User risk API

Introduction

Captchas are often disliked due to their inconvenience, but they play a crucial role in distinguishing genuine human users from potentially malicious bots. We rely on captchas to protect our online assets, such as enabling comments, subscriptions, and online orders.

To enhance the user experience, we can skip the captcha test if we determine that the visitor's IP address has a good reputation as a genuine mobile or desktop user.

This is where the User Risk API comes in. It assesses the risk level associated with an IP address and provides a simplified version of the more comprehensive Hazard Report API .

When querying an IP address, the API categorises its risk level as low, moderate, or high.

A low-risk response indicates that the IP address has passed security checks and is relatively safe. If the protected resource is not highly critical and some false positives can be tolerated, we may choose to skip the captcha, resulting in an improved user experience.

A moderate risk classification suggests that the queried IP address may be associated with a hosting environment, VPN, or proxy. These factors introduce a moderate level of risk, implying that the IP address might be used for suspicious activities or anonymisation. In such cases, it is recommended to present a captcha challenge to the user.

A high-risk level indicates a more significant potential threat. This classification can occur for various reasons. The IP address might be blocklisted, indicating it is a known source of malicious activity and should be restricted from accessing specific resources. The API may detect usage of the Tor network, which is commonly associated with anonymous and potentially harmful actions. Alternatively, the IP address might be categorised as "bogon" or unreachable, suggesting a misconfiguration or suspicious activity within its address space. In such instances, it may be advisable to drop the connection and deny access.

In summary, the User Risk API is particularly useful for creating a less intrusive captcha solution, especially when safeguarding non-critical resources. By leveraging the risk level provided by the API, you can implement adaptive security measures that strike a balance between security and user experience. More stringent authentication or verification methods should be employed only for high-risk IP addresses.

Get Started

This API is part of the IP Geolocation API Package and is available in free and paid plans. Please visit the IP Geolocation API Package package page for limits and pricing information.

Endpoints

IPv4 only API Endpoint

Use this endpoint to force API calls routed over the IPv4 network only

GET
https://api.bigdatacloud.net/data/user-risk

Dual-Stack API Endpoint

This endpoint has native IPv6 support and backs the API calls routed over both IPv4 and IPv6 networks

GET
https://api-bdc.net/data/user-risk

Request

Parameter
ip
Type
string
Required
Optional, default value: [Caller's IP]
Description
IPv4 IP address in a string or numeric format or IPv6 IP address in a string format. If omitted, the caller’s IP address is assumed
Parameter
key
Type
string
Required
Yes
Description
Your API key

Responses

200
Success

Sample Query

GET
https://api-bdc.net/data/user-risk?ip=44.200.77.92&key=[YOUR API KEY]

Schema

application/json
riskstring, enum
Possible values: Low, Moderate, High
descriptionstring
Risk description

Sample Response

JSON View
403
Access denied, or your quota limit has exceeded

Sample Response

JSON View
405
The requested IP address is not valid

Sample Response

JSON View
500
An error has occurred and did not complete your request. Please try again

Sample Response

JSON View
Was this page helpful?