API Key Usage
API Key Usage
All interaction with FraudHosting revolves around a personal _api key. Below are recommendations for obtaining, storing, and using it.
Getting a key
- Sign in to the FraudHosting dashboard.
- Open Reporter Profiles.
- Create a profile (if one doesn’t exist) and copy the API Code value—this is a 16-character hexadecimal string.
The key is issued once per profile and does not rotate automatically. If it leaks, revoke it in the dashboard and issue a new one.
Storage practices
- Never commit the key to a repository. Keep it in environment variables or a secrets manager.
- Use separate keys for production and test environments.
- Periodically review usage history in the dashboard and remove stale profiles.
Basic request template
The command is defined by the _action parameter, and _api is always present:
_api=<your_key>&_action=<report|query|delete>&...$apiKey = getenv('FRAUDHOSTING_API');
$basePayload = [
'_api' => $apiKey,
'_action' => 'query',
];import os
API_KEY = os.environ["FRAUDHOSTING_API"]
payload = {
"_api": API_KEY,
"_action": "report",
}#include <cstdlib>
#include <map>
#include <string>
std::string apiKey = std::getenv("FRAUDHOSTING_API");
std::map<std::string, std::string> payload{
{"_api", apiKey},
{"_action", "delete"},
};package auth
import "os"
var APIKey = os.Getenv("FRAUDHOSTING_API")
func BaseParams(action string) map[string]string {
return map[string]string{
"_api": APIKey,
"_action": action,
}
}Verification and monitoring
Before adding it to production, send a test request to the sandbox using fabricated data. FraudHosting forbids publishing real customer data during tests—even in hashed form.
If the API stops accepting requests, check whether:
- the key was revoked in the dashboard;
- parameters are formed correctly (
_apimust be first, the order of the others doesn’t matter); - the request limit is exhausted (during heavy activity, pause and retry).