Skip to main content

Overview

The Fraudiant API uses Bearer token authentication to secure all API endpoints. You must include your API key in the Authorization header of every request.
Your API key is sensitive and should be kept secure. Never expose it in client-side code, public repositories, or logs.

Getting Your API Key

To obtain your API credentials:
1

Register an Account

Sign up at app.fraudiant.com to create your free account.
2

Access the Dashboard

Log in to your dashboard after registration.
3

Navigate to API Keys

Go to the API Keys section from the main navigation.
4

Generate or Retrieve Keys

Create a new API key or copy an existing one. You can create separate keys for different environments.

Authentication Methods

Recommended: Authorization Header

The recommended and most secure method is to include your API key in the Authorization header using the Bearer token format: 
curl -X GET "https://api.fraudiant.com/email/[email protected]" \
  -H "Authorization: Bearer YOUR_API_KEY"

Not Recommended: Query Parameter

While you can pass your API key as a query parameter, this method is not recommended for security reasons as API keys may be exposed in logs, browser history, or URL histories.
# Not recommended - API key exposed in URL
curl "https://api.fraudiant.com/email/[email protected]?api_key=YOUR_API_KEY"
Why this is insecure:
  • API keys appear in server logs
  • Keys are visible in browser history
  • URLs may be cached or stored by proxies
  • Risk of accidental exposure when sharing URLs

Security Best Practices

Never hardcode API keys directly in your source code. Use environment variables or secret management systems:
// ✅ Good
const apiKey = process.env.FRAUDIANT_API_KEY;

// ❌ Bad
const apiKey = 'fdt_live_abc123...';
Create distinct API keys for development, staging, and production environments. This makes it easier to rotate keys and debug issues without affecting production.
Periodically regenerate your API keys, especially after team member departures or if you suspect a key has been compromised.
If available, use API keys with the minimum necessary permissions for your use case.
Add your environment files (.env, .env.local, etc.) to .gitignore to prevent accidental commits:
# .gitignore
.env
.env.local
.env.production
Regularly review API usage in your dashboard to detect any unusual activity that might indicate a compromised key.

Error Responses

401 Unauthorized

Returned when the API key is missing, invalid, or expired: 
{
  "status": 401,
  "error": "Unauthorized. Please provide a valid API key."
}
Common causes:
  • Missing Authorization header
  • Invalid or expired API key
  • Incorrect Bearer token format

403 Forbidden

Returned when the API key doesn’t have permission for the requested resource: 
{
  "status": 403,
  "error": "This feature requires a Pro account."
}

Testing Your Authentication

Use this simple test to verify your authentication is working: 
curl -X GET "https://api.fraudiant.com/email/[email protected]" \
  -H "Authorization: Bearer YOUR_API_KEY"
A successful response will return a 200 status code with email validation data.
If you receive a 401 Unauthorized error, double-check that your API key is correct and properly formatted in the Authorization header.