Risk Score API — Documentation

Automated, signal-based domain risk indicator. No guarantees. No advice. No interpretation.

OpenAPI (fixed contract): openapi.yaml (download)

Endpoint

POST /risk-score

Authentication

Send your API key in the header:

X-API-Key: YOUR_API_KEY

Missing/invalid key → 401. Quota exceeded → 429.

Request

{
  "url": "https://example.com"
}

Only absolute HTTP/HTTPS URLs are accepted.
Score is calculated per domain.
Results are cached.

Response

{
  "riskScore": 42,
  "riskLevel": "medium",
  "signals": [
    "domain_age_lt_6_months",
    "whois_redacted_or_privacy",
    "recent_rdap_record_update"
  ],
  "version": "v2.0"
}

Risk levels

Score	Level
0 – 24	low
25 – 49	medium
50 – 100	high

Signals (v2.0 - Changelog)

domain_age_lt_6_months
domain_age_lt_12_months
recent_rdap_record_update
recent_nameserver_or_delegation_change
whois_redacted_or_privacy
registrar_missing_in_rdap
registrar_high_risk_listed
cctld_registrant_country_mismatch
shared_hosting_asn_listed
spamhaus_drop_listed_ip
suspicious_keywords_in_domain
long_or_hyphenated_domain

Signals are indicators, not verdicts.

Example (curl)

curl -X POST https://api.yourdomain.com/risk-score \
  -H "Content-Type: application/json" \
  -H "X-API-Key: YOUR_API_KEY" \
  -d '{"url":"https://verify-secure-support-example.com"}'

Disclaimer

This API provides automated indicators based on public technical signals. It does not provide legal, financial, or security advice. Accuracy is not guaranteed.

Pricing • Prod checklist