Protecting SaaS Signups with IP Intelligence

Industry: SaaS Platforms, Developer Tools, Form Builders

Problem: Fake Signups and High-Risk Traffic at the Entry Point

Most small-to-mid SaaS platforms rely solely on reCAPTCHA, email verification, or rate limits to block bad actors. These signals are easily bypassed by:

Tor-based registration bots
Residential proxy networks
Anonymous cloud ASNs and bulletproof VPS IPs

Without IP reputation data at the edge, SaaS platforms are blind to the risk profile of incoming traffic — especially when attackers spread signups across clean, under-the-radar IP blocks.

Solution: Real-Time IP Risk Scoring via API

CandycornDB lets you enrich IPs at signup with low latency, returning:

VPN / proxy detection
Tor node identification
ASN trust scoring (based on historical abuse & peer patterns)
Datacenter / residential classification
Geo-IP mismatch detection (optional)

The API returns a normalized risk_score (0–100), as well as human-readable flags you can use to gate signups, apply friction, or silently monitor for downstream abuse.

Example:

IP 45.67.89.123 returns:

risk_score: 93

flags: ["vpn", "asn_suspicious", "tor_exit"]

How to Integrate in a Signup Flow

Simply send the user’s IP to /api/public/check/:ipAddress before finalizing the registration step. Based on your policy, you can:

Block high-risk registrations outright
Challenge with email verification or phone OTP
Log silently for abuse correlation

const apiKey = 'your_api_key_here';
const ipAddress = '45.67.89.123';

fetch(`https://candycorndb.com/api/public/check/${ipAddress}`, {
  method: 'GET',
  headers: {
    'X-API-Key': apiKey
  }
})
.then(response => {
  if (!response.ok) {
    throw new Error(`HTTP error! status: ${response.status}`);
  }
  return response.json();
})
.then(data => {
  if (data.found) {
    console.log('High-risk IP data:', data.data);
    // Implement your logic here, e.g., block or flag the signup
  } else {
    console.log('IP not found in high-risk database.');
    // Proceed with the signup process
  }
})
.catch(error => {
  console.error('Error fetching data:', error);
});
    

Built for Founders and Engineering Teams

CandycornDB was built with micro SaaS, growth-stage platforms, and dev-first teams in mind. There’s no dashboard bloat or unnecessary friction — just a fast, accurate API that helps you protect the integrity of your user base and stop fraud before it starts.

Talk to Sales Start Free API Access