Proxy Detection API Docs | VPN Detection API

Leading IP Intelligence API, Best Detection Rates

IPQualityScore's Proxy Detection API allows you to Proactively Prevent Fraud™ via a simple API that provides over 25 data points for risk analysis, geo location, and IP intelligence. This endpoint allows on-demand lookups using our IP reputation API to accurately identify threats, bots, and compromised connections including VPN detection.

Accurate Proxy Detection

IPQualityScore's proxy detection technology features the most robust accuracy rates for identifying sophisticated abuse, such as residential proxies, private VPN networks, tor nodes, anonymous proxies, botnets, and similar malicious IP addresses or risky IP ranges abused by bots. The Proxy Detection API can prevent advanced fraudsters such as chargebacks, fake account registrations, account takeover (ATO), and similar abuse.

Proxy Detection API & Fraud Prevention Use Cases

Low Quality Users — Identify duplicate user accounts, bogus user information, and fake registrations. Automatically prevent low quality users from hurting your ROI.
Chargebacks & Payment Fraud — Prevent chargebacks, high risk transactions, and all types of ecommerce fraud.
Click Fraud & Invalid Clicks — Solve click fraud quality issues with real-time click filtering and ensure only high quality clicks. Stop all forms of invalid traffic.
IP Reputation — Analyze IP Address reputation to detect proxies, VPNs, and TOR connections and determine the likeliness of fraudulent activity.
Account Takeover — Monitor accounts for unusual behavior and session hijacking attempts.
Bot Detection — Filter non-human traffic in real-time with IPQS bot detection tools.
Geo Filtering — Prevent users from bypassing requirements and conditions for accessing content outside their country of residence.
High Risk Behavior — Analyze user behavior against millions of high risk patterns that indicate a user's intent to engage in fraudulent activity.
Lead Generation & User Data Verification — Ensure data that you are collecting is valid, accurate, and fresh.

Proxy Detection API Accuracy & Machine Learning

Your account's multi-tiered machine learning algorithms will continuously learn from your audience to minimize false-positives and provide the greatest accuracy for Proxy Detection API lookups. If you do notice any results which you feel are inaccurate, please forward them to our support team so we can optimize your account's settings for the IP fraud risk API. Numerous options are available on a per-account level so IPQS fraud scoring algorithms can be perfectly tailored to your audience.

Proxy Detection API Coverage

Our proxy detection algorithms allow your website or app to perform on-demand IP address lookups that identify malicious traffic and detect anonymous proxies, residential proxies, tor exit nodes, data centers, hosting providers, virtual private networks, and other types of fraudulent IPs. Detect proxies and industry leading IP reputation. This application programming interface (API) also provides full support as a VPN Detection API to identify VPN providers for any IP address.

Note About Front End IP Lookups

Results produced from our front end IP address lookup tool uses the Proxy Detection API settings below. To match the front end proxy detection results, please configure your API request to use these settings. Since these settings score IP address with the lowest possible strictness levels, you may experience better performance with different values for these options.

allow_public_access_points=true — Allows corporate and public connections like Institutions, Hotels, Businesses, Universities, etc.
mobile=true — Forces the IP to be scored as a mobile device. Passing the "user_agent" will automatically detect the device type.
fast=true — Speeds up the API response time. Not recommended.
strictness=0 — Uses the lowest strictness (0-3) for Fraud Scoring. Increasing this value will expand the tests we perform. Levels 2+ have a higher risk of false-positives. We recommend using level 0 or 1 for the best results.
lighter_penalties=true — Lowers scoring and proxy detection for mixed quality IP addresses to prevent false-positives.

Proxy Detection API Example Look — Lowest Strictness Lookup Settings
This API request will match our front end IP lookup results with the settings above, providing the most suppressed Fraud Scores to avoid false-positives.

Private Key

Please login or create a free account to access your API Key.

NOTE: Do not share this key with anyone. It's like a password and can be used to make queries using our API.

Request URLs

The URLs below can be used to fetch the result using cURL or another utility in most languages. Please see the usage example at the bottom of the page. Simply replace "USER_IP_HERE" with the IP address you wish to analyze.

JSON:

XML:

JSON Example Requests

API Lookup with Strictness Set to 1 and Public Access Points as True
0 or 1 are our recommended levels of strictness for the most accurate results with the least false-positives. Strictness can be a value between 0 and 3.

API Lookup with Strictness Set to 1 & User Agent (Browser) / User Language for Enhanced Fraud Scoring
Including the User Agent and User Language significantly improves our accuracy for Fraud Scoring and identifying risky IP addresses.

API Lookup with Strictness Set to 1 & Custom Tracking Variables of "userID" and "transactionID"
Tracking data can be attached to your API request to associate lookups with a specific user, transaction, etc. Please only use variables set on your Custom Tracking Variables.

API Lookup with Strictness Set to 2 & Fast Mode Set to "true"
This setting is used for time-sensitive lookups that require a faster response time. Accuracy is slightly degraded with the "fast" approach, but not significantly noticeable.

Proxy Detection API JSON Success Response Example

{
	"message":"Success.",
	"success":true,
	"proxy":false,
	"ISP":"Mediacom Cable",
	"organization":"Mediacom Cable",
	"ASN":30036,
	"host":"171-33-111-143.client.mchsi.com",
	"country_code":"US",
	"city":"Houston",
	"region":"Texas",
	"is_crawler":false,
	"connection_type":"Residential",
	"latitude":29.7079,
	"longitude":-95.401,
	"zip_code":"77001",
	"timezone":"America Matamoros",
	"vpn":false,
	"tor":false,
	"active_vpn":false,
	"active_tor":false,
	"recent_abuse":true,
	"frequent_abuser":false,
	"high_risk_attacks":false,
	"abuse_velocity":"medium",
	"bot_status":false,
	"shared_connection":true,
	"dynamic_connection":false,
	"security_scanner":false,
	"trusted_network":false,
	"mobile":false,
	"fraud_score":25,
	"operating_system": "Mac 10.6",
	"browser": "Chrome 122.0",
	"device_model": "iPad",
	"device_brand": "Apple",
	"transaction_details":{
		"valid_billing_address":false,
		"valid_shipping_address":false,
		"valid_billing_email":false,
		"valid_shipping_email":false,
		"risky_billing_phone":false,
		"risky_shipping_phone":false,
		"billing_phone_carrier":"AT&T",
		"shipping_phone_carrier	":"Rogers Canada",
		"billing_phone_line_type":"Wireless",
		"shipping_phone_line_type":"Landline",
		"billing_phone_country":"US",
		"billing_phone_country_code":"1",
		"shipping_phone_country":"US",
		"shipping_phone_country_code":"1",
		"fraudulent_behavior":false,
		"bin_country":"US",
		"bin_type":"Credit",
		"bin_bank_name":"CITIBANK N.A.",
		"risk_score":17,
		"risk_factors":["Billing phone number is inactive.", "Billing email is associated with recent chargebacks."],
		"is_prepaid_card":false,
		"risky_username":false,
		"valid_billing_phone":true,
		"valid_shipping_phone":false,
		"leaked_billing_email":true,
		"leaked_shipping_email":false,
		"leaked_user_data":true,
		"user_activity":"high",
		"phone_name_identity_match":"Match",
		"phone_email_identity_match":"Mismatch",
		"phone_address_identity_match":"No Match",
		"email_name_identity_match":"Unknown",
		"name_address_identity_match":"Match",
		"address_email_identity_match":"Match"
	},
	"request_id":"0w8WYS"
}

NOTE: For a description of each field listed above please consult the response documentation below.

Proxy Detection API XML Success Response Example

<?xml version="1.0" encoding="UTF-8"?>
<result>
	 <proxy>false</proxy>
	 <ISP>Mediacom Cable</ISP>
	 <organization>Mediacom Cable</organization>
	 <ASN>30036</ASN>
	 <host>171-33-111-143.client.mchsi.com</host>
	 <country_code>US</country_code>
	 <city>Houston</city>
	 <region>Texas</region>
	 <is_crawler>false</is_crawler>
	 <connection_type>residential</connection_type>
	 <latitude>29.7079</latitude>
	 <longitude>-95.401</longitude>
	 <zip_code>77001</zip_code>
	 <timezone>America Matamoros</timezone>               
	 <vpn>false</vpn>
	 <tor>false</tor>
	 <active_vpn>false</active_vpn>
	 <active_tor>false</active_tor>
	 <recent_abuse>false</recent_abuse>
	 <abuse_velocity>medium</abuse_velocity>
	 <bot_status>false</bot_status>
	 <mobile>false</mobile>
	 <fraud_score>25</fraud_score>
	 <frequent_abuser>false</frequent_abuser>
	 <high_risk_attacks>false</high_risk_attacks>
	 <shared_connection>true</shared_connection>
	 <dynamic_connection>false</dynamic_connection>
	 <security_scanner>false</security_scanner>
	 <trusted_network>false</trusted_network>
	 <operating_system>Mac 10.6</operating_system>
	 <browser>Chrome 122.0</browser>
	 <request_id>0w8WYS</request_id>
	 <device_model>iPad</device_model>
	 <device_brand>Apple</device_brand>          
	 <message>Success</message>
	 <success>true</success>
</result>

NOTE: For a description of each field listed above please consult the response documentation below.

JSON Error Response Examples

Example errors that you may encounter when accessing our API due to an exhausted credit balance or an invalid IP address.

{
	"success":false,
	"message":"You have insufficient credits to make this query. Please contact IPQualityScore support if this error persists.",
	"request_id":"4OTORR352FU0p"
}

{
	"success":false,
	"message":"Invalid IPv4 address, IPv6 address or hostname. Please check the IP\/Hostname and try again.",
	"request_id":"4OTORR4EWpl0m"
}

Additional Request Options

Due to the nature of platform requirements or frameworks it may be necessary to request IPQS API endpoints without passing the API key in the URL. As an alternative, IPQS allows the API key to be passed via GET, POST, or Headers. These requests use the following endpoints:

JSON:

XML:

Method	Value	Example
GET	key	?key=YOUR_API_KEY_HERE&ip=35.215.153.139&strictness=2&fast=1
POST	key	key=YOUR_API_KEY_HERE&ip=35.215.153.139&strictness=2&fast=1
Header	IPQS-KEY (Additional parameters passed as either GET or POST)	IPQS-KEY: YOUR_API_KEY_HERE

Additional Request Parameters

Custom tracking variables (such as "userID", "transactionID") established in your account settings can be passed with each API request. This allows our reporting tools to filter by specific users, products, campaigns, transactions, etc. so that you can easily match up records with your own system to identify fraudulent activity. It is strongly recommended to pass the "user_agent" (browser) and "user_language" to provide the most accurate "fraud_score" results. Our algorithms automatically adjust scoring based on the device type, so if you are unable to pass the user agent, please inform our system of mobile devices by passing "mobile" as true. It is also recommended to set "allow_public_access_points" as true to avoid false-positives with corporate ranges and public hotspots.

Field	Description	Possible Values
strictness	How in depth (strict) do you want this query to be? Higher values take longer to process and may provide a higher false-positive rate. We recommend starting at "0", the lowest strictness setting, and increasing to "1" depending on your levels of fraud. Levels 2+ are VERY strict and will produce false-positives.	integer, 0 - 3
user_agent	You can optionally provide us with the user agent string (browser). This allows us to run additional checks to see if the user is a bot or running an invalid browser. This allows us to evaluate the risk of the user as judged in the "fraud_score".	string
user_language	You can optionally provide us with the user's language header. This allows us to evaluate the risk of the user as judged in the "fraud_score".	string
fast	When this parameter is enabled our API will not perform certain forensic checks that take longer to process. Enabling this feature greatly increases the API speed without much impact on accuracy. This option is intended for services that require decision making in a time sensitive manner and can be used for any strictness level.	boolean, string (true or false)
mobile	You can optionally specify that this lookup should be treated as a mobile device. Recommended for mobile lookups that do not have a user agent attached to the request. NOTE: This can cause unexpected and abnormal results if the device is not a mobile device.	boolean, string (true or false)
allow_public_access_points	Bypasses certain checks for IP addresses from education and research institutions, schools, and some corporate connections to better accommodate audiences that frequently use public connections.	boolean, string (true or false)
lighter_penalties	Is your scoring too strict? Enable this setting to lower detection rates and Fraud Scores for mixed quality IP addresses. If you experience any false-positives with your traffic then enabling this feature will provide better results.	boolean, string (true or false)
transaction_strictness	Adjusts the weights for penalties applied due to irregularities and fraudulent patterns detected on order and transaction details that can be optionally provided on each API request. This feature is only beneficial if you are passing order and transaction details. A table is available further down the page with supported transaction variables.	integer, 0 - 2

Reporting Back Fraud & Improving Machine Learning

Train your account's machine learning algorithms to better identify fraud for your audience. This data will improve future scoring of IP address reputation through the Proxy Detection API. The following endpoint can be used to report IP addresses as fraudulent. Please only report data that has a high confidence of being abusive.

The URL below is an example of how to report an IP address.

Proxy Detection API Response Field Definitions

Quick Notes

Fraud Scores >= 75 — suspicious — previous reputation issues or low risk proxy/VPN.
Fraud Scores >= 88 or 90 — high risk — recent abusive behavior over the past 24-48 hours.
"Abuse Velocity" = "high" — indicates frequent abusive behavior over the past 24-48 hours.
"Frequent Abuser" = "true" — confirms a history of abusive behavior over the past 6 months or more.
"High Risk Attacks" = "true" — identifies open proxies and anonymous IPs engaged in online attacks like scraping, ATO, brute forcing, bot submissions.

Transaction Scoring — When transaction data is passed with the API request for payments or users, the "Risk Score" will be populated. Risk Scores >= 75 — suspicious — unusual behavior or dubious user data.
Fraud Scores >= 90 — high risk — recent reputation issues like abuse associated with a name, email, phone number, payment method, etc.

Further Details on Response Results

Analyzing the overall Fraud Score is usually the best way to determine the overall risk of the user. Fraud Scores >= 75 are suspicious and likely to be a proxy, VPN, or TOR connection, but not necessarily a fraudulent user. This could indicate a user protecting their privacy online by browsing anonymously with a proxy connection or VPN service. Fraud Scores >=88 or 90 are high risk users that are likely to engage in malicious behavior. Scores in this threshold indicate recent or excessive abuse and fit the profile of a typical risky user.

We recommend also using additional risk data points such as "bot_status", "frequent_abuser", "high_risk_attacks", "recent_abuse", and "abuse_velocity" in your decision making for further granularity. The "connection_type", "shared_connection", and "dynamic_connection" also play an important role in determining the best business logic for your audience.

Field

Description

Possible Values

proxy

Is this IP address suspected to be a proxy? (SOCKS, Elite, Anonymous, VPN, Tor, etc.)

boolean

host

Hostname of the IP address if one is available.

string

ISP

ISP if one is known. Otherwise "N/A".

string

Organization

Organization if one is known. Can be parent company or sub company of the listed ISP. Otherwise "N/A".

string

ASN

Autonomous System Number if one is known. Null if nonexistent.

integer

country_code

Two character country code of IP address or "N/A" if unknown.

string

city

City of IP address if available or "N/A" if unknown.

string

region

Region (state) of IP address if available or "N/A" if unknown.

string

timezone

Timezone of IP address if available or "N/A" if unknown.

string

latitude

Latitude of IP address if available or null if unknown.

float

longitude

Longitude of IP address if available or null if unknown.

float

zip_code

Postal code of IP address if available or "N/A" if unknown. IP addresses can relate to multiple postal codes in a city, so we recommend performing analysis of similar postal codes nearby.

string

is_crawler

Is this IP associated with being a confirmed crawler from a mainstream search engine such as Googlebot, Bingbot, Yandex, etc. based on hostname or IP address verification.

boolean

connection_type

Classification of the IP address connection type as "Residential", "Corporate", "Education", "Mobile", or "Data Center".

string

recent_abuse

This value will indicate if there has been any recently verified abuse across our network for this IP address. Abuse could be a confirmed chargeback, account takeover attack, compromised device, fake application or registration, digital impersonation (stolen user data), bot attack, or similar malicious behavior within the past few days.

boolean

abuse_velocity

How frequently the IP address is engaging in abuse across the IPQS threat network. Values can be "high", "medium", "low", or "none". Can be used in combination with the Fraud Score to identify bad behavior.

string

bot_status

Indicates if bots or non-human traffic has recently used this IP address to engage in automated fraudulent behavior. Provides stronger confidence that the IP address is suspicious.

boolean

vpn

Is this IP suspected of being a VPN connection? This can include data center ranges which can become active VPNs at any time. The "proxy" status will always be true when this value is true.

boolean

tor

Is this IP suspected of being a TOR connection? This can include previously active TOR nodes and exits which can become active TOR exits at any time. The "proxy" status will always be true when this value is true.

boolean

active_vpn

Identifies active VPN connections used by popular VPN services and private VPN servers.

boolean

active_tor

Identifies active TOR exits on the TOR network.

boolean

mobile

Is this user agent a mobile browser? (will always be false if the user agent is not passed in the API request)

boolean

fraud_score

The overall fraud score of the user based on the IP, user agent, language, and any other optionally passed variables. Fraud Scores >= 75 are suspicious, but not necessarily fraudulent. We recommend flagging or blocking traffic with Fraud Scores >= 90, but you may find it beneficial to use a higher or lower threshold.

float

frequent_abuser

Enterprise Data Point — Identifies IP addresses with a consistent history of abusive behavior across 6 months or more. This data point can be helpful in identifying anonymous IP addresses which are frequently used for malicious behavior, compared to an IP address that may be briefly compromised by malware and only temporarily active in a botnet or residential proxy network.

boolean

high_risk_attacks

Enterprise Data Point — Confirms if this IP address has engaged in malicious abuse such as phishing, brute forcing, DDoS, credential stuffing & account takeover, scraping, form submission spam, and similar attacks. This data point has a high correlation with anonymous proxies, open proxies, public VPNs, and easily accessible anonymizers.

boolean

shared_connection

Enterprise Data Point — Designates IP addresses which are likely to have more than a few users active on the IP address at the same time, such as mobile networks, corporate exit points, and similar connections. This can also include libraries, coffee shops, hotel lobbies, dormitories, hospitals and medical centers, company VPNs, etc.

boolean

dynamic_connection

Enterprise Data Point — Indicates IP addresses with dynamic assignment protocols, which means that a user on this IP address will likely be assigned a different IP address by this provider in the near future.

boolean

security_scanner

Enterprise Data Point — Indicates a verified online security scanner or endpoint by a trusted security vendor such as Tenable, Qualys, and similar providers.

boolean

trusted_network

Enterprise Data Point — Identifies company networks and corporate access points which have low abuse rates and high security protocols. IP addresses on these networks may still be compromised by malware, however the network overall will be considered trusted if this value is true.

boolean

request_id

A unique identifier for this request that can be used to lookup the request details or send a postback conversion notice.

string

operating_system

Operating system name and version or "N/A" if unknown. Requires the "user_agent" variable in the API Request.

string

browser

Browser name and version or "N/A" if unknown. Requires the "user_agent" variable in the API Request.

string

device_brand

Brand name of the device or "N/A" if unknown. Requires the "user_agent" variable in the API Request.

string

device_model

Model name of the device or "N/A" if unknown. Requires the "user_agent" variable in the API Request.

string

transaction_details (object)

Additional scoring variables for risk analysis are available when transaction scoring data is passed through the API request. These variables are also useful for scoring user data such as physical addresses, phone numbers, usernames, and transaction details. The data points below are populated when at least 1 transaction data parameter is present in the initial API request. The following transaction variables are "null" when the necessary transaction parameters are not passed with the initial API request. For instance, not passing the "billing_email" will return "valid_billing_email" as null.

Key	Expected Values	Description
risk_score	Float	Confidence that this user or transaction is exhibiting malicious behavior. Scores are 0 - 100, with 75+ as suspicious and 90+ as high risk. This value uses different calculations with less weight on the IP reputation compared to the overall "Fraud Score".
risk_factors	String	Explanation for elevated Risk Scores to better understand why the payment or user was associated with fraudulent behavior and considered a high risk.
valid_billing_address	Boolean	Physical address validation and reputation analysis.
valid_shipping_address	Boolean	Same as above.
valid_billing_email	Boolean	Light abusive check and reputation analysis for the email address. It is recommended to use our dedicated Email Validation API for deeper analysis.
valid_shipping_email	Boolean	Same as above.
leaked_billing_email	Boolean	Indicates if the email address has recently been exposed or compromised in a database breach.
leaked_shipping_email	Boolean	Same as above.
leaked_user_data	Boolean	Indicates if the user's data (including phone & address) have recently been exposed or compromised in a database breach.
user_activity	String	Frequency at which this user makes legitimate purchases, account registrations, and engages in legitimate customer behavior online. Values can be "high", "medium", "low", or "none". Values of "high" or "medium" are strong signals of healthy usage. New user data without a history of legitimate behavior will have a value as "none". This field is restricted to higher plan tiers.
risky_billing_phone	Boolean	Reputation analysis for abusive activity associated with the phone number.
risky_shipping_phone	Boolean	Same as above.
valid_billing_phone	Boolean	Valid & active phone number with the phone carrier (not disconnected).
valid_shipping_phone	Boolean	Same as above.
billing_phone_carrier	String	Phone number provider company such as "AT&T" or "Bell Canada".
shipping_phone_carrier	String	Same as above.
billing_phone_line_type	String	Landline, Wireless, Toll Free, VOIP, Satellite, Premium Rate, Pager, Internet Service Provider or Unknown.
shipping_phone_line_type	String	Same as above.
billing_phone_country	String	2-letter country code associated with the phone number.
shipping_phone_country	String	Same as above.
billing_phone_country_code	Integer	Country dialing code associated with the phone number.
shipping_phone_country_code	Integer	Same as above.
bin_country	String	Country associated with the credit card BIN.
bin_bank_name	String	The bank or processor name associated with the credit card BIN, such as Citibank, Chase, Capital One, etc.
bin_type	String	Type of card associated with the credit card BIN. Values can be "Credit", "Debit", "Prepaid", or "Virtual". Prepaid and Virtual credit cards carry slightly higher risk.
risky_username	Boolean	Username frequently associated with fraudulent behavior.
is_prepaid_card	Boolean	Status of the credit card as prepaid.
fraudulent_behavior	Boolean	Indicates high risk behavior patterns and a high chance of fraud.
phone_name_identity_match	String	Enterprise Account Feature — Indicates a reverse identity match between the billing phone number and first/last name. Values: "Unknown" — no checks processed, "Match" — positive identity match, "Mismatch" — data matches another user, "No Match" — could not pair identity data.
phone_email_identity_match	String	Enterprise Account Feature — Indicates a reverse identity match between the billing phone number and email address. Values: "Unknown" — no checks processed, "Match" — positive identity match, "Mismatch" — data matches another user, "No Match" — could not pair identity data.
phone_address_identity_match	String	Enterprise Account Feature — Indicates a reverse identity match between the billing phone number and physical address. Values: "Unknown" — no checks processed, "Match" — positive identity match, "Mismatch" — data matches another user, "No Match" — could not pair identity data.
email_name_identity_match	String	Enterprise Account Feature — Indicates a reverse identity match between the billing email address and first/last name. Values: "Unknown" — no checks processed, "Match" — positive identity match, "Mismatch" — data matches another user, "No Match" — could not pair identity data.
name_address_identity_match	String	Enterprise Account Feature — Indicates a reverse identity match between the billing first/last name and physical address. Values: "Unknown" — no checks processed, "Match" — positive identity match, "Mismatch" — data matches another user, "No Match" — could not pair identity data.
address_email_identity_match	String	Enterprise Account Feature — Indicates a reverse identity match between the billing physical address and email address. Values: "Unknown" — no checks processed, "Match" — positive identity match, "Mismatch" — data matches another user, "No Match" — could not pair identity data.

message

A generic status message, either success or some form of an error notice.

string

success

Was the request successful?

boolean

errors

Array of errors which occurred while attempting to process this request.

array of strings

What is a Proxy Detection API

Proxy detection APIs provide websites and apps with a real-time IP address lookup to detect proxies, VPNs, & TOR connections. Enrich any IP address with risk data to better identify malicious IP addresses, anonymous IPs, residential proxies, and botnets. The IP address API also provides geo location, connection type, & ISP data.

When To Use an Proxy Detection API?

Using a proxy detection API is a best practice to detect fraud and analyze risk for account registration, transactions, clicks, and similar user actions. Real-time results provided by the IP address Application Programming Interface (API) can enrich user accounts for any platform to improve fraud detection techniques. Since the system supports live lookups, it can deployed for an on-demand lookup upon any user action like submitting a form.

What is Proxy Detection?

Fraudsters have become more sophisticated within the past few years, using proxy and VPN connections to commit fraud online. The only way for companies to adequately protect themselves against modern fraud tactics is by using an advanced proxy detection service which including a VPN detection API that can identify malicious IP addresses so suspicious users and payments can be accurately identified.

Example Code

const express = require('express');
const request = require('sync-request');
const app = express();
const port = 3000;


function Output(success = false, message = null, data = null) {
	this.success = success;
	this.message = message;
	this.data = null;
}


function CheckUserIP(ip_address, user_agent, language) {
	var key = 'YOUR_API_KEY_HERE';
	var strictness = 1; // This optional parameter controls the level of strictness for the lookup. Setting this option higher will increase the chance for false-positives as well as the time needed to perform the IP analysis. Increase this setting if you still continue to see fraudulent IPs with our base setting (level 1 is recommended) or decrease this setting for faster lookups with less false-positives. Current options for this parameter are 0 (fastest), 1 (recommended), 2 (more strict), or 3 (strictest).
	var allow_public_access_points = 'true'; // Bypasses certain checks for IP addresses from education and research institutions, schools, and some corporate connections to better accommodate audiences that frequently use public connections. This value can be set to true to make the service less strict while still catching the riskiest connections.
	var url = "https://www.ipqualityscore.com/api/json/ip/" + key + "/" + ip_address + "?user_agent=" + user_agent + "&user_language=" + language + "&strictness=" + strictness + "&allow_public_access_points=" + allow_public_access_points;
	var result = get_IPQ_URL(url);
	if (result !== null) {
		return result;
	}
	else {
		// Throw error, no response received.
	}
}


function get_IPQ_URL(url) {
	try {
		var response = request('GET', url);
		return JSON.parse(response.getBody());
	}
	catch (error) {
		return null;
	}
}


function ValidIP(ip_address, user_agent, language) {
	var allowCrawlers = true; // Allow verified search engine crawlers from Google, Bing, Yahoo, DuckDuckGo, Baidu, Yandex, and similar major search engines. This setting is useful for preventing SEO penalties on front end placements.
	var fraudScoreMinBlock = 75; // Minimum Fraud Score to determine a fraudulent or high risk user
	var fraudScoreMinBlockForMobiles = 75; // Minimum Fraud Score to determine a fraudulent or high risk user for MOBILE Devices
	var lowerPenaltyForMobiles = false; // Prevents false positives for mobile devices - if set to true, this will only block VPN connections, Tor connections, and Fraud Scores greater than the minimum values set above for mobile devices. This setting is meant to provide greater accuracy for mobile devices due to mobile carriers frequently recycling and sharing mobile IP addresses. Please be sure to pass the "user_agent" (browser) for this feature to work. This setting ensures that the riskiest mobile connections are still blacklisted.
	
	var ip_result = CheckUserIP(ip_address, user_agent, language);
	
	if (ip_result !== null) {
		if (allowCrawlers === true) {
			if (typeof ip_result !== 'undefined' && ip_result['is_crawler'] === true) {
				return false;
			}
		}
		if (ip_result['mobile'] === true && lowerPenaltyForMobiles === true) {
			if (typeof ip_result['fraud_score'] !== 'undefined' && ip_result['fraud_score'] >= fraudScoreMinBlockForMobiles) {
				return true;
			}
			else if (typeof ip_result['vpn'] !== 'undefined' && ip_result['vpn'] === true) {
				return ip_result['vpn'];
			}
			else if (typeof ip_result['tor'] !== 'undefined' && ip_result['tor'] === true) {
				return ip_result['tor'];
			}
			else {
				return false;
			}	
		}
		else {
			if (typeof ip_result['fraud_score'] !== 'undefined' &&  ip_result['fraud_score'] >= fraudScoreMinBlock) {
				return true;
			}
			else if (typeof ip_result['proxy'] !== 'undefined'){
				return ip_result['proxy'];
			}
			else {
				// Throw error, response is invalid.
			}
		}
	}
	else {
	    return false;
	}
}


app.enable('trust proxy'); // Allows Accurate Usage of req.ip


app.get('/', (req, res) => {
	var ip_address = req.ip;
	var user_agent = req.headers['user-agent'];
	var language = req.headers['accept-language'];
	console.log(ip_address + ":: " + user_agent + " :: " + language);
	if (ValidIP(ip_address, user_agent, language) === true) {
		return res.send(new Output(true, 'Proxy, VPN, or Risky User'));
	}
	else {
		return res.send(new Output(true, 'Clean IP/User'));
	}
});


app.listen(port, () => {
	console.log(`Example app listening on port ${port}!`)
});

// Your API Key.
$key = 'YOUR_API_KEY_HERE';

/*
* Retrieve the user's IP address. 
* You could also pull this from another source such as a database.
* 
*/
$ip = isset($_SERVER['HTTP_CF_CONNECTING_IP']) ? $_SERVER['HTTP_CF_CONNECTING_IP'] : $_SERVER['REMOTE_ADDR'];


// Retrieve additional (optional) data points which help us enhance fraud scores.
$user_agent = $_SERVER['HTTP_USER_AGENT']; 
$user_language = $_SERVER['HTTP_ACCEPT_LANGUAGE'];

// Set the strictness for this query. (0 (least strict) - 3 (most strict))
$strictness = 1;

// You may want to allow public access points like coffee shops, schools, corporations, etc...
$allow_public_access_points = 'true';

// Reduce scoring penalties for mixed quality IP addresses shared by good and bad users.
$lighter_penalties = 'false';

// Create parameters array.
$parameters = array(
	'user_agent' => $user_agent,
	'user_language' => $user_language,
	'strictness' => $strictness,
	'allow_public_access_points' => $allow_public_access_points,
	'lighter_penalties' => $lighter_penalties
);

/* User & Transaction Scoring
* Score additional information from a user, order, or transaction for risk analysis
* Please see the documentation and example code to include this feature in your scoring:
* https://www.ipqualityscore.com/documentation/proxy-detection-api/transaction-scoring
* This feature requires a Premium plan or greater
*/

// Format Parameters
$formatted_parameters = http_build_query($parameters);

// Create API URL
$url = sprintf(
	'https://www.ipqualityscore.com/api/json/ip/%s/%s?%s', 
	$key,
	$ip, 
	$formatted_parameters
);

// Fetch The Result
$timeout = 5;

$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, $url);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($curl, CURLOPT_CONNECTTIMEOUT, $timeout);

$json = curl_exec($curl);
curl_close($curl);

// Decode the result into an array.
$result = json_decode($json, true);

// Check to see if our query was successful.
if(isset($result['success']) && $result['success'] === true){
	// NOTICE: If you want to use one of the examples below, remove
	// any lines containing /*, */ and *-, then remove * from any of the
	// the remaining lines.

	/*
	*- Example 1: We'd like to block all proxies and send them to Google.
	* 
	* if($result['proxy'] === true){
	*		exit(header("Location: https://www.ipqualityscore.com/disable-your-proxy-vpn-connection"));
	* }
	*/
	
	/*
	*- Example 2: We'd like to block all proxies, but allow legitimate
	*- crawlers like Google on our site:
	*
	* if($result['proxy'] === true && $result['is_crawler'] === false){
	*		exit(header("Location: https://www.ipqualityscore.com/disable-your-proxy-vpn-connection"));
	* }
	*/

	/*
	*- Example 3: We'd like to block only visitors with a fraud score, 
	*- over 80, but allow crawlers such as Google:
	* 
	* if($result['fraud_score'] >= 80 && $result['is_crawler'] === false){
	*		exit(header("Location: https://www.ipqualityscore.com/disable-your-proxy-vpn-connection"));
	* }
	*/

	/*
	*- Example 4: We'd like to block only visitors which are a proxy with a 
	*- fraud score over 80, but allow crawlers such as Google:
	* 
	* if(
	* 	$result['proxy'] === true && 
	* 	$result['fraud_score'] >= 80 && 
	*		$result['is_crawler'] === false
	*	){
	*		exit(header("Location: https://www.ipqualityscore.com/disable-your-proxy-vpn-connection"));
	* }
	*/
	
	/*
	*- Example 5: We'd like to block only visitors which are using tor.
	* 
	* if($result['tor'] === true){
	*		exit(header("Location: https://www.ipqualityscore.com/disable-your-proxy-vpn-connection"));
	* }
	*/

	/*
	* If you are confused with these examples or simply have a use case
	* not covered here, please feel free to contact IPQualityScore's support
	* team. We'll craft a custom piece of code to meet your requirements.
	*/

# THIS SHOULD NEVER BE USED IN PRODUCTION AS IS!

# You may need to install Requests pip
# python -m pip install requests

import hashlib
from http.server import BaseHTTPRequestHandler, HTTPServer
import json
import requests

hostName = "localhost"
serverPort = 8080

class IPQS:
    key = "YOUR_API_KEY_HERE"

    def payment_transaction_fraud_prev(self, ip: str, vars: dict = {}) -> dict:
        """Method used to lookup Payment & Transaction Fraud Prevention API 

        Args:
            ip (str): _description_
            vars (dict, optional): Reffer to https://www.ipqualityscore.com/documentation/proxy-detection-api/transaction-scoring for variables.. Defaults to {}.

        Returns:
            dict: _description_
        """
        if not bool(vars):
            return {}

        url = "https://www.ipqualityscore.com/api/json/ip/%s/%s" %(self.key, ip)
        x = requests.get(url, params = vars)
        return (json.loads(x.text))




class MyServer(BaseHTTPRequestHandler):
    """This is an example basic web server. we limited it to handle "/" path only."""

    def do_GET(self):
        if self.path == "/":
            ipqs = IPQS()
            
            header_items= dict(self.headers.items())
            parameters = {
                'user_agent'                    : header_items['User-Agent'],
                'user_language'                 : header_items['Accept-Language'].split(',')[0],
                'strictness'                    : 0,
                # You may want to allow public access points like coffee shops, schools, corporations, etc...
                'allow_public_access_points'    : 'true',
                # Reduce scoring penalties for mixed quality IP addresses shared by good and bad users.
                'lighter_penalties'             : 'false'
            }


         
            result = ipqs.payment_transaction_fraud_prev(self.client_address[0],parameters)

            if 'success' in result and result['success'] == True:
                """
                NOTICE: If you want to use one of the examples below, remove
                any lines containing /*, */ and *-, then remove * from any of the
                the remaining lines.
                """


                """
                Example 1: We'd like to block all proxies and send them to Google.
                """

                if result['proxy'] == True:
                    
                    self.send_response(303)
                    self.send_header('Content-type', 'text/html')
                    self.send_header('Location','https://www.ipqualityscore.com/disable-your-proxy-vpn-connection')
                    self.end_headers()
                    return
                
                """
                Example 2: We'd like to block all proxies, but allow legitimate
                crawlers like Google on our site:
                
                if result['proxy'] == True and result['is_crawler'] == False:
                	self.send_response(303)
                    self.send_header('Content-type', 'text/html')
                    self.send_header('Location','https://www.ipqualityscore.com/disable-your-proxy-vpn-connection')
                    self.end_headers()
                    return
                """
                
                """
                Example 3: We'd like to block only visitors with a fraud score,
                of 80 or over, but allow crawlers such as Google:
                
                if result['fraud_score'] >= 80 and result['is_crawler'] == False:
                	self.send_response(303)
                    self.send_header('Content-type', 'text/html')
                    self.send_header('Location','https://www.ipqualityscore.com/disable-your-proxy-vpn-connection')
                    self.end_headers()
                    return
                """
                
                """
                Example 4: We'd like to block only visitors which are a proxy with a
                fraud score of 80 and over, but allow crawlers such as Google:

                if result['proxy'] == True and result['tor'] == True or result['fraud_score'] >= 80 or result['is_crawler'] == False:
                	self.send_response(303)
                    self.send_header('Content-type', 'text/html')
                    self.send_header('Location','https://www.ipqualityscore.com/disable-your-proxy-vpn-connection')
                    self.end_headers()
                    return
                """

                """
                Example 5: We'd like to block only visitors which are using tor.
                
                if result['tor'] == True:
                	self.send_response(303)
                    self.send_header('Content-type', 'text/html')
                    self.send_header('Location','https://www.ipqualityscore.com/disable-your-proxy-vpn-connection')
                    self.end_headers()
                    return
                """

                """
                If you are confused with these examples or simply have a use case
                not covered here, please feel free to contact IPQualityScore's support
                team. We'll craft a custom piece of code to meet your requirements.
                """

            self.send_response(500)
            self.send_header("Content-type", "text/html")
            self.end_headers()

if __name__ == "__main__":        
    webServer = HTTPServer((hostName, serverPort), MyServer)
    print("Server started http://%s:%s" % (hostName, serverPort))

    try:
        webServer.serve_forever()
    except KeyboardInterrupt:
        pass

    webServer.server_close()
    print("Server stopped.")