Risk Score API — Prod checklist

Current version: v2.0 (Changelog).

Infrastructure

• 1 VM (2 vCPU / 4 GB RAM is enough)
• Nginx reverse-proxy → Kestrel
• HTTPS only

Security

• Firewall: open only 80/443
• Disable SSH password auth
• Rate limiting via API key quotas

API lock

• Only endpoint: /risk-score
• No extra parameters
• No dashboard

Cache

• Cache per domain (default TTL: 24h)
• External source failure → silent partial signals

Logs

• Log only: timestamp, domain, riskScore, plan
• No client IP logging

Monitoring

• CPU/RAM, request count, 429 rate, 5xx rate

Rules

• No explanations for scores
• No per-customer tuning
• No refunds / no manual ops
• Do not expose signal thresholds (including nameserver_volatility)

Docs • Pricing