Vetting API - v 4.6


The E-HAWK Vetting service provides real-time reputation and risk analysis. The Vetting API is used to call the vetting service during sign-up, account updates, logins, or other users interactions. Please follow this guide for implementation instructions.

API Call

Using HTTPS RESTful calls, your online forms or back-end systems query our service about risks levels associates with the information entered by users. Each call includes keyword and values pairs to analyze.

The API POST sequence is:

The API uses Content-Type: application/x-www-form-urlencoded

For all API calls:

  • Properly encode all values within the HTTPS POST. See w3school guide.
  • All values must be in UTF-8 character sets. See

For example, to send an ip and email to the vetting API:

EHawkTalon.js - v3.1

The API is supported with a JavaScript Device fingerprinting file from our CDN or hosted on your local infrastructure. Incorporating this file into your sign-up process increases accuracy and provides critical data for E-HAWK vetting analysis. The code categorizes the computer, OS, time zone, etc. of the sign-up device.

Place the following in your sign-up page's <form> ... </form> block:

 <input type="hidden" name="talon" value='{"version": 3, "status": -1}' id="talon"> 

Place the following in your Design page directly above the </body> tag:

<script type="text/JavaScript" src=""></script> 
<script type="text/javascript">

If you would like to use HTTPS via CDN then use

To host the EHawkTalon.js locally, download the file and update the src to match the directory path to the local file.

API Keywords, Values, and Formats

The Vetting API will analyze the following input values to calculate a Risk Score. With the exception of the apikey and ip values, all inputs are optional (see note on Blank or No Data below). However, the more keyword and value pairs provided, the better the analysis. Keywords must be lowercase.

To help with implementation, you can send test API POST to The page tests the keywords and values for the correct formats.

Keyword Value and Format
apikey Your E-HAWK Vetting API KEY (required)
ip IPv4 address of the user connecting browser (required)
email email address (
talon See EHawkTalon.js for device fingerprinting implementation
phone US and Canada: 10 digit format XXXXXXXXXX
International: "+" AND country code AND number, ex: +33143542331
street Street, PO box, location
city City, town, or village
state State, province, or area. US and Canada must be two-letter lowercase code. Other countries just use the actual state if available.
postalcode Postal code or zip code
country Two letter lowercase country code (ISO codes)
domain User’s verified domain. Not necessarily the domain of their email, but the domain they own or will be sending email from. Domain should be linked to their business or “From” address of their emails. Example “”. Do not use URL (no http://, just “”)
website url of the user’s website (
name User’s full name, First Last format
username The username or userID of the account. Use this ID to link back to your unique ID on your systems.
useragent The User-Agent string provided by the browser
referrer the referring URL provided by the browser during form completion
revet yes

IMPORTANT! The vetting service by default uses activity testing to tag similar data from multiple sign-ups, bots, etc. and mark as high risk. If you want to manually vet a user again within a short period of time, you should add revet=yes to the vet, so it bypasses the activity engine. Otherwise our system will think the person is trying to sign-up multiple times and start marking that user as high risk.
timeout no

If timeout=no then the vetting engine will perform additional testing on domain, email and other areas. If you can wait up to four seconds for the API response, then add this to your API calls. If not set then the API should return scoring in less than 500ms.
Reliance Mark Version

For clients using the Reliance Mark version of the API, please add the following additional data.

producer_id ID for lead generator who is sending the lead.
lead_type payday installment loan invoice loan other
minimum_price Minimum sale price for the lead.
site Optional field which can be used for tracking purposes.
source Optional field which can be used for tracking purposes.
campaign Optional field which can be used for tracking purposes.
ad Optional field which can be used for tracking purposes.
bank_name Bank name
bank_phone Bank phone number. US and Canada: 10 digit format XXXXXXXXXX
International: "+" AND country code AND number, ex: +33143542331
account_number Bank account number
routing_number Bank routing number
driving_license_number Driving license number
driving_license_state Two-letter lowercase code for driving license issue state
birth_date Birth date in format YYYY-MM-DD
social_security_number Social security number in format 123456789
monthly_income Monthly income from the loan application in USD
loan_amount Requested loan amount in USD
Blank, No Data, “none” type value - Important Note
If a keyword is supplied in the API call with no value, or blank, or even a holder value such as “none” or “n/a”, then the Vetting service treats this as suspicious, will score the area negatively, and list the error in the API response. We recommend mandatory fields in forms should be vetted, and optional fields should only be vetted when completed by users. Keywords with no data/empty/placeholders will receive negative scores and impact the Risk Score.
JSON Response

The standard output is a JSON array that contains a header followed by the the vetting information in the format:

  • version string API version number
  • transaction_id string unique id of API call
  • status number see status and error codes
  • error_message string
  • score array risk score array
  • scores array scores for testing areas
    • score area string
    • title string
    • score number risk score for the area
  • details array risk hit details
    • fingerprint string device fingerprint
    • risk area details array
      • score_details array

An example JSON response.

  "version": "v.4", 
  "transaction_id": "XXX", 
  "status": 0,  
  "error_message": "",  
  "score": [     
    "Risk Score",
    "Very High Risk"  
  "scores": {   
    "ip": [     
    "email": [    
    "community": [  
    "geolocation": [ 
    "activity": [  
  "details": {
    "ip": {
      "city": "Delhi",
      "country": "India",
      "timezone": "Asia\/Kolkata",
      "score_details": [
        "Proxy - Anonymous",
        "Bots, Drone, Worm, Proxy, TOR",
        "Spam Blacklist"
    "fingerprint": "12e30087109e44e4fd4"
    "email": {
      "score_details": [
    "geolocation": {
      "score_details": [
        "IP vs location > 6,000 miles"
    "activity": {
      "score_details": [
        "4 Repeats"
    "community": {
      "score_details": [
        "Cyber Crime"
Status and Error Codes

The status will be a value (0 = OK) or an error code and a corresponding errors array. As an example, an API call invalid API KEY would return

  "error_message":"Invalid API key",
Status Description
0 Success - no errors
3 invalid api key
5 IP input error
-1 network congestion (reduced fidelity)
-12 Out of Vetting Credits
-13 Exceed Max calls per Second
Sample and Batch Code

Sample CURL API call in PHP
To help with implementation, you can send the API POST to The page tests the parameters and values for the correct formats.

// clear and setup keys and values
   $post_array = array();
// add a keyword and value for each item to pass in the vet
   $post_array['apikey'] = 'YourAPIKey';   
   $post_array['ip'] = '';       
   $post_array['email'] = ''; 
   $post_array['domain'] = '';
   $post_array['talon'] = $_POST['talon'];  
   $post_array['revet'] = 'yes'; 
   $post_array['timeout'] = 'no';  

// Do the vet
$curl = curl_init("");
if (!empty($curl)) {
    curl_setopt ($curl, CURLOPT_FOLLOWLOCATION, true);
    curl_setopt ($curl, CURLOPT_POST, true);
    curl_setopt ($curl, CURLOPT_RETURNTRANSFER, true);
    curl_setopt ($curl, CURLOPT_SSL_VERIFYPEER, false);
    curl_setopt ($curl, CURLOPT_CONNECTTIMEOUT, 20);
    curl_setopt ($curl, CURLOPT_TIMEOUT, 10);
    curl_setopt ($curl, CURLOPT_USERAGENT, "E-HAWK VET");
    curl_setopt ($curl, CURLOPT_POSTFIELDS, $post_array);
    $result = curl_exec ($curl);
    curl_close ($curl);
// print result

// process result
$vet_array = json_decode($result, true);    
echo '<p>Risk Score = '.$vet_array['score'][1].'<br>';
echo 'Risk Type = '.$vet_array['score'][2].'<br></p>';

PHP Vetting API Batch Process [updated 2015-09]
Download the Excel spreadsheet, paste in your data, and email requesting a batch processing. We will provide a secure file upload area to send your Excel file, process the data, and let you view the results in our dashboard reporting system.