Public Endpoints

Not every scenario requires authentication. FraudHosting provides a public report viewer that can be embedded on websites or internal portals.

Public Report Viewer

Endpoint: GET https://api.fraud.hosting/api/?showreport=<hash>

Parameters:

Name	Description
showreport	Report identifier hash (40-character hex).

Response:

200 OK with JSON payload:

{
  "ReportAdvanceds": [
    {
      "reportId": "b22db4fa88f223f8",
      "type": "chargeback",
      "value": 7,
      "description": "Client issued a chargeback...",
      "createdAt": "2024-11-04T18:33:21Z",
      "reporter": "Acme Hosting"
    }
  ],
  "count": 1
}

404 Not Found if the token is invalid or there is no report.
Usage tips:
- The hash is usually derived from a query response (for example the final segment in the link field).
- Cache responses client-side: data rarely changes, and extra requests add load.

$hash = 'ddb48c18cf40686416e811256b47c6f96485d70a';
$url  = 'https://api.fraud.hosting/api/?showreport=' . urlencode($hash);

$ch = curl_init($url);
curl_setopt_array($ch, [
    CURLOPT_HTTPGET        => true,
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_TIMEOUT        => 10,
]);

$response = curl_exec($ch);
if ($response === false) {
    throw new RuntimeException('cURL error: ' . curl_error($ch));
}

$status = curl_getinfo($ch, CURLINFO_RESPONSE_CODE);
curl_close($ch);

if ($status === 404) {
    throw new RuntimeException('Report not found');
}

$report = json_decode($response, true);

import requests

hash_value = "ddb48c18cf40686416e811256b47c6f96485d70a"
resp = requests.get(
    "https://api.fraud.hosting/api/",
    params={"showreport": hash_value},
    timeout=10,
)
if resp.status_code == 404:
    raise ValueError("Report not found")
data = resp.json()

#include <curl/curl.h>
#include <stdexcept>
#include <string>

size_t write_cb(void* contents, size_t size, size_t nmemb, void* userp)
{
    std::string* s = static_cast<std::string*>(userp);
    s->append(static_cast<char*>(contents), size * nmemb);
    return size * nmemb;
}

std::string fetch_report(const std::string& hash)
{
    CURL* curl = curl_easy_init();
    if (!curl) throw std::runtime_error("curl init failed");

    std::string response;
    std::string url = "https://api.fraud.hosting/api/?showreport=" + hash;

    curl_easy_setopt(curl, CURLOPT_URL, url.c_str());
    curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, write_cb);
    curl_easy_setopt(curl, CURLOPT_WRITEDATA, &response);

    CURLcode res = curl_easy_perform(curl);
    curl_easy_cleanup(curl);
    if (res != CURLE_OK) throw std::runtime_error("request failed");

    return response; // parse JSON with your preferred library
}

package publicapi

import (
	"encoding/json"
	"fmt"
	"net/http"
)

func FetchReport(hash string) (map[string]any, error) {
	url := fmt.Sprintf("https://api.fraud.hosting/api/?showreport=%s", hash)
	resp, err := http.Get(url)
	if err != nil {
		return nil, err
	}
	defer resp.Body.Close()

	if resp.StatusCode == http.StatusNotFound {
		return nil, fmt.Errorf("report not found")
	}

	var payload map[string]any
	if err := json.NewDecoder(resp.Body).Decode(&payload); err != nil {
		return nil, err
	}
	return payload, nil
}

Limits and caching

Public requests are rate-limited per IP; if you receive 429, increase the pause and retry later.
Cache responses on your side to avoid requesting the same data repeatedly.
Treat error responses (404/500) as missing data and notify the user without exposing internal details.

Hashing Guide