How to integrate AbuseIPDB into a decision engine - Decisimo - Decision Intelligence Services

Published on: 2024-08-10 18:48:28

AbuseIPDB is a great service for profiling an IP address. It uses data from IP2Location database to profile IP addresses. The big advantage of AbuseIPDB is the database of community-reported mischievous IP Addresses. When an IP is acting like a malicious actor or a bot, it gets flagged. The scenarios range from trying to attack a server, doing port-scanning, or attacking a web app. You can receive current information about the bad behavior of an IP from the API.

Using AbuseIPDB is useful in antifraud-related scenarios to prevent bot and VPN-masked attacks. Some fraudsters use residential IP addresses that may look healthy at first sight. But the information AbuseIPDB provides can show it is not traditional residential traffic.

1.

Get an account API key from AbuseIPDB

  • AbuseIPDB has simple pricing and an easy sign-up process. Their free tier gives you 1,000 checks a day, which is enough for testing the service out.

    https://www.abuseipdb.com/pricing
  • Once you get an account and log in, head to API part and create an API key.
    AbuseIPDB Dashboard
    After you create the key, it will show up on your dashboard.
    AbuseIPDB Dashboard
2.

Create a data source in Decisimo Portal

  • Go into Data sources and hit new and create from template.
    FraudLabs Pro Dashboard
    Create AbuseIPDB from template
  • Place the API Key you have from AbuseIPDB instead of the __YOUR_API_KEY__ in the Headers part - the highlighted text in the screenshot below.
    Definition of AbuseIPDB data source
  • AbuseIPDB has only one required parameter - IP address. It additionally has parameter verbose, that indicates whether should be as much information possible provided within the response.
  • When you use the AbuseIPDB data source template, it will include the definition necessary.
3.

Add AbuseIPDB data source to your decision flow

  • If you already have a decision step for data sources, you can add the call to AbuseIPDB within the same step. The decision engine will call all the sources in the same step in parallel. Parallel calls ensure the fastest execution time.
  • If you do not have a decision flow step for external data, add one. Connect your decision flow step and by double-clicking, open the definition window. Define in the step the attribute with IP address from your data object to be sent to AbuseIPDB.
  • AbuseIPDB within a decision step
GO

Run the decision making

  • Release your decision flow, deploy to an endpoint and make decisions using data from AbuseIPDB.
Check other data source guides