a unique link. Generate this link using the /initiate  endpoint, then send it to the user automatically from your system (for example, via email or SMS).

 

Endpoint

/api/fraud-flows/initiate/{{api_key}}/{{flow_request_id}}

 

Request parameters

Field Description Required Options Default
api_key The API key associated with the flow you intend to initiate. This is likely your primary API key.

Yes

   
flow_request_id The ID of the flow you intend to initiate. Yes    
run_type How to initiate the flow. If set to link it will simply return the flow link. If set to email the email field must also be set and an email will be sent. If set to text the phone field must also be set and a text will be sent. No link, email, text link
phone The phone number to text the flow link to if run_type  is set to text. No (Yes if run_type is set to text ) A valid phone number None
email The email address to email the flow link to if run_type  is set to email. No (Yes if run_type is set to email ) A valid email address None
start_session If set to true this will initiate a session immediately instead of requiring the link to be clicked. The link URL returned will open that session directly. No true, false false
message If set, this will override the default message of the flow and be displayed before the link URL. No Any string The default message of the flow.
link_life How long a link can be clicked before expiring. No Any number (in seconds) or null No expiration
session_life How long a user has to return to a started session before expiring.

By default a session starts when the link is clicked. However, if start_session is set to true , then the session will start immediately when the link is generated and returned by the API.
No Any number (in seconds) or null 600 seconds
query This will be appended onto the end of the link URL. For instance if you pass in the string test=abc&test2=xyz it will be appended as: [original_link_url]?test=abc&test2=xyz . No Any string None

 

Response parameters

Field Description Returned
success Whether or not the initiation succeeded. Always
message "Success" or an error message if success returned false . Always
link_request_id The link request ID. On success
link The full link URL. On success

 

Response example

Retrieving Results

You can check the status and retrieve the results of a flow using the /status endpoint.

 

Endpoint

/api/fraud-flows/status/{{api_key}}{{link_request_id}}

 

Request parameters

Field Description Required
api_key The API key associated with the flow you intend to retrieve the status of. This is likely your primary API key. Yes
link_request_id The request ID of the link you intend to retrieve the status of. Yes
link_request_id On success The link request ID.
link On success The full link URL.

 

Response parameters

Field Description Returned
success Whether or not the status request succeeded. Always
message "Success" or an error message if success returned false . Always
workflow The name of the fraud flow. On success
flow_request_id The flow request ID. On success
link_request_id The link request ID. On success
sessions An array of sessions that have been created off of the given link. An empty array is returned if no sessions exist yet. On success
sessions[] -> state

The state of the session.

  • IN_PROGRESS
  • COMPLETED
  • EXPIRED
On success and a session exists.
sessions[] -> results An array of results associated with this session. Each result object is for a specific fraud flow step run in a specific session. On success and a session exists.
sessions[] -> results[] -> request_date The date and time this flow step was run. On success and a session exists and there are associated flow steps.
sessions[] -> results[] -> request_type

The type of flow step associated with this result.

  • CUSTOM_FORM
  • PROXY_VPN
  • PHONE_VALIDATION
  • EMAIL_VALIDATION
  • DEVICE_FINGERPRINT
  • ID_VERIFICATION
On success and a session exists and there are associated flow steps.
sessions[] -> results[] -> request_id The request ID of the result. On success and a session exists and there are associated flow steps.
sessions[] -> results[] -> Additional Fields All other fields are dependent on the flow step associated with this result. For detailed information about each response parameter, see Response Parameters. On success and a session exists and there are associated flow steps.

 

Response parameters - Custom forms

Field Description Returned
success Whether or not this step succeeded. Always
form_data An object of key value pairs for the custom form data. Always

 

For detailed information about response parameters for each flow, see Response Parameters.

 

Response example - In progress

 

Response example - Success

Ready to eliminate fraud?

Start fighting fraud now with 1,000 Free Lookups!

We're happy to answer any questions or concerns.

Chat with our fraud detection experts any day of the week.

Call us at: (800) 713-2618