Overview
Overview
What the FraudHosting API does
Integration revolves around a single form-compatible endpoint https://api.fraud.hosting/api/. All operations—adding, querying, and deleting reports—are performed via application/x-www-form-urlencoded POST requests.
Each request is signed with a persistent _api key issued in the FraudHosting dashboard for a specific reporter profile. No additional tokens or Bearer authorization are used.
Quick start
1. Obtain an `_api` key in the FraudHosting dashboard (Reporter Profiles menu).
2. Hash all client values with the FraudHosting SHA-1 algorithm (32,000 iterations).
3. Send a POST to https://api.fraud.hosting/api/ with the required `_action`.
4. Parse the text response (for example, `OK` or an error code).
5. Use the same `_api` key for repeated requests.Primary URLs
| Purpose | URL |
|---|---|
Send commands (report, query, delete) | https://api.fraud.hosting/api/ |
| Public report view | https://api.fraud.hosting/api/?showreport= |
Key overview
| Key | Where to get it | What it’s used for | Validity |
|---|---|---|---|
_api | Dashboard -> Reporter Profiles | Authentication for any POST request | Until revoked |
| Delete code | Issued for each report | _code when _action=delete | One-time |
Hashing reminder
FraudHosting never accepts raw customer identifiers. Before sending, normalize the value and process it with SHA-1 using 32,000 iterations. See the full algorithm and examples in the Hashing guide.