Protect your applications with a layered defence strategy. The Security category provides five independent APIs that cover the most common attack surfaces: fraudulent sign-ups via disposable email addresses, fake phone numbers, malicious IP addresses, bot traffic, and credential stuffing.
Every endpoint returns an actionable risk score so you can make real-time trust decisions at registration, login, or checkout. Combine multiple services for a comprehensive fraud prevention pipeline — all behind a single API key with consistent response envelopes.
Detect throwaway and temporary email providers before they pollute your user base. The multi-layer pipeline checks against curated blocklists, analyzes MX records for ephemeral patterns, and returns a confidence score from 0 to 100.
Supports batch checking for bulk imports and provides detailed reasons for each classification, making it easy to tune your acceptance thresholds.
Validate, normalize, and classify phone numbers using Google's libphonenumber library. Determines whether a number is mobile, landline, VoIP, or toll-free and outputs it in E.164, international, national, and RFC 3966 formats.
Includes phone masking for safe display in UIs and batch support for validating address books or CRM imports in a single request.
Score any IPv4 or IPv6 address for abuse risk by aggregating intelligence from multiple threat feeds including AbuseIPDB and blocklist.de. Identifies Tor exit nodes, open proxies, VPN endpoints, and addresses tied to known attack campaigns.
Results are cached for fast repeat lookups. Use scores to gate access, trigger MFA, or enrich your SIEM events with threat context.
The Human Verification System provides bot protection with an invisible-first approach. Challenges are presented only when behavioural signals indicate automation, keeping friction low for legitimate users while blocking scrapers and credential stuffers.
Includes a drop-in Angular widget, fraud scoring that integrates with IP geolocation, and a server-side verification endpoint for validating tokens.
Check whether a password has appeared in known data breaches using the Have I Been Pwned k-anonymity protocol. Only a SHA-1 prefix is sent over the wire, so the full password is never transmitted or stored — true zero-knowledge verification.
Returns the number of times the password has been seen in breach datasets, letting you enforce credential policies at registration or password-change time.