minFraud API Requests
On this page
Authorization and Security
The HTTP Authorization
header is required for authorization. The username is
your
MaxMind account ID.
The password is your
MaxMind license key.
We use
basic HTTP authentication.
The APIs which require authentication are only available via HTTPS. The
credentials are never transmitted unencrypted. If you attempt to access this
service via HTTP, you will receive a 403 Forbidden
HTTP response.
We require TLS 1.2 or greater for all requests to our servers to keep your data secure.
Service Endpoints
The endpoint for each service is as specified below.
Service | HTTP Method | Endpoint |
---|---|---|
Score | POST | https://minfraud.maxmind.com/minfraud/v2.0/score |
Insights | POST | https://minfraud.maxmind.com/minfraud/v2.0/insights |
Factors | POST | https://minfraud.maxmind.com/minfraud/v2.0/factors |
The minfraud.maxmind.com hostname automatically picks the data center geographically closest to you.
Headers
The Authorization
header is always required. See
Authorization and Security for more details.
The Accept
header for a request is entirely optional. If you do include one,
you must accept one of the following, substituting the [SERVICE-TYPE]
with
either score
, insights
, or factors
as appropriate:
application/json
application/vnd.maxmind.com-minfraud-[SERVICE TYPE]+json
application/vnd.maxmind.com-minfraud-[SERVICE TYPE]+json; charset=UTF-8; version=2.0
A request for any other MIME type will result in a 415 Unsupported Media Type
error.
If you set the Accept-Charset
header in your client code, you must accept the
UTF-8
character set. If you don’t you will receive a 406 Not Acceptable
response.
Request Body
Currently minFraud Score, minFraud Insights, and minFraud Factors use the same request document format. The request consists of a JSON object with one or more of the fields shown below. Each key in the top-level object maps to an object or array as described below. New fields that apply to one or both may be added in the future.
String fields are limited to no more than 255 valid Unicode characters unless a
shorter length is specified; the null and newline characters are forbidden. Of
course, many fields also have additional constraints that limit the length. For
example, the ip_address
field cannot be longer than the longest valid
representation of an IPv6 address. Unless it must match a specific format, it
is valid for a string field to be empty.
Boolean fields must be provided as JSON true
or false
.
Unless otherwise specified, if the value meets the requirements for the field, then it will not be modified. Beyond field specific exceptions, an exception to this is if the value is provided as a type different from what we require. In such cases we convert it to the required type if possible. For example, if you provide a string field as a number, then it will be converted to a string, and vice versa. This conversion happens only between numbers and strings.
The entire request body is limited to 20,000 bytes. Requests larger than this size will be rejected.
1{
2 "account": {
3 "user_id": "3132",
4 "username_md5": "570a90bfbf8c7eab5dc5d4e26832d5b1"
5 },
6 "billing": {
7 "address": "400 Blake St.",
8 "address_2": "Suite 5",
9 "city": "New Haven",
10 "company": "Big Corp.",
11 "country": "US",
12 "first_name": "John",
13 "last_name": "Doe",
14 "phone_country_code": "1",
15 "phone_number": "203-000-0000",
16 "postal": "06511",
17 "region": "CT"
18 },
19 "credit_card": {
20 "avs_result": "Y",
21 "bank_name": "Bank of America",
22 "bank_phone_country_code": "1",
23 "bank_phone_number": "800-342-1232",
24 "country": "US",
25 "cvv_result": "N",
26 "issuer_id_number": "323132",
27 "last_digits": "7643",
28 "token": "OQRST14PLQ98323",
29 "was_3d_secure_successful": true
30 },
31 "custom_inputs": {
32 "a_custom_input_key": "NSC0083121",
33 "another_custom_input_key": false
34 },
35 "device": {
36 "accept_language": "en-US,en;q=0.8",
37 "ip_address": "2001:db8::ff00:42:8329",
38 "session_age": 3600.5,
39 "session_id": "c2ffa1b7-f5c5-4702-beb2-4254794fe391",
40 "user_agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.89 Safari/537.36"
41 },
42 "email": {
43 "address": "977577b140bfb7c516e4746204fbdb01",
44 "domain": "maxmind.com"
45 },
46 "event": {
47 "shop_id": "s2123",
48 "time": "2012-04-12T23:20:50.52Z",
49 "transaction_id": "txn3134133",
50 "type": "purchase"
51 },
52 "order": {
53 "affiliate_id": "af12",
54 "amount": 323.21,
55 "currency": "USD",
56 "discount_code": "FIRST",
57 "has_gift_message": false,
58 "is_gift": true,
59 "referrer_uri": "http://www.google.com/",
60 "subaffiliate_id": "saf42"
61 },
62 "payment": {
63 "decline_code": "card_declined",
64 "processor": "stripe",
65 "was_authorized": false
66 },
67 "shipping": {
68 "address": "82 Wall St.",
69 "address_2": "#1",
70 "city": "New Haven",
71 "company": "Smaller, Inc.",
72 "country": "US",
73 "delivery_speed": "same_day",
74 "first_name": "Jane",
75 "last_name": "Doe",
76 "phone_country_code": "1",
77 "phone_number": "203-000-0000",
78 "postal": "06515",
79 "region": "CT"
80 },
81 "shopping_cart": [
82 {
83 "category": "pets",
84 "item_id": "ad23232",
85 "price": 20.43,
86 "quantity": 2
87 },
88 {
89 "category": "beauty",
90 "item_id": "bst112",
91 "price": 100,
92 "quantity": 1
93 }
94 ]
95}
Device
device
is a JSON object that contains information about the device used in the transaction.
1{
2 "accept_language": "en-US,en;q=0.8",
3 "ip_address": "2001:db8::ff00:42:8329",
4 "session_age": 3600.5,
5 "session_id": "c2ffa1b7-f5c5-4702-beb2-4254794fe391",
6 "user_agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.89 Safari/537.36"
7}
Key | Value Type | Description |
---|---|---|
ip_address | string | The IP address associated with the device used by the customer in the transaction. The IP address must be in IPv4 or IPv6 presentation format, i.e., dotted-quad notation or the IPv6 hexadecimal-colon notation. Get tips for how to pass the /device/ip_address input on our Knowledge Base. format: IPv4 or IPv6 GeoIP Country
GeoIP City
GeoIP Insights |
user_agent | string | The HTTP Learn more about the /device/user_agent input on our Knowledge Base. max length: 512 GeoIP Country
GeoIP City
GeoIP Insights |
accept_language | string | The HTTP Learn more about the /device/accept_language input on our Knowledge Base. max length: 255 GeoIP Country
GeoIP City
GeoIP Insights |
session_age | decimal | The number of seconds between the creation of the user’s session and the time of the transaction. Note that Learn more about the /device/session_age input on our Knowledge Base. min: 0, max: 10e13-1 GeoIP Country
GeoIP City
GeoIP Insights |
session_id | string | An ID that uniquely identifies a visitor’s session on the site. Learn more about the /device/session_id input on our Knowledge Base. max length: 255 GeoIP Country
GeoIP City
GeoIP Insights |
Event
event
is a JSON object that contains general information related to the event being scored
1{
2 "shop_id": "s2123",
3 "time": "2012-04-12T23:20:50.52Z",
4 "transaction_id": "txn3134133",
5 "type": "purchase"
6}
Key | Value Type | Description |
---|---|---|
transaction_id | string | Your internal ID for the transaction. We can use this to locate a specific transaction in our logs, and it will also show up in email alerts and notifications from us to you. No specific format is required. Learn more about the /event/transaction_id input on our Knowledge Base. max length: 255 GeoIP Country
GeoIP City
GeoIP Insights |
shop_id | string | Your internal ID for the shop, affiliate, or merchant this order is coming from. Required for minFraud users who are resellers, payment providers, gateways and affiliate networks. No specific format is required. Learn more about the /event/shop_id input on our Knowledge Base. max length: 255 GeoIP Country
GeoIP City
GeoIP Insights |
time | string | The date and time the event occurred. The string must be in the RFC 3339 date-time format. The time must be within the past year. If this field is not in the request, the current time will be used. It is not recommended to use this input when scoring live transactions as they occur. However, it can be useful if you store transactions to be submitted to the service for scoring later. Please note that you cannot submit times more than one year in the past. If you submit an event time more than one year in the past, the current time will be used to score the transaction, and a warning will be returned. Learn more about the /event/time input on our Knowledge Base. GeoIP Country
GeoIP City
GeoIP Insights |
type | string | The type of event being scored. The valid types are:
Learn more about the /event/type input on our Knowledge Base. format: enum GeoIP Country
GeoIP City
GeoIP Insights |
Account
account
is a JSON object that contains account information for the end-user on the site
where the event took place
1{
2 "user_id": "3132",
3 "username_md5": "570a90bfbf8c7eab5dc5d4e26832d5b1"
4}
Key | Value Type | Description |
---|---|---|
user_id | string | A unique user ID associated with the end-user in your system. If your system allows the login name for the account to be changed, this should not be the login name for the account, but rather should be an internal ID that does not change. This is not your MaxMind account ID. No specific format is required. Learn more about the /account/user_id input on our Knowledge Base. max length: 255 GeoIP Country
GeoIP City
GeoIP Insights |
username_md5 | string | An MD5 hash as a hexadecimal string of the username or login name associated with the account. max length: 32 GeoIP Country
GeoIP City
GeoIP Insights |
email
is a JSON object that contains information about the email address of the end-user who initiated the event.
1{
2 "address": "977577b140bfb7c516e4746204fbdb01",
3 "domain": "maxmind.com"
4}
Key | Value Type | Description |
---|---|---|
address | string | This field must be either be a valid email address or an MD5 of the email used in the transaction. Learn more about the /email/address input on our Knowledge Base. max length: 255, type: Email or MD5 of Email GeoIP Country
GeoIP City
GeoIP Insights |
domain | string | The domain of the email address used in the transaction. Do not include the You do not need to pass the email domain input unless you are passing the email address as an MD5 hash. Learn more about hashed email inputs on our Knowledge Base. max length: 255 GeoIP Country
GeoIP City
GeoIP Insights |
Billing
billing
is a JSON object that contains the billing address and contact information provided by the end-user who initiated the event.
Learn more about the billing address inputs on our Knowledge Base.
1{
2 "address": "400 Blake St.",
3 "address_2": "Suite 5",
4 "city": "New Haven",
5 "company": "Big Corp.",
6 "country": "US",
7 "first_name": "John",
8 "last_name": "Doe",
9 "phone_country_code": "1",
10 "phone_number": "203-000-0000",
11 "postal": "06511",
12 "region": "CT"
13}
Key | Value Type | Description |
---|---|---|
first_name | string | The first name of the end user as provided in their billing information. max length: 255 GeoIP Country
GeoIP City
GeoIP Insights |
last_name | string | The last name of the end user as provided in their billing information. max length: 255 GeoIP Country
GeoIP City
GeoIP Insights |
company | string | The company of the end user as provided in their billing information. max length: 255 GeoIP Country
GeoIP City
GeoIP Insights |
address | string | The first line of the user’s billing address. max length: 255 GeoIP Country
GeoIP City
GeoIP Insights |
address_2 | string | The second line of the user’s billing address. max length: 255 GeoIP Country
GeoIP City
GeoIP Insights |
city | string | The city of the user’s billing address. max length: 255 GeoIP Country
GeoIP City
GeoIP Insights |
region | string | The ISO 3166-2 subdivision code for the user’s billing address. max length: 4 GeoIP Country
GeoIP City
GeoIP Insights |
country | string | The two character ISO 3166-1 alpha-2 country code of the user’s billing address. max length: 2 GeoIP Country
GeoIP City
GeoIP Insights |
postal | string | The postal code of the user’s billing address. max length: 255 GeoIP Country
GeoIP City
GeoIP Insights |
phone_number | string | The phone number without the country code for the user’s billing address. Punctuation characters will be stripped. After stripping punctuation characters, the number must contain only digits. max length: 255 GeoIP Country
GeoIP City
GeoIP Insights |
phone_country_code | string | The country code for phone number associated with the user’s billing address. If you provide this information then you must provide at least one digit. max length: 4 GeoIP Country
GeoIP City
GeoIP Insights |
Shipping
shipping
is a JSON object that contains the shipping address and contact information provided by the end-user who initiated the event.
Learn more about the shipping address inputs on our Knowledge Base.
1{
2 "address": "82 Wall St.",
3 "address_2": "#1",
4 "city": "New Haven",
5 "company": "Smaller, Inc.",
6 "country": "US",
7 "delivery_speed": "same_day",
8 "first_name": "Jane",
9 "last_name": "Doe",
10 "phone_country_code": "1",
11 "phone_number": "203-000-0000",
12 "postal": "06515",
13 "region": "CT"
14}
Key | Value Type | Description |
---|---|---|
first_name | string | The first name of the end user as provided in their shipping information. max length: 255 GeoIP Country
GeoIP City
GeoIP Insights |
last_name | string | The last name of the end user as provided in their shipping information. max length: 255 GeoIP Country
GeoIP City
GeoIP Insights |
company | string | The company of the end user as provided in their shipping information. max length: 255 GeoIP Country
GeoIP City
GeoIP Insights |
address | string | The first line of the user’s shipping address. max length: 255 GeoIP Country
GeoIP City
GeoIP Insights |
address_2 | string | The second line of the user’s shipping address. max length: 255 GeoIP Country
GeoIP City
GeoIP Insights |
city | string | The city of the user’s shipping address. max length: 255 GeoIP Country
GeoIP City
GeoIP Insights |
region | string | The ISO 3166-2 subdivision code for the user’s shipping address. max length: 4 GeoIP Country
GeoIP City
GeoIP Insights |
country | string | The two character ISO 3166-1 alpha-2 country code of the user’s shipping address. max length: 2 GeoIP Country
GeoIP City
GeoIP Insights |
postal | string | The postal code of the user’s shipping address. max length: 255 GeoIP Country
GeoIP City
GeoIP Insights |
phone_number | string | The phone number without the country code for the user’s shipping address. Punctuation characters will be stripped. After stripping punctuation characters, the number must contain only digits. max length: 255 GeoIP Country
GeoIP City
GeoIP Insights |
phone_country_code | string | The country code for phone number associated with the user’s shipping address. If you provide this information then you must provide at least one digit. max length: 4 GeoIP Country
GeoIP City
GeoIP Insights |
delivery_speed | string | The shipping delivery speed for the order. The valid values are:
format: enum GeoIP Country
GeoIP City
GeoIP Insights |
Payment
payment
is a JSON object that contains information from and about the payment process that was used for the event.
1{
2 "decline_code": "card_declined",
3 "processor": "stripe",
4 "was_authorized": false
5}
Key | Value Type | Description |
---|---|---|
processor | string | The payment processor used for the transaction. The valid values are:
If your payment processor is missing from this list, please contact our support team. format: enum GeoIP Country
GeoIP City
GeoIP Insights |
was_authorized | boolean | |
decline_code | string | The decline code as provided by your payment processor. If the transaction was not declined, do not include this field. max length: 255 GeoIP Country
GeoIP City
GeoIP Insights |
Credit Card
credit_card
is a JSON object that contains information provided by the end-user and the payment processor about the credit card used for the for the event.
1{
2 "avs_result": "Y",
3 "bank_name": "Bank of America",
4 "bank_phone_country_code": "1",
5 "bank_phone_number": "800-342-1232",
6 "country": "US",
7 "cvv_result": "N",
8 "issuer_id_number": "323132",
9 "last_digits": "7643",
10 "token": "OQRST14PLQ98323",
11 "was_3d_secure_successful": true
12}
Key | Value Type | Description |
---|---|---|
issuer_id_number | string | The issuer ID number for the credit card. This is the first six or eight digits of the credit card number. It identifies the issuing bank. If you do not know whether the IIN is six or eight digits long, send us six digits. Learn more about the /credit_card/issuer_id_number input on our Knowledge Base. max length: 8 GeoIP Country
GeoIP City
GeoIP Insights |
last_digits | string | The last digits of the credit card number. In most cases, you should send the last four digits for Learn more about the /credit_card/last_digits input on our Knowledge Base. max length: 4 GeoIP Country
GeoIP City
GeoIP Insights |
token | string | A token uniquely identifying the card. The token should consist of non-space printable ASCII characters. If the token is all digits, it must be more than 19 characters long. The token must not be a primary account number (PAN) or a simple transformation of it. If you have a valid token that looks like a PAN but is not one, you may prefix that token with a fixed string, e.g., Learn more about the /credit_card/token input on our Knowledge Base. max length: 255 GeoIP Country
GeoIP City
GeoIP Insights |
bank_name | string | The name of the issuing bank as provided by the end user. max length: 255 GeoIP Country
GeoIP City
GeoIP Insights |
bank_phone_country_code | string | The phone country code for the issuing bank as provided by the end user. If you provide this information then you must provide at least one digit. max length: 4 GeoIP Country
GeoIP City
GeoIP Insights |
bank_phone_number | string | The phone number, without the country code, for the issuing bank as provided by the end user. Punctuation characters will be stripped. After stripping punctuation characters, the number must contain only digits. max length: 255 GeoIP Country
GeoIP City
GeoIP Insights |
country | string | The two character ISO 3166-1 alpha-2 country code where the issuer of the card is located. This may be passed instead of the issuer_id_number if you do not wish to pass partial account numbers, or if your payment processor does not provide them. Learn more about the /credit_card/country input on our Knowledge Base. max length: 2 GeoIP Country
GeoIP City
GeoIP Insights |
avs_result | string | The address verification system (AVS) check result, as returned to you by the credit card processor. The minFraud service supports the standard AVS codes. Learn more about the /credit_card/avs_result input on our Knowledge Base. max length: 1 GeoIP Country
GeoIP City
GeoIP Insights |
cvv_result | string | The card verification value (CVV) code as provided by the payment processor. Learn more about the /credit_card/cvv_result input on our Knowledge Base. max length: 1 GeoIP Country
GeoIP City
GeoIP Insights |
was_3d_secure_successful | boolean | Whether the outcome of 3-D Secure verification (e.g. Safekey, SecureCode, Verified by Visa) was successful. Learn more about the /credit_card/was_3d_secure_successful input on our Knowledge Base. GeoIP Country
GeoIP City
GeoIP Insights |
Order
order
is a JSON object that contains information about the order associated with the event.
1{
2 "affiliate_id": "af12",
3 "amount": 323.21,
4 "currency": "USD",
5 "discount_code": "FIRST",
6 "has_gift_message": false,
7 "is_gift": true,
8 "referrer_uri": "http://www.google.com/",
9 "subaffiliate_id": "saf42"
10}
Key | Value Type | Description |
---|---|---|
amount | decimal | The total order amount for the transaction before taxes and discounts. Learn more about the /order/amount input on our Knowledge Base. min: 0, max: 1e14 – 1 GeoIP Country
GeoIP City
GeoIP Insights |
currency | string | The ISO 4217 currency code for the currency used in the transaction. Learn more about the /order/currency input on our Knowledge Base. max length: 3 GeoIP Country
GeoIP City
GeoIP Insights |
discount_code | string | The discount code applied to the transaction. If multiple discount codes were used, please separate them with a comma. Learn more about the /order/discount_code input on our Knowledge Base. max length: 255 GeoIP Country
GeoIP City
GeoIP Insights |
affiliate_id | string | The ID of the affiliate where the order is coming from. No specific format is required. Learn more about the /order/affiliate_id input on our Knowledge Base. max length: 255 GeoIP Country
GeoIP City
GeoIP Insights |
subaffiliate_id | string | The ID of the sub-affiliate where the order is coming from. No specific format is required. Learn more about the /order/subaffiliate_id input on our Knowledge Base. max length: 255 GeoIP Country
GeoIP City
GeoIP Insights |
referrer_uri | string | The URI of the referring site for this order. Needs to be absolute and have a URI scheme such as Learn more about the /order/referrer_uri input on our Knowledge Base. max length: 1024 GeoIP Country
GeoIP City
GeoIP Insights |
is_gift | boolean | Whether order was marked as a gift by the purchaser. Learn more about the /order/is_gift input on our Knowledge Base. GeoIP Country
GeoIP City
GeoIP Insights |
has_gift_message | boolean | Whether the purchaser included a gift message. Learn more about the /order/has_gift_message input on our Knowledge Base. GeoIP Country
GeoIP City
GeoIP Insights |
Shopping Cart
shopping_cart
is an array of shopping cart item objects.
Passing hashed values for shopping cart items can increase the privacy of your customers’ information while continuing to fulfill the needs for fraud detection. A suitable hashed value can be produced by using a cryptographic hash function and a fixed salt. Using a random salt is not recommended as that will result in different hashed values for the same plain value, which would make them ineffective for our fraud detection service. For more information, see:
Learn more about the shopping cart inputs on our Knowledge Base.
1[
2 {
3 "category": "pets",
4 "item_id": "ad23232",
5 "price": 20.43,
6 "quantity": 2
7 },
8 {
9 "category": "beauty",
10 "item_id": "bst112",
11 "price": 100,
12 "quantity": 1
13 }
14]
Key | Value Type | Description |
---|---|---|
category | string | The category of the item. This can also be a hashed value; see below. max length: 255 GeoIP Country
GeoIP City
GeoIP Insights |
item_id | string | Your internal ID for the item. No specific format is required. This can also be a hashed value; see below. max length: 255 GeoIP Country
GeoIP City
GeoIP Insights |
quantity | integer | The quantity of the item in the shopping cart. The value must be a whole number. min: 0, max: 10e13-1 GeoIP Country
GeoIP City
GeoIP Insights |
price | Decimal | The per-unit price of this item in the shopping cart. This should use the same currency as the order currency. format: Decimal, min: 0, max: 1e14-1 GeoIP Country
GeoIP City
GeoIP Insights |
Custom Inputs
custom_inputs
are optional inputs to the minFraud service that must first be defined for your account. Select Custom Inputs from the Account Portal in order to do so. See our Custom Inputs documentation for more information.
You should never send a full credit card number as an input. If you attempt to send a full credit card number as an input, the minFraud service will reject the input and issue a warning.
Learn more about valid payment number inputs above.
1{
2 "a_custom_input_key": "NSC0083121",
3 "another_custom_input_key": false
4}
Key | Value Type | Description |
---|---|---|
your_custom_BOOLEAN_key | boolean | A custom key of your choice, with a boolean value. GeoIP Country
GeoIP City
GeoIP Insights |
your_custom_FLOAT_NUMBER_key | float | A custom key of your choice, with a floating number value. min: -1e14, max: 1e14 GeoIP Country
GeoIP City
GeoIP Insights |
your_custom_PHONE_NUMBER_key | string | A custom key of your choice with a string value, formatted as a phone number. Numbers, spaces and punctuation accepted, although spaces and punctuation will be stripped. The following ASCII characters constitute the accepted punctuation: ` ~ ! @ # $ % ^ & * ( ) – _ = + ’ " ; : , < . > / ? \ | [ ] { and }. format: Phone number, max length: 255 GeoIP Country
GeoIP City
GeoIP Insights |
your_custom_STRING_key | string | A custom key of your choice with a string value. The null character is not allowed. max length: 255 GeoIP Country
GeoIP City
GeoIP Insights |