Public API FraudHunt

FraudHunt Public API is used to receive information about your users in real time. Using an API allows you to choose an appropriate line of action for each and every user of your system as they enter your website. All you need to do is set up your server or a web page to call the API and get the response.

Public API Flow

To enable access to our Public API send an email to info@fraudhunt.net from your registered email address.

Script integration

The script is to be integrated into the head tag of your page. 
<script async 
src="https://dlqe6njq49pwj.cloudfront.net/fp/Scripts/ffp-aws.js" data-cid="yourcid">
</script>
The moment a user gets to a web page with our JavaScript it gathers all information about the device and generates a unique fingerprint key (FPkey) which is then sent to FraudHunt server, along with all information about the user, at the same time you can instruct your website to send the key to your server. To process the key the “Global Callback” and “FPkey handle” functions have to be initiated.

Global callback integration

The callback function fpiCb: grabs the key once it is generated by the script. The function is activated the moment a key appears in the script. 
< script>
var fhcnt = 0;

  function send() {
    fhcnt++;
    var fpk = window.fppixel && fppixel.fpk;
    if (fpk) {
      handleFpKey(fpk);
    } else {
      __fpiGlobalVariables = {
        __fpiCb: handleFpKey
      }
      if (fhcnt <= 20) {
        setTimeout(send, 700);
      }
    }
    return fpk;
  }

  send();
</script>

FPkey handle function

The handle function writes the FPkey in upper case and creates the API call. It can also be used to save the key on your server, etc. 
< script>
function handleFpKey(fpKey) {
    urlArgs = '?fpkey=' + fpKey;
    var xhr = new XMLHttpRequest();
    xhr.open("GET", apiHost + 'GET/' + fpKey.toUpperCase() + '?type=json&token=yourcid', true);
    xhr.onreadystatechange = function () {
        if (xhr.readyState == 4 && xhr.status < 400 && xhr.responseText) {
            var actual_JSON = JSON.parse(xhr.responseText);
            var score = actual_JSON ? actual_JSON.fraudScore : 0;
            // Insert your code here (Once the API response is received you have to specify how to process it further)
        }
    };
    xhr.send();
}

</script>

API call and response

The completed API call has the following format: http://api.fraudhunt.net/GET/BBBW507B2B6F83A88E5EC4BD0B9F37F7?type=json&token=yourcid The API returns data in the json format: 

{
  "fingerprintKey": "BBBW507B2B6F83A88E5EC4BD0B9F37F7",
  "httpInfo": {
    "refererUrl": "http:\/\/clientdemo.fraudhunt.net\/ok.html",
    "originUrl": "http:\/\/clientdemo.fraudhunt.net",
    "publicIp": " 88.190.229.170"
  },
  "location": {
    "city": "Paris",
    "country": "France",
    "region": "Ile-de-France'"
  },
  "fraudScore": 7
}
Upon the receipt of the API response, you can set up a number of possible scenarios like block or redirect users with a certain score, etc. You can find an example of the Public API query with an API response demonstration on the page here.

API response options

Depending on your exact case you may wish to receive specific API responses, at the moment we offer 4 types of API responses in addition to our standard one.

Standard API response


{
  	
"fingerprintKey": "BCCWNED2A557D2B157261D5867752B13"
"userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36"
"language":	"en-US"
"doNotTrack": false
"cookies": true
"timeZone": 2
"ipList":	
0: "192.168.109.110"
"plugins":	
0: "Chrome PDF Plugin"
1: "Chrome PDF Viewer"
2: "Native Client"
3: "Widevine Content Decryption Module"
"deviceInfo":	
"browser": "Chrome"
"browserVersion": "63.0.3239.132"
"OS": "Windows 10"
"deviceModel": ""
"screenInfo":	
"screen": "1920x1080"
"client": "1097x557"
"customerInfo": {}
"httpInfo":	
"refererUrl": "http://clientdemo.fraudhunt.net/demo.html?clickid=5"
"originUrl": "http://clientdemo.fraudhunt.net"
"publicIp":	"207.244.77.175"
"location":	
city: "Manassas"
country: "United States"
region: "Virginia"
"fraudScore": 72
}

Type One - Score Only


{
  "fingerprintKey": "BBBW507B2B6F83A88E5EC4BD0B9F37F7",
  "fraudScore": 7
}

Type Two - Fake User Agent


{
  "fingerprintKey": "BBBW507B2B6F83A88E5EC4BD0B9F37F7",
  "BadUA": true
  "fraudScore": 72
}

Type Three - All fields

Type 3 provides a list of all fields in our database, including true or false on all triggers (the same system full Custom API uses) 

{
"fingerprintKey": "BBBW507B2B6F83A88E5EC4BD0B9F37F7"
"httpInfo":
"refererUrl": 
"originUrl": 
"publicIp": 
"location": 
"user Agent":
"language":
"timezone":
"cookies":
"plugins":
"browser":
"broswerVersion":
"OS":
"deviceModel":
"screenInfo":
"triggers": true or false on chosen triggers
"fraudScore": 30
}

Type Four - Chosen triggers

Type four API returns true or false on chosen triggers only 

{
"fingerprintKey": "BBBW507B2B6F83A88E5EC4BD0B9F37F7"
"AdBlock": false
"Anonymous": false
"Do not track": false
"Emulation": true
"Bad user agent": true
"Different language": false
"Old browser": true
"Proxy": false
"Different timezone": false
"Bot": true
"fraudScore": 100
}

Type Five - Networks format

Type Five format is best suited for Ad networks and other companies that require split second decisions as well as additional reporting features on each individual visit 

{	
"fingerprintKey": "C7TA2AD85A3EGGEE8924549A3C38A80B6"
"httpInfo":	
"refererUrl":
"originUrl":
"publicIp":
"location":	
"city":
"country":
"region":
"userAgent":
"Timestamp":
"Triggers":	
"AdBlock": false
"Anonymous": false
"DoNotTrack": false
"Emulation": true
"BadUA": false
"DifferentLanguage": false
"OldBrowser": true
"Proxy": false
"Tor":	false
"DiffTimezone": false
"Bot": false
"fraudScore": 95
}
Using it you can block on either Score or any given triggers, plus, you are able to store all data on your visits in a comfortable and easy to use format.

URL Parameters

You have two options when dealing with your visitor URL parameters, you can either parse them on the page with the initial tracking script and save them together with the FPkey or you can simply add them to the API response. Every API type described above can include up to 5 URL parameters. To add them to the API you need to contact us and state what parameters to pass (utms, click id's or any other specific parameter) 

{
"URLparameters":
"utm_source": 2462346
"publisherID": id4254626
"myUniqueParameter": 245234
}

API Maintenance and Specifications

FraudHunt Public API undergoes maintenance once every 4-5 days, all records get deleted during the maintenance. The maximum request volume equals 50 requests per second. If you plan to use bigger traffic volumes, or are looking to permanently save information about your users, you will have to use FraudHunt Custom API.

Not sure what API type to choose?

Just get in touch and we’ll be glad to discuss it with you

    DocumentationIntegrations