Skip to main content
Version: 1.1


Getting started with Fraudio

The objective of this section is to help you to integrate with Fraudio’s products as fast and as smoothly as possible. Fraudio provides a "plug and play" API for each of its products. The interaction paradigm is request-response (also known as request-reply), and the communication protocol is HTTP.

Batch integrating?

If you are batch integrating, please read the Batch Transfer section.

Request credentials

Fraudio's API endpoints are protected using role-based access control (RBAC). You will therefore need a set of credentials to access our resources. Please get in touch with your Fraudio contact to request your API key.

It is important to keep your API Key secure. Please adhere to best practices around keeping them secure.

Problem with your token?

If you think your token has been disclosed, or you have lost it, get in touch with your Fraudio contact as soon as possible.

First API Request

To help you get started with your first API request to Fraudio, we offer a sample API request that interacts with our Fraud Score endpoint, designed to score transactions for fraudulent activity.

You can use the code snippet below to quickly integrate the endpoint into your system. Simply copy and paste the code as provided in either shell script, Python, Java, Perl, or PHP.


Click the copy button in the top right corner of the code sample to copy the code snippet to your clipboard.

curl -X POST '' \
-H 'Content-Type: application/json' \
-H "Authorization: Bearer $ACCESS_TOKEN" \
--data-raw '{"transactionid":"49fp3l68395gs24g","transactiontype":"void","amount":251.41,"currency":"012","currencyunit":"major","timestamp":1646063615,"cardbin":"442742","merchant":"Fred&FreddySportsStore","parenttransactionid":"4583409307","cardtoken":"49fp3l68395gs24g","acceptorip":"542.6.8.838","cardexpirydate":"03/21","channel":"moto","channelsubtype":"paymentlink","lastfourdigits":"4932","mcccode":"5969","merchantip":"","posentrymode":"012","recurring":"true","recurringparentid":"09a70bd7-2993-4df6-a693-99c26ee4bedb","registrationdate":100041643253.143105,"threedsused":"true","transactionip":"","acceptorid":"6ad3b45e-0f14-4522-885b-dd8049fc773c","acceptorcity":"London","acceptorcountry":"056","acceptorpostalcode":"38010","acceptorstatecode":"38010","acceptorstreetaddress":"29Ravenscroft,Covingham","acquirer":"Acquirer X","acquirercountry":"056","avsused":"true","bankaccountnumber":"NL15INGB4014343434343","cardaccess":"pinaccess","cardholder":"JohnSpencer","cardholderemail":"","cardholderphonenumber":"+31 71 000 0000","cavvused":"true","cvvused":"true","digitalwalletoperator":"staged","gateway":"staged","initialrecurring":"true","issuingplan":"merchant plan 1","kyclevel":"5","kyclevelnorm":0.5,"limitprofile":"5","merchantcity":"London","merchantcountry":"528","merchantemail":"","merchantpostalcode":"w1b3hh","merchantstatecode":"GA","merchanturl":"","mid":"1532512","ocptenabled":"true","processor":"ProcessorY","shopperemail":"","shoppername":"John Spencer","shopperphonenumber":"+31 71 000 0000","submerchant":"ShoestoreX","terminaltype":"cat1","transactioncountry":"056","transactionpostalcode":"w1b3hh","transactionstatecode":"GA","transactionstreetaddress":"29Ravenscroft,Covingham","avsresult":"A","cvvresult":"S","eci":"02","responsecode":"05","success":"true","authresult":"success","cavvresult":"5","ddresult":"ZXC*SiteAccess4343-432-333","gatewaydeclinereason":"CardDisabled","ucafindicator":"2"}'

Components of a request

This API Request can be divided into 4 components:

  • The URI Method: Here, we're making a POST request, as the transaction data is enclosed in the request body.

    • (Note: A URI (Uniform Resource Identifier) is a string of characters that provides a unique way to identify and interact with specific resources exposed by the API. The URI typically includes a scheme, a domain name or IP address, and a path that specifies the endpoint and its associated functionality.)
  • The Endpoint URL: This sample allows you to interact with our Fraud Score endpoint, which is designed to score transactions for fraudulent activity. (For more information, see the section below.) The endpoint URL is:
  • The URI Headers: The headers needs to contain Bearer Authentication. For more information, see the section below.

  • The Request Body: The request body needs to contain transaction details. The API endpoints section explains the meaning of each field for this API call. You'll need to map your transaction schema to the accepted schema of the fraud score endpoint to receive accurate results. However, our quickstart tutorial aims to provide you with the necessary tools to integrate quickly with our primary endpoints, so you can already start testing the endpoint's functionality in a sandbox (test) environment.

Endpoint URL

In order to interact with our API, you will need to issue HTTPS requests against our central API URL:

In the Products chapter, you will find guidance on selecting the appropriate endpoints based on the product you are integrating with.

Typically, an endpoint URL is composed of the following elements:

  • The Fraudio root URL (
  • A specific route (e.g., /v1/transactions/payment-fraud-score)

Note that in order to increase the security of your data, our API does not accept HTTP, but only HTTPS.


Requests to Fraudio's API need to be authenticated using HTTPS Bearer Authentication. This mechanism enables secure communication between your system and Fraudio's API, ensuring that only authorised parties can access your data and our services.


API requests without Bearer Authentication will fail.

To access the protected API endpoints, you must provide the HTTP header Authorization: Bearer ACCESS_TOKEN in your request.

AuthorizationstringBearer ACCESS_TOKENReplace ACCESS_TOKEN with the token provided by Fraudio.
Content-Typestringapplication/jsonFraudio API endpoints require the Content-Type: application/json HTTP header to be set on the HTTP request.


Fraudio offers a secure API test environment for integrating with our products.

As a Fraudio customer, your account can have one of two statuses:

  • Test: If you are a test customer, you are in the testing phase of integration and have not yet fully integrated with our API. This status allows you to test any endpoint of our API without impacting production usage.

  • Live: After completing integration with our API, you can request to go live. Once your account is fully activated, our machine-learning models will start learning from your usage patterns and automatically improve their performance as they receive more data. This will result in better scores for fraud detection and prevention.