API integration for RT¶
Note
This article refers to the legacy FraudScore interface. See more details here.
FraudScore RT is designed for CPC/CPM campaigns and scoring prebid requests. It is a real-time solution that can help you filter fraudulent clicks and impressions.
How to make the request
The following example is made for "DEMO-company". Please, make sure you know your FraudScore.RT API key.
Note
You must use https protocol to make requests.
Parameters:
| Parameter | Mandatory | Data type | Description | Example |
|---|---|---|---|---|
| key | yes | string (32) | Your "FraudScore Realtime" API key (different from FraudScore API Key!) | uMq4Omx8t32ndy5ip |
| event_type | yes | string (255) | "click" or "impression" | click |
| at | yes | timestamp | Event timestamp | 1544054769 |
| ua | yes | string (255) | Urlencoded HTTP User Agent of the click | Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36 |
| ip | yes | string (255) | Clickip | 217.12.13.43 |
| affiliate_id | yes | string (255) | Affiliate ID | 6251 |
| offer_id | yes | string (255) | Offer ID | 34713 |
| advertiser_id | no | string (255) | Advertiser ID | 835 |
| advertiser_name | no | string (255) | Advertiser Name (in case of "empty" will be equal to "advertiser_id") | BestMediaCPANetwork |
| advertiser_manager_id | no | string (255) | Advertiser Manager ID | 4 |
| advertiser_manager_name | no | string (255) | Advertiser Manager Name (in case of "empty" will be equal to "advertiser_manager_id") | John |
| affiliate_name | no | string (255) | Affiliate Name (in case of "empty" will be equal to "affiliate_id") | Partner 1 |
| affiliate_manager_id | no | string (255) | Affiliate Manager ID | 12 |
| affiliate_manager_name | no | string (255) | Affiliate Manager Name (in case of "empty" will be equal to "affiliate_manager_id") | Jane |
| offer_name | no | string (255) | Offer Name (in case of "empty" will be equal to "offer_id") | Mobile App (iOS) |
| aff_sub1 | no | string (255) | Additional affiliate info (ID of yoursubsources) | |
| aff_sub2 | no | string (255) | Additional affiliate info (ID of your subsources) | |
| aff_sub3 | no | string (255) | Additional affiliate info (ID of your subsources) | |
| aff_sub4 | no | string (255) | Additional affiliate info (ID of your subsources) | |
| aff_sub5 | no | string (255) | Additional affiliate info (ID of your subsources) | |
| country_code | no | string (2) | Country Code (ISO 3166) | US |
| device_os | no | string (255) | Device OS | "Android", "iOS" e.t.c |
| device_os_version | no | string (255) | Device OS Version | "6.0", "10.3.2" |
| device_model | no | string (255) | Device model | "iPhone", "N7100" |
| device_brand | no | string (255) | Device brand "Apple", "Samsung" | |
| browser | no | string (255) | Browser name | "Chrome mobile", "Firefox" |
| browser_version | no | string (255) | Browser version | "53.0.1.2", "39.2.1.3" |
| device_locale | no | string (255) | Device language | "En-us", "Ru-ru" |
| refer | no | string (1024) | Click URL | http://e1.ru/ad_banner |
| user_mail | no | string (255) | User’s e-mail | john_doe@gmail.com |
| idfa | no | string (255) | iOS device ID | 6D92078A-8246-4BA4-AE5B-76104861E7DC |
| android_id | no | string (255) | Android device ID | 1919FC51E20A1732 |
| source | no | string (255) | Traffic Source | "MyTarget", "Facebook", "Network" |
What will you get:
The response is HTTP Code 200. It's plain text with the IP problem tags divided with (\n, LF). Empty response means no violations found.
datacenter
- Traffic coming from servers in data centers or known cloud platform providers, rather than residential or corporate networks (very low likelihood of a real human user).
blacklist
- IPs with excessive Fraud activities in the near past.
- IPs that are associated with known Botnets and Adware.
proxy
- All the “proxied” connections - Socks proxy, VPN, Tor etc
- Traffic that is routed through an intermediary proxy device or network where the ad is rendered in a user's device where there is a real human user
- Users are actively hiding their identity or making conversions from an unwanted GEO
device
- Any user’s device (browser, phone, app, device-emulator or other systems) that has been modified to call html or make ad requests that is not under the control of a user and made without the user's consent.
- Hijacked device where a user is present and additional HTML or ad calls are made independently of the content being requested by the user.
- Ads and redirections are inserted into the user experience by the program running on the device.
ip
- If there are abnormalities or suspicious facts connected with IP addresses. Also - IPs are constantly checked with "black IPs" databases:
- Multiple conversions from the same IP
- Multiple conversions from the same IP subnet
os
- Operating system issues that are considered fraudulent: Abnormal device distribution within traffic (device models, browser versions, operating system, etc.).
crawler
- When a crawler is detected in the traffic. ie. a search engine which is indexing and parsing web pages.
dynamic blacklist
- Traffic sources with short-lived activity (i.e. traffic coming from mobile provider).
cap
- Is a time limit for the number of clicks, with the ability to separate the limit by offers, affiliates and advertisers.
attribution
- Clickspamming - App installs previously attributed to clicked ads were discovered to be user-generated app installs randomly claimed by ad networks by spamming the fingerprinting algorithms
- Cookie stuffing - the process by which a client is provided with cookies from other domains as if the user had visited those other domains. taking ad tags from a publisher’s site and putting them on to another site without the publisher knowledge
- Click injection (Android only) - Android uniquely vulnerable to click injection fraud, in which an ad network takes credit for organic app installs.
feb 27, 2026