Proxy & VPN Detection API Documentation - Getting Started

IPQualityScore's Proxy Detection API allows you to Proactively Prevent Fraud™ via a simple API that provides over 25 data points for risk analysis, geo location, and IP intelligence.

Proxy Detection & Fraud Scoring API Use Cases
  • Low Quality Users - Identify duplicate user accounts, bogus user information, and fake registrations. Automatically prevent low quality users from hurting your ROI.
  • Chargebacks & Payment Fraud - Prevent chargebacks, high risk transactions, and all types of payment fraud.
  • Click Fraud & Invalid Clicks - Solve click fraud quality issues with real-time click filtering and ensure only high quality clicks.
  • IP Reputation - Analyze IP Address reputation to detect proxies, VPNs, and TOR connections and determine the likeliness of fraudulent activity.
  • Account Takeover - Monitor accounts for unusual behavior and session hijacking attempts.
  • Bot Detection - Filter non-human traffic in real-time with IPQS bot detection tools.
  • Geo Filtering - Prevent users from bypassing requirements and conditions for accessing content outside their country of residence.
  • High Risk Behavior - Analyze user behavior against millions of high risk patterns that indicate a user's intent to engage in fraudulent activity.
  • Lead Generation & User Data Verification - Ensure data that you are collecting is valid, accurate, and fresh.

Accuracy & Machine Learning

Your account's multi-tiered machine learning algorithms will continuously learn from your audience to minimize false-positives and provide the greatest accuracy. If you do notice any results which you feel are inaccurate, please forward them to our support team so we can optimize your account's settings. Numerous options and settings are available on a per-account level so IPQS fraud scoring algorithms can be perfectly tailored to your audience.

Note About Front End IP Lookups

Results produced from our front end IP address lookup tool uses the API settings below. To match the front end results, please configure your API request to use these settings. Since these settings score IP address with the lowest possible strictness levels, you may experience better performance with different values for these options.

  • allow_public_access_points=true - Allows corporate and public connections like Institutions, Hotels, Businesses, etc.
  • mobile=true - Forces the IP to be scored as a mobile device. Passing the "user_agent" will automatically detect the device type.
  • fast=true - Speeds up the API response time.
  • strictness=0 - Uses the lowest strictness (0-3) for Fraud Scoring. Increasing this value will expand the tests we perform.
  • lighter_penalties=true - Lowers scoring and proxy detection for mixed quality IP addresses to prevent false-positives.
API Example Look - Lowest Strictness Lookup Settings
This API request will match our front end IP lookup results with the settings above, providing the most suppressed Fraud Scores to avoid false-positives.
Private Key
Please login or create a free account to access your API Key.

NOTE: Do not share this key with anyone. It's like a password and can be used to make queries using our API.

Request URLs

The URLs below can be used to fetch the result using cURL or another utility in most languages. Please see the usage example at the bottom of the page. Simply replace "USER_IP_HERE" with the IP address you wish to analyze.


JSON Example Requests
API Lookup with Strictness Set to 1 and Public Access Points as True
0 or 1 are our recommended levels of strictness for the most accurate results with the least false-positives. Strictness can be a value between 0 and 3.
API Lookup with Strictness Set to 1 & User Agent (Browser) / User Language for Enhanced Fraud Scoring
Including the User Agent and User Language significantly improves our accuracy for Fraud Scoring and identifying risky IP addresses.
API Lookup with Strictness Set to 1 & Custom Tracking Variables of "userID" and "transactionID"
Tracking data can be attached to your API request to associate lookups with a specific user, transaction, etc. Please only use variables set on your Custom Tracking Variables.
API Lookup with Strictness Set to 2 & Fast Mode Set to "true"
This setting is used for time-sensitive lookups that require a faster response time. Accuracy is slightly degraded with the "fast" approach, but not significantly noticeable.

JSON Success Response Example

NOTE: For a description of each field listed above please consult the response documentation below.

XML Success Response Example

NOTE: For a description of each field listed above please consult the response documentation below.

JSON Error Response Examples

Example errors that you may encounter when accessing our API due to an exhausted credit balance or an invalid IP address.

Additional Request Parameters

Custom tracking variables established in your account settings can be passed with each API request. This allows our reporting tools to filter by specific users, products, campaigns, transactions, etc. so that you can easily match up records with your own system to identify fraudulent activity. It is strongly recommended to pass the "user_agent" (browser) and "user_language" to provide the most accurate "fraud_score" results. Our algorithms automatically adjust scoring based on the device type, so if you are unable to pass the user agent, please inform our system of mobile devices by passing "mobile" as true. It is also recommended to set "allow_public_access_points" as true to avoid false-positives with corporate ranges and public hotspots.

Field Description Possible Values
strictness How in depth (strict) do you want this query to be? Higher values take longer to process and may provide a higher false-positive rate. We recommend starting at "0", the lowest strictness setting, and increasing to "1" or "2" depending on your levels of fraud. integer, 0 - 3
user_agent You can optionally provide us with the user agent string (browser). This allows us to run additional checks to see if the user is a bot or running an invalid browser. This allows us to evaluate the risk of the user as judged in the "fraud_score". string
user_language You can optionally provide us with the user's language header. This allows us to evaluate the risk of the user as judged in the "fraud_score". string
fast When this parameter is enabled our API will not perform certain forensic checks that take longer to process. Enabling this feature greatly increases the API speed without much impact on accuracy. This option is intended for services that require decision making in a time sensitive manner and can be used for any strictness level. boolean, string (true or false)
mobile You can optionally specify that this lookup should be treated as a mobile device. Recommended for mobile lookups that do not have a user agent attached to the request. NOTE: This can cause unexpected and abnormal results if the device is not a mobile device. boolean, string (true or false)
allow_public_access_points Bypasses certain checks for IP addresses from education and research institutions, schools, and some corporate connections to better accommodate audiences that frequently use public connections. boolean, string (true or false)
lighter_penalties Is your scoring too strict? Enable this setting to lower detection rates and Fraud Scores for mixed quality IP addresses. If you experience any false-positives with your traffic then enabling this feature will provide better results. boolean, string (true or false)
transaction_strictness Adjusts the weights for penalties applied due to irregularities and fraudulent patterns detected on order and transaction details that can be optionally provided on each API request. This feature is only beneficial if you are passing order and transaction details. A table is available further down the page with supported transaction variables. integer, 0 - 2

Response Field Definitions

We return a large amount of information for each lookup so your development team can access a wealth of data when incorporating each API request into your business logic. Analyzing the overall Fraud Score is usually the best way to determine the overall risk of the user. Fraud Scores >= 75 are suspicious and likely to be a proxy, VPN, or TOR connection, but not necessarily a fraudulent user. This could indicate a user protecting their privacy online by browsing anonymously with a proxy connection. Fraud Scores >=85 are high risk users that are likely to engage in malicious behavior. Scores in this threshold indicate recent or excessive abuse and fit the profile of a typical risky user.

We recommend blocking or flagging a user, transaction, or click/IP address as high risk using a combination of the "fraud_score", "proxy", "vpn", "tor", and "recent_abuse" variables. As every user has their own unique audience, you may find better results only blocking VPNs & Tor connections and Fraud Scores that are greater than 70-90+. Please note that due to mobile IP addresses being frequently abused and recycled by mobile carriers, we recommend weighing the "fraud_score", "vpn", & "tor" results more significantly than the "proxy" status for all lookups with a "mobile" result equal to true.

Field Description Possible Values
proxy Is this IP address suspected to be a proxy? (SOCKS, Elite, Anonymous, VPN, Tor, etc.) boolean
host Hostname of the IP address if one is available. string
ISP ISP if one is known. Otherwise "N/A". string
Organization Organization if one is known. Can be parent company or sub company of the listed ISP. Otherwise "N/A". string
ASN Autonomous System Number if one is known. Otherwise "N/A". string
country_code Two character country code of IP address or "N/A" if unknown. string
city City of IP address if available or "N/A" if unknown. string
region Region (state) of IP address if available or "N/A" if unknown. string
timezone Timezone of IP address if available or "N/A" if unknown. string
latitude Latitude of IP address if available or "N/A" if unknown. string
longitude Longitude of IP address if available or "N/A" if unknown. string
is_crawler Is this IP associated with being a confirmed crawler from a mainstream search engine such as Googlebot, Bingbot, Yandex, etc. based on hostname or IP address verification. boolean
connection_type Classification of the IP address connection type as "Residential", "Corporate", "Education", "Mobile", or "Data Center". string
recent_abuse This value will indicate if there has been any recently verified abuse across our network for this IP address. Abuse could be a confirmed chargeback, compromised device, fake app install, or similar malicious behavior within the past few days. boolean
bot_status Premium Account Feature - Indicates if bots or non-human traffic has recently used this IP address to engage in automated fraudulent behavior. Provides stronger confidence that the IP address is suspicious. boolean
vpn Is this IP suspected of being a VPN connection? (proxy will always be true if this is true) boolean
tor Is this IP suspected of being a Tor connection? (proxy will always be true if this is true) boolean
mobile Is this user agent a mobile browser? (will always be false if the user agent is not passed in the API request) boolean
fraud_score The overall fraud score of the user based on the IP, user agent, language, and any other optionally passed variables. Fraud Scores >= 75 are suspicious, but not necessarily fraudulent. We recommend flagging or blocking traffic with Fraud Scores >= 85, but you may find it beneficial to use a higher or lower threshold. float
request_id A unique identifier for this request that can be used to lookup the request details or send a postback conversion notice. string
operating_system Operating system name and version or "N/A" if unknown. Requires the "user_agent" variable in the API Request. string
browser Browser name and version or "N/A" if unknown. Requires the "user_agent" variable in the API Request. string
device_brand Brand name of the device or "N/A" if unknown. Requires the "user_agent" variable in the API Request. string
device_model Model name of the device or "N/A" if unknown. Requires the "user_agent" variable in the API Request. string
transaction_details Additional scoring variables for risk analysis are available when transaction scoring data is passed through the API request. These variables are also useful for scoring user data such as physical addresses, phone numbers, usernames, and transaction details. The data points below are populated when at least 1 transaction data parameter is present in the initial API request. The following transaction variables are "null" when the necessary transaction parameters are not passed with the initial API request. For instance, not passing the "billing_email" will return "valid_billing_email" as null.
Key Expected Values Description
valid_billing_address Boolean Physical address validation and reputation analysis.
valid_shipping_address Boolean Same as above.
valid_billing_email Boolean Light abusive check and reputation analysis for the email address. It is recommended to use our dedicated Email Validation API for deeper analysis.
valid_shipping_email Boolean Same as above.
leaked_billing_email Boolean Indicates if the email address has recently been exposed or compromised in a database breach.
leaked_shipping_email Boolean Same as above.
leaked_user_data Boolean Indicates if the user's data (including phone & address) have recently been exposed or compromised in a database breach.
risky_billing_phone Boolean Reputation analysis for abusive activity associated with the phone number.
risky_shipping_phone Boolean Same as above.
valid_billing_phone Boolean Valid & active phone number with the phone carrier (not disconnected).
valid_shipping_phone Boolean Same as above.
billing_phone_carrier String Phone number provider company such as "AT&T" or "Bell Canada".
shipping_phone_carrier String Same as above.
billing_phone_line_type String Phone number line type such as "Landline", "Wireless", "Toll Free", or "VOIP".
shipping_phone_line_type String Same as above.
billing_phone_country_code Integer Country dial code associated with the phone number.
shipping_phone_country_code Integer Same as above.
bin_country String Country associated with the credit card BIN.
risky_username Boolean Username frequently associated with fraudulent behavior.
is_prepaid_card Boolean Status of the credit card as prepaid.
fraudulent_behavior Boolean Indicates high risk behavior patterns and a high chance of fraud.
message A generic status message, either success or some form of an error notice. string
success Was the request successful? boolean
errors Array of errors which occurred while attempting to process this request. array of strings
Example Code