Check a login for suspicious behaviour

POST /login/check
application/json

Body

Login request to check for suspicious behaviour

  • ip_address string(ip) Required
  • user_agent string Required
  • identity_key string Required

    Your user identity key - not an email

  • email_address string

    The customers email address, for sending login notification emails.

  • geo_country string

    The country the person should be logging in from. If not provided, it is taken from the IP address.

  • geo_city string

    The city the person should be logging in from. If not provided, it is taken from the IP address.

  • user_time_of_day string

    The time of day from the customer. This can be passed by doing new Date().toString()

Responses

  • 200 application/json

    Login check succeeded

    Hide response attributes Show response attributes object
    • status string

      Default value is success.

    • message string

      Default value is Login check passed.

    • codes array[string]

      Default value is login_valid.
  • 400 application/json

    Login check invalid

    Hide response attributes Show response attributes object
    • status string

      Default value is error.

    • message string

      Default value is Login check failed..

    • code array[string]

      Array of error codes

      Values are login_valid, ip_address_suspicious, device_fingerprint_suspicious, location_fingerprint_suspicious, behavioral_fingerprint_suspicious, known_tor_exit_node, known_proxy, known_vpn, known_botnet, known_bot, ip_address_not_used_before, or device_fingerprint_not_used_before.
  • 401 application/json

    Invalid API key

    Hide response attribute Show response attribute object
    • error string

      Default value is Invalid API key.
  • 402 application/json

    Payment required. You have reached your API usage quota.

    Hide response attribute Show response attribute object
    • error string

      Default value is You have no API credits left..
POST /login/check 
curl \
 -X POST https://loginllama.app/api/v1/login/check \
 -H "X-API-KEY: $API_KEY" \
 -H "Content-Type: application/json" \
 -d '{"ip_address":"192.168.1.1","user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36","identity_key":"user_1234","email_address":"customer@your-site.com","geo_country":"United Kingdom","geo_city":"London","user_time_of_day":"Mon Jan 01 2023 00:00:00 GMT+0100 (British Summer Time)"}'
Request example 
{
  "ip_address": "192.168.1.1",
  "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36",
  "identity_key": "user_1234",
  "email_address": "customer@your-site.com",
  "geo_country": "United Kingdom",
  "geo_city": "London",
  "user_time_of_day": "Mon Jan 01 2023 00:00:00 GMT+0100 (British Summer Time)"
}
Request examples 
{
  "ip_address": "192.168.1.1",
  "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36",
  "identity_key": "user_1234",
  "email_address": "customer@your-site.com",
  "geo_country": "United Kingdom",
  "geo_city": "London",
  "user_time_of_day": "Mon Jan 01 2023 00:00:00 GMT+0100 (British Summer Time)"
}
Response examples (200) 
{
  "status": "success",
  "message": "Login check passed",
  "codes": [
    "login_valid"
  ]
}
Response examples (400) 
{
  "status": "error",
  "message": "Login check failed.",
  "code": [
    "known_vpn",
    "ip_address_not_used_before"
  ]
}
Response examples (401) 
{
  "error": "Invalid API key"
}
Response examples (402) 
{
  "error": "You have no API credits left."
}