User risk API

Captchas are a blunt instrument. They protect against bots, but they also slow down legitimate users — and the frustration is real. One way to reduce that friction is to skip the captcha for visitors whose IP address shows a strong signal of genuine human traffic.

The User Risk API makes that call simple. It returns a risk level — low, moderate, or high — based on the characteristics of the IP address.

A low-risk result means the IP looks like typical residential or mobile traffic with no flags against it. If your resource isn't highly sensitive, this is a reasonable signal to skip the captcha entirely.

A moderate-risk result suggests the IP is associated with a hosting environment, VPN, or proxy — not necessarily malicious, but worth a challenge.

A high-risk result means the IP is blocklisted, associated with Tor, or classified as a bogon address. In most cases you'd want to deny access or require strong verification.

This API is a simplified version of the Hazard Report API, which provides the full set of underlying signals if you need more granular control over your risk logic.

GEThttps://api-bdc.net/data/user-risk

Parameters

ParameterTypeRequiredDescription
ipstringOptionalIPv4 IP address in a string or numeric format or IPv6 IP address in a string format. If omitted, the caller’s IP address is assumed
keystringOptionalYour API key

Responses

200OK

Sample Request

https://api-bdc.net/data/user-risk?ip=44.204.148.123&key=[YOUR API KEY]

Sample Response

JSON View

Response Schema

riskstring, enumPossible values: Low, Moderate, High
descriptionstringA human-readable description of the risk assessment and recommended action (e.g. "low risk", "moderate risk - challenge", "high risk - drop").
403Access denied, or your quota limit has exceeded

Sample Response

JSON View
405The requested IP address is not valid

Sample Response

JSON View
500An error has occurred and did not complete your request. Please try again

Sample Response

JSON View