HOW IT WORKS

Three steps from API key to protection.

01

Collect device signals (optional)

Add the AbuseGraph SDK to your signup form for richer browser probes, or skip it and send identity fields from your backend alone.

  • Works with React, Vue, vanilla JS
  • Passive collection — users never notice
  • Backend-only path needs no frontend change
02

POST /api/v1/check

Authenticate with your workspace API key. AbuseGraph scores the request across 62 catalogued signals and returns a 0–100 score plus a verdict.

  • Header: x-api-key
  • Verdicts: allow, challenge, shadow, block
  • Every marker weight is visible in Review
03

You decide what happens

Your backend receives the score and makes the final call. Allow, challenge, shadow, or block — AbuseGraph never mutates your users.

  • You control enforcement
  • Works with any backend (Node, Go, Python, etc.)
  • Your user data stays yours

Try it now

terminal
# Check a signup for fraud risk
curl -X POST https://your-host/api/v1/check \
  -H "x-api-key: pk_live_..." \
  -H "Content-Type: application/json" \
  -d '{
    "email": "user@example.com",
    "ip": "203.0.113.42",
    "fingerprint": "fp_abc123"
  }'

# Response
{
  "score": 85,
  "verdict": "block",
  "riskSignals": [
    { "type": "datacenter_ip", "weight": 40, "detail": "..." },
    { "type": "disposable_email", "weight": 45, "detail": "..." },
    { "type": "headless_browser", "weight": 50, "detail": "..." }
  ]
}

After signup, Settings shows your live host and a copy-paste curl with your real API key.