Catch credential stuffing and session hijacking
Score every login attempt by combining IP reputation, email risk, device trust, and behavioral velocity in a single API call.
Composite risk score
One 0-100 score aggregating IP, email, and device signals per authentication event.
Impossible travel detection
Flag logins from geolocations that can't be reached within the time elapsed since the last session.
Credential leak matching
Check emails against known breach databases to surface compromised accounts.
Step-up auth triggers
Programmatically require MFA or CAPTCHA when the risk score exceeds your threshold.
WebAPI implemented our fraud detection suite to reduce account abuse by 62% during peak hours.
Read StoryUptime guarantee for all API endpoints.
Response time across all endpoints.
Build your own account takeovers rules
Combine email, IP, domain, and device signals into custom rule sets. Use thresholds, allowlists, and velocity counters to match your exact risk model.
Automate your account takeovers response
Evaluate risk and trigger actions in the same API call. No polling, no queue delays.
Inline decisions
Get allow/deny/challenge verdicts in <50ms to enforce policy within your existing auth flow.
Conditional step-up
Trigger MFA, CAPTCHA, or manual review based on risk score thresholds you define.
Webhook events
Push risk events to Slack, PagerDuty, or any HTTP endpoint for real-time team visibility.
Full visibility into account takeovers
Query, filter, and visualize every scored event. Drill down from aggregate trends to individual requests.
Request explorer
Search and filter scored events by risk level, endpoint, IP, email, or any metadata field.
Correlation graphs
Map relationships between accounts, devices, IPs, and payment methods in a single view.
Audit trail
Full request/response logs with timestamps, scores, and applied rules for every API call.
Dry-run mode
Test new rules against live traffic without enforcement. Compare expected vs. actual outcomes.
Layered intelligence for account takeovers
Every API call returns structured risk data. Combine multiple signals for higher-confidence decisions.
Risk scores
0-100 scores per endpoint: email risk, domain risk, IP threat level. Use individually or combine.
Velocity counters
Track event counts, sums, and rates per user, device, or IP over sliding time windows.
Device intelligence
Persistent fingerprints that survive cookie clears, incognito mode, and storage resets.
Bot classification
Classify traffic as human, automated, or headless based on browser signals and request patterns.
Start protecting your platform today
Join thousands of developers who trust Veille to keep their apps safe from fraud, abuse, and automated threats.
Get StartedView Pricing