ipasis
Blog/Security Engineering

Engineering Fraud Prevention: Integrating IP Intelligence in Production

January 21, 20265 min read

The Shift from Static Rules to Real-Time Signals

Legacy fraud prevention relied on static blacklists and simple velocity checks. Modern fraud stacks require real-time intelligence to combat account takeovers (ATO), credential stuffing, and card testing. At the core of this stack is IP intelligence—determining the connection type (Residential, Data Center, Mobile, VPN/Proxy) and risk score of an incoming request before it hits the database.

This guide outlines the architectural patterns for integrating IPASIS into high-throughput production environments.

Architectural Integration Points

There are three primary stages to inject IP intelligence:

  1. Edge / WAF Layer: Blocking high-risk ASNs (Autonomous System Numbers) before they reach the origin. This is coarse-grained but reduces load.
  2. Middleware / Gateway: The most common integration point. IP enrichment happens during the authentication or transaction payload validation.
  3. Async Post-Processing: For non-blocking analysis (e.g., shadow banning or flagging for manual review).

Critical Implementation Requirements

When integrating third-party APIs like IPASIS into critical paths (login, checkout), latency and reliability are non-negotiable.

1. Circuit Breakers and Timeouts

Never allow an external API call to hang your main thread. Implement a strict timeout (typically 150ms-300ms) and a circuit breaker pattern. If the IP intelligence provider experiences latency, your system should degrade gracefully—usually by "failing open" (allowing the user) or falling back to a velocity check, depending on your risk appetite.

2. Caching Strategies

IP reputation is relatively volatile but stable enough for short-term caching. To minimize latency and API costs:

  • Key: ip_reputation:{ip_address}
  • TTL: 10 to 60 minutes.
  • Store: Redis or Memcached.

Code Example: Robust Middleware Implementation (Python/FastAPI)

The following example demonstrates a production-ready implementation using Redis for caching and a circuit breaker logic for API calls.

import httpx
import redis
import json
from fastapi import Request, HTTPException

# Configuration
IPASIS_API_KEY = "your_api_key"
TIMEOUT_SECONDS = 0.3
CACHE_TTL = 900  # 15 minutes

r = redis.Redis(host='localhost', port=6379, db=0)

async def get_ip_intelligence(ip: str):
    # 1. Check Cache
    cached_data = r.get(f"ip_rep:{ip}")
    if cached_data:
        return json.loads(cached_data)

    # 2. Call IPASIS API with strict timeout
    try:
        async with httpx.AsyncClient() as client:
            resp = await client.get(
                f"https://api.ipasis.com/v1/{ip}",
                headers={"X-API-Key": IPASIS_API_KEY},
                timeout=TIMEOUT_SECONDS
            )
            if resp.status_code == 200:
                data = resp.json()
                # 3. Write to Cache (Async recommended in prod)
                r.setex(f"ip_rep:{ip}", CACHE_TTL, json.dumps(data))
                return data
    except (httpx.TimeoutException, httpx.RequestError):
        # Log error to Sentry/Datadog
        pass
    
    # 4. Fail Open Strategy: Return None or default safe object
    return None

async def fraud_check_middleware(request: Request):
    client_ip = request.client.host
    ip_data = await get_ip_intelligence(client_ip)

    if ip_data:
        # LOGIC: Block high-risk connection types
        if ip_data.get("is_proxy") or ip_data.get("is_vpn"):
            if ip_data.get("risk_score", 0) > 85:
                raise HTTPException(status_code=403, detail="High risk connection detected")
                
        # LOGIC: Geo-mismatch check
        payload = await request.json()
        if payload.get("shipping_country") != ip_data.get("country_code"):
             # Flag for 2FA or manual review
             request.state.require_2fa = True

Decision Logic: Beyond Simple Blocking

Sophisticated fraud teams rarely issue blanket bans based solely on a is_vpn: true flag, as this generates false positives for legitimate privacy-conscious users. Instead, use weighted scoring:

  • Reject: is_datacenter: true AND endpoint: /signup (Prevents bot registration).
  • Challenge (2FA/Captcha): is_vpn: true OR is_tor: true.
  • Allow: is_residential: true AND isp: Comcast Cable.

FAQ

Q: Should we block all data center IPs? A: Generally, yes, for user actions. Real users rarely browse from AWS or DigitalOcean IPs. However, allow-list your own monitoring tools and payment processor hooks.

Q: How do we handle IPv6? A: IPASIS supports IPv6. When caching IPv6 in Redis, ensure your normalization logic is consistent (e.g., expanding or compressing zeros) to avoid cache misses.

Q: What is the impact on latency? A: With a proper caching strategy (hit rates >80%), the average latency added to a request is sub-millisecond. For cache misses, IPASIS guarantees low-latency responses, but timeouts must always be implemented.

Secure Your Stack with IPASIS

Fraud teams need clean data, not noise. IPASIS provides enterprise-grade IP intelligence with precision detection for VPNs, proxies, and Tor exit nodes.

Get your API Key and start filtering traffic today.

Start detecting VPNs and Bots today.

Identify anonymized traffic instantly with IPASIS.

Get API Key