Risk Score API — Prod checklist

Current version: v2.1 (Changelog).

Infrastructure

• 1 VM (2 vCPU / 4 GB RAM is enough)
• Nginx reverse-proxy → Kestrel
• HTTPS only

Security

• Firewall: open only 80/443
• Disable SSH password auth
• API key required (MariaDB)
• No-key requests → HTTP 401 ({ "error": "missing_api_key" }) (spamming may hit 429 { "error": "rate_limited" })
• Monthly quota per API key → HTTP 429 ({ "error": "quota_exceeded" })
• Invalid / missing API key → HTTP 401 ({ "error": "invalid_api_key" } / { "error": "missing_api_key" })
• Key store unavailable → HTTP 503 ({ "error": "auth_unavailable" })

API lock

• Only endpoint: /risk-score
• Input: absolute HTTP/HTTPS URL (domain extracted server-side)
• Optional parameter: ?explain=1 (returns explanations[])
• Health check: /health
• No dashboard

Cache

• Cache per domain (default TTL: 24h)
• Anti-stampede: single in-flight computation per domain when cache is cold
• External source failure → informational health signals (weight 0) may appear

Logs

• Single line per request: method, path, status, duration, requestId, endpoint
• Keep logs lean: avoid storing request bodies, API keys, and customer secrets

Monitoring

• CPU/RAM, request count, 429 rate, 5xx rate

Rules

• Signals are indicators, not verdicts
• Some signals are informational (weight 0)
• meta.scoringPolicy identifies the active scoring band
• No per-customer tuning
• Do not expose proprietary detection details beyond the published signal IDs

Docs • Pricing