跳到正文
infrai文档
控制台

风控与反欺诈

欺诈评分、制裁(OFAC)筛查、设备 / IP 指纹与实名认证(KYC),统一在一个风控 API 后面。

概览

基础路径: https://api.infrai.cc/v1/risk
鉴权头: Authorization: Bearer $INFRAI_API_KEY
bash
# Call any /v1/risk capability over raw HTTP — no SDK to install.
# curl:
curl https://api.infrai.cc/v1/risk/... \
  -H "Authorization: Bearer $INFRAI_API_KEY" \
  -H "Content-Type: application/json"

方法

risk.score

POST /v1/risk/score

对用户 / 账户事件(登录、支付、注册)进行欺诈与滥用风险评分,返回 0..1 归一化分数及 接受 / 复核 / 拒绝 处置。计费工作动作,ML 高毛利(service_markup)。

参数

名称类型必填说明
subject_idstring可选被评估的用户 / 账户 id。
event_typestring可选被评分 / 上报的事件。
ipstring可选来源 IP 地址。
emailstring可选与主体关联的邮箱地址。
device_fingerprintstring可选设备指纹 / 访客 id。
amountnumber可选交易金额。
currencystring可选金额的 ISO 货币代码。
propertiesRecord<string, unknown>可选任意信号属性。
vendorstring可选显式 vendor 锁定。
idempotency_keystring可选客户端提供的幂等键。

返回

RiskScore { score, decision, reasons: string[] }

示例

一次性前置(每个范例都假定已完成):

bash
# No SDK to install — every call is a plain HTTPS request.
# Get a project key by signing in at the console: Google/GitHub gives you
# $2 free credit (email sign-in starts at $0). On 402 INSUFFICIENT_CREDIT,
# POST /v1/account/topup and open the returned checkout_url.
export INFRAI_API_KEY="ifr_pk_proj_..."
bash
curl -X POST https://api.infrai.cc/v1/risk/score \
  -H "Authorization: Bearer $INFRAI_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{}'

risk.ofac.check

POST /v1/risk/ofac/check

将姓名 / 地址 / 证件比对制裁名单(OFAC SDN、EU、UN 合并清单),返回匹配明细。计费工作动作。

参数

名称类型必填说明
namestring
必填
要筛查的法定全名。
addressstring可选要筛查的地址。
countrystring可选国家代码。
dobstring可选出生日期(YYYY-MM-DD)。
id_numberstring可选政府证件号码。
listsstring[]可选要比对的制裁名单。

返回

OfacResult { match: boolean, hits: object[] }

示例

一次性前置(每个范例都假定已完成):

bash
# No SDK to install — every call is a plain HTTPS request.
# Get a project key by signing in at the console: Google/GitHub gives you
# $2 free credit (email sign-in starts at $0). On 402 INSUFFICIENT_CREDIT,
# POST /v1/account/topup and open the returned checkout_url.
export INFRAI_API_KEY="ifr_pk_proj_..."
bash
curl -X POST https://api.infrai.cc/v1/risk/ofac/check \
  -H "Authorization: Bearer $INFRAI_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"name": "..."}'

risk.device.fingerprint

POST /v1/risk/device/fingerprint

由客户端采集令牌加 IP、user-agent 信号解析出稳定的设备指纹 / 访客 id,用于机器人与隐身检测。由 vendor(sift / castle)提供。

参数

名称类型必填说明
request_tokenstring可选客户端采集的令牌 / 访客 id。
ipstring可选来源 IP 地址。
user_agentstring可选客户端 user-agent 字符串。
propertiesRecord<string, unknown>可选任意信号属性。

返回

Device { device_id, signals: object }

示例

一次性前置(每个范例都假定已完成):

bash
# No SDK to install — every call is a plain HTTPS request.
# Get a project key by signing in at the console: Google/GitHub gives you
# $2 free credit (email sign-in starts at $0). On 402 INSUFFICIENT_CREDIT,
# POST /v1/account/topup and open the returned checkout_url.
export INFRAI_API_KEY="ifr_pk_proj_..."
bash
curl -X POST https://api.infrai.cc/v1/risk/device/fingerprint \
  -H "Authorization: Bearer $INFRAI_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{}'

risk.event.report

POST /v1/risk/event/report

将风险相关事件或标签(拒付、欺诈、滥用)作为反馈回报给 vendor,以改进后续评分。

参数

名称类型必填说明
subject_idstring可选被评估的用户 / 账户 id。
event_typestring
必填
被评分 / 上报的事件。
label"fraud" | "legit" | "chargeback"可选结果标签——fraud、legit 或 chargeback。
reasonstring可选上报的自由文本原因。
propertiesRecord<string, unknown>可选任意信号属性。

返回

{ ok: boolean }

示例

一次性前置(每个范例都假定已完成):

bash
# No SDK to install — every call is a plain HTTPS request.
# Get a project key by signing in at the console: Google/GitHub gives you
# $2 free credit (email sign-in starts at $0). On 402 INSUFFICIENT_CREDIT,
# POST /v1/account/topup and open the returned checkout_url.
export INFRAI_API_KEY="ifr_pk_proj_..."
bash
curl -X POST https://api.infrai.cc/v1/risk/event/report \
  -H "Authorization: Bearer $INFRAI_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"event_type": "..."}'

risk.kyc.submit

POST /v1/risk/kyc/submit

向实名认证 vendor(数美 / 同盾)提交身份核验(KYC)请求——证件类型、姓名、出生日期、证件 / 自拍图像。

参数

名称类型必填说明
subject_idstring
必填
被评估的用户 / 账户 id。
document_typestring可选身份证件类型。
document_countrystring可选证件签发国。
full_namestring可选证件上的全名。
dobstring可选出生日期(YYYY-MM-DD)。
document_imagesstring[]可选证件图像引用。
selfie_imagestring可选自拍图像引用。
metadataRecord<string, unknown>可选任意键值元数据。

返回

KycCase { case_id, status }

示例

一次性前置(每个范例都假定已完成):

bash
# No SDK to install — every call is a plain HTTPS request.
# Get a project key by signing in at the console: Google/GitHub gives you
# $2 free credit (email sign-in starts at $0). On 402 INSUFFICIENT_CREDIT,
# POST /v1/account/topup and open the returned checkout_url.
export INFRAI_API_KEY="ifr_pk_proj_..."
bash
curl -X POST https://api.infrai.cc/v1/risk/kyc/submit \
  -H "Authorization: Bearer $INFRAI_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"subject_id": "..."}'

risk.kyc.status

GET /v1/risk/kyc/status

获取此前提交的 KYC 核验当前状态(pending / approved / rejected / manual_review)。资源粘滞:须在受理提交的同一 vendor 上轮询状态。

参数

名称类型必填说明
subject_idstring
必填
被评估的用户 / 账户 id。

返回

KycCase { case_id, status, decided_at? }

示例

一次性前置(每个范例都假定已完成):

bash
# No SDK to install — every call is a plain HTTPS request.
# Get a project key by signing in at the console: Google/GitHub gives you
# $2 free credit (email sign-in starts at $0). On 402 INSUFFICIENT_CREDIT,
# POST /v1/account/topup and open the returned checkout_url.
export INFRAI_API_KEY="ifr_pk_proj_..."
bash
curl -X GET https://api.infrai.cc/v1/risk/kyc/status \
  -H "Authorization: Bearer $INFRAI_API_KEY"
高级:指定 vendor

默认情况下 infrai 会把每次调用智能路由到最佳可用供应商——无需自己挑选 vendor。作为高级逃生口,本能力支持可选的 vendor 入参以锁定某个供应商。本能力当前所有可用 vendor 可通过该能力 id 对应的 discovery 端点实时获取——参见 discovery API

GET /v1/discovery/{capability}

risk.score

全部能力

本模块全部已路由能力——完整的对外 REST 契约。上方方法是带讲解的入门示例,此表是完整参考。

能力端点说明
risk.device.fingerprintPOST /v1/risk/device/fingerprintResolve a stable device fingerprint / visitor id from a client-collected token plus IP and user-agent signals, for bot and incognito detection. Served by a vendor (sift / castle).
risk.event.reportPOST /v1/risk/event/reportReport a risk-relevant event or label (chargeback, fraud, abuse) back to the vendor as feedback to improve future scoring.
risk.kyc.statusGET /v1/risk/kyc/statusFetch the current state (pending / approved / rejected / manual_review) of a previously submitted KYC verification. Sticky_resource: status must be polled on the same vendor that accepted the submission.
risk.kyc.submitPOST /v1/risk/kyc/submitSubmit an identity-verification (KYC) request — document type, name, DOB, document/selfie images — to a real-name verification vendor (shumei / tongdun).
risk.ofac.checkPOST /v1/risk/ofac/checkScreen a name / address / id against sanctions lists (OFAC SDN, EU, UN consolidated), returning match details. Billable work-action.
risk.scorePOST /v1/risk/scoreScore a user/account event (login, payment, signup) for fraud and abuse risk, returning a normalized 0..1 score plus an accept / review / reject disposition. Billable work-action, ML high-margin (service_markup).

完整示例

本模块的生产级端到端范例:先一次性配置,再运行业务流程,尽量覆盖本模块的多数 API。

单文件可运行 Python 程序(仅标准库、无 SDK):拷贝后填入 INFRAI_API_KEY 运行,即可按真实业务流逐步体验本模块核心 API——每一步都真实调用并计费,后续步骤复用前一步返回的真实字段。12 行 helper 就是全部集成代码。

python
#!/usr/bin/env python3
"""Infrai · risk — runnable real-app example (single file, zero deps).

Copy this file, set your key, run it: every step is a REAL call to
api.infrai.cc, billed at the real (tiny) per-call price, printing the
live JSON response. Get a key at https://console.infrai.cc (Google/
GitHub sign-in grants $2 free credit). No SDK — the 12-line helper
below is the entire integration."""
import json
import os
from urllib import error, request

KEY = os.environ.get("INFRAI_API_KEY") or "ifr_pk_proj_..."  # <- your key
BASE = "https://api.infrai.cc"


# Same raw HTTPS POST/GET as every per-method example on this page —
# wrapped once for reuse. There is nothing else to it: no SDK.
def infrai(method, path, body=None):
    req = request.Request(
        BASE + path, method=method,
        data=json.dumps(body).encode() if body is not None else None,
        headers={"Authorization": f"Bearer {KEY}",
                 "Content-Type": "application/json"})
    try:
        with request.urlopen(req, timeout=60) as r:
            return json.loads(r.read())
    except error.HTTPError as e:
        return json.loads(e.read())


def show(label, resp):
    print(f"\n== {label} ==")
    print(json.dumps(resp, indent=2, ensure_ascii=False))
    return resp


# 1) risk.score — POST /v1/risk/score · Score a user/account event (login, payment, signup) for fraud and abuse risk, returning a normalized 0..1 score plus an accept / review / reject disposition. Billable work-action, ML high-margin (service_markup).
r1 = show("risk.score", infrai("POST", "/v1/risk/score", {}))

# 2) risk.ofac.check — POST /v1/risk/ofac/check · Screen a name / address / id against sanctions lists (OFAC SDN, EU, UN consolidated), returning match details. Billable work-action.
r2 = show("risk.ofac.check", infrai("POST", "/v1/risk/ofac/check", {"name":"..."}))

# 3) risk.device.fingerprint — POST /v1/risk/device/fingerprint · Resolve a stable device fingerprint / visitor id from a client-collected token plus IP and user-agent signals, for bot and incognito detection. Served by a vendor (sift / castle).
r3 = show("risk.device.fingerprint", infrai("POST", "/v1/risk/device/fingerprint", {}))

# 4) risk.kyc.status — GET /v1/risk/kyc/status · Fetch the current state (pending / approved / rejected / manual_review) of a previously submitted KYC verification. Sticky_resource: status must be polled on the same vendor that accepted the submission.
r4 = show("risk.kyc.status", infrai("GET", "/v1/risk/kyc/status"))