RiskScore API

API reference

RiskScore HTTP endpoints on api.syndaq.com.

All RiskScore endpoints are served from https://api.syndaq.com/v1/riskscore/.

Authenticated requests require a valid RiskScore key. Lookup routes require your rs_sec_ secret key.

Endpoints overview

MethodPathAuthPurpose
GET/v1/riskscore/lookupSecret keyLookup by ?ip= query parameter
GET/v1/riskscore/lookup/{ip}Secret keyLookup by IP in the URL path
GET/v1/riskscore/statusPublic or secret keyPlan limits and quota snapshot

Response headers

Successful and error responses may include:

HeaderDescription
X-Request-IdUnique ID for support and log correlation
X-RateLimit-LimitPlan requests per minute for this key
X-RateLimit-RemainingRequests left in the current minute window
X-RateLimit-ResetUnix timestamp when the minute window resets
X-Quota-LimitMonthly quota for the subscription
X-Quota-RemainingLookups left this calendar month (UTC)
X-Quota-PeriodCurrent quota month (YYYY-MM)
Retry-AfterSeconds to wait after HTTP 429

GET /v1/riskscore/lookup

Returns risk intelligence for a single IP address.

Request

Pass the target IP using one of these forms:

GET /v1/riskscore/lookup/8.8.8.8
GET /v1/riskscore/lookup?ip=8.8.8.8

Both IPv4 and IPv6 are supported. IPv6 addresses in the path should be URL-encoded.

Headers:

Authorization: Bearer rs_sec_YOUR_SECRET_KEY

Success response (200)

{
  "success": true,
  "ip": "8.8.8.8",
  "cached": true,
  "provider": "findip",
  "fetched_at": "2026-06-22 12:00:00.000",
  "location": {
    "country": {
      "code": "US",
      "name": "United States"
    },
    "city": "Mountain View",
    "region": "California",
    "latitude": 37.386,
    "longitude": -122.084,
    "timezone": "America/Los_Angeles"
  },
  "network": {
    "isp": "Google LLC",
    "asn": 15169,
    "connection_type": "Corporate"
  },
  "intelligence": {
    "verdict": "anonymous_traffic",
    "description": "VPN or proxy exit detected",
    "risk": {
      "score": 15,
      "level": "low"
    },
    "threat": {
      "score": 50,
      "level": "medium"
    },
    "flags": {
      "is_anonymous": true,
      "is_proxy": false,
      "is_vpn": true,
      "is_tor": false,
      "is_relay": false,
      "is_malicious": false,
      "is_hosting": false,
      "is_network_service": true
    },
    "anonymous_confidence": 85,
    "tags": ["vpn"],
    "categories": ["anonymizer"]
  },
  "is_eu": false,
  "request_id": "a1b2c3d4e5f6789012345678901234ab"
}

Response fields

FieldTypeDescription
cachedbooleantrue when served from cache or local database
locationobjectCountry, city, region, coordinates, timezone
networkobjectISP, ASN, and connection type
intelligence.verdictstringOverall assessment code
intelligence.descriptionstringHuman-readable verdict summary
intelligence.riskobjectOverall risk score and level
intelligence.threatobjectThreat score and level
intelligence.flagsobjectBoolean anonymity and abuse indicators
intelligence.anonymous_confidenceintegerConfidence for anonymity detection (0-100)
intelligence.tagsarrayProvider tag strings
intelligence.categoriesarrayProvider category strings
is_eubooleanWhether the country is in the European Union

See the Risk intelligence guide for how to act on verdicts and scores.

GET /v1/riskscore/status

Returns key status, plan limits, and quota usage without performing a lookup.

Request

GET /v1/riskscore/status
Authorization: Bearer rs_sec_YOUR_SECRET_KEY

The public key (rs_pub_) is accepted on this route.

Success response (200)

{
  "success": true,
  "status": "active",
  "product": "riskscore",
  "plan": "starter",
  "rate_limit_per_minute": 120,
  "monthly_quota": 10000,
  "quota_unlimited": false,
  "quota_remaining": 9842,
  "quota_period": "2026-06",
  "database_records": 850000
}

Errors

Failed requests return JSON with success: false, error, error_code, and usually request_id.

HTTPerror_codeTypical cause
400invalid_ipMissing or malformed IP address
401missing_credentialsNo API key provided
401invalid_api_keyUnknown, inactive, or revoked key
401wrong_key_typePublic key used on a lookup endpoint
403ip_not_allowedCaller IP not on the key allowlist
404ip_not_foundUpstream could not resolve the address
422ip_not_routablePrivate, reserved, or non-routable IP
429rate_limit_exceededPer-minute limit exceeded
429quota_exceededMonthly quota exhausted
502lookup_failedTemporary upstream error
503upstream_unconfiguredRiskScore upstream not configured on server
500internal_errorUnexpected server error

Handle non-200 responses in your application and retry transient errors with exponential backoff.