cloud1
cloud2
cloud3
cloud4
cloud5
cloud6
Risk API
Contextual Risk Score API
← Back to platform brief
Risk API

Contextual Risk Score API

Score risky IPs in real time, report lightweight business feedback, and push structured identifier outcomes back into workspace memory from the same authenticated API surface. Syndu keeps the contract simple: `score` is the metered read path, while `rate` and `report` are authenticated writeback endpoints that do not consume score quota. The score response now also carries a live community-signal block so applications can see whether analysts are converging on the same entity right now.

Documentation Index Platform brief Pricing
Documentation index Platform brief Quota rules Privacy FAQ
Step 1
Observe and score

Call one authenticated endpoint and get the current contextual-risk object plus the dimensional evidence, report links, and quota posture behind the score.

Step 2
Decide in workflow

Use the result in analyst review, application logic, merchant-risk, fraud, or abuse decisions without waiting for a separate enrichment stack, and include the live community-demand block when repeated lookups matter.

Step 3
Write outcome back

Use `rate` for lightweight IP feedback or `report` for typed outcome events covering domains, URLs, orgs, email addresses, transactions, and other identifiers.

Step 4
Reuse through memory

The same conclusion becomes governed workspace memory for later humans, MCP clients, or adjacent systems.

Primary Workflow

This is the simplest buyer motion: read the current risk, decide what it means, then write back the conclusion so the next system or analyst starts from the same truth.

Step 1

Score the IP

Call the metered score endpoint to get the current contextual-risk object and the dimensional evidence behind it.

POST /risk_api/score/ Quota-counted IP input only
Step 2

Decide what the score means for your workflow

Use the dimensional evidence, report URLs, and quota posture to decide whether the entity is suspicious, benign, or worth escalation.

Matched dimensions Behavioral baseline Report-backed explanation
Step 3

Write the conclusion back

Use `rate` for simple IP feedback or `report` for typed outcome events tied to the broader identifier model and governed workspace memory.

POST /risk_api/rate/ POST /risk_api/report/ Workspace memory alignment

What This API Surface Actually Does

The page should help both buyers and implementers understand the real contract: one metered scoring endpoint, two free writeback endpoints, and lower-level model reads for systems that need the raw dimensional payload.

Risk API

Read contextual risk from the published evidence graph

The score path resolves the queried IP into Syndu's report hierarchy, then reads the latest available behavioral-risk truth from the same published summary tables that already power the public report headers.

Risk API

Return live community demand alongside the score

The API now appends a `community_signal` object to the score response. That object updates on a faster 10-minute cadence than the published report cubes and shows whether repeated public lookups and multiple requester IPs are converging on the same entity.

Risk API

Write back outcomes through the same workspace identity

API buyers do not have to switch to MCP just to push findings back into Syndu. The lightweight `rate` endpoint records quick IP feedback, while the broader `report` endpoint stores structured outcome events for any supported identifier family under the authenticated workspace.

Risk API

One memory loop for cyber and fraud decisions

A lot of products can score. Fewer can score, let the buyer decide, and then preserve the outcome in a governed loop that later workflows can reuse. That loop is the real commercial center of this surface.

Risk API

Humans get explanation, machines get copy-ready contracts

The response contracts are intentionally copyable and boring: request body, response object, quota posture, and explicit error messages. That keeps the API easy to test in curl, Python, or product code without reverse-engineering the website.

Risk API

Commercially narrow, operationally honest

Only `score` is quota-metered. `rate` and `report` are free authenticated feedback surfaces, because the goal is to make the read path commercial and the buyer's own writeback path easy to use instead of punishing it.

Endpoint Reference

These are endpoint contracts, not page links. Treat them as copy-ready reference rows for implementation.

POST

Score an IP address

/risk_api/score/

Quota-metered contextual-risk read path for live application decisions, including the current community-demand signal for the queried IP.

Header: Authorization: Bearer <api_key> or X-API-Key: <api_key> Body: JSON with one `ip` field Returns the score object plus current entitlement usage Includes `community_signal` in the response
POST

Rate an IP outcome

/risk_api/rate/

Free authenticated IP feedback path for fast good, neutral, or bad business signals.

Body: `ip`, `rating`, optional `note` Accepted ratings: -1, 0, 1 Does not consume score quota
POST

Report a structured identifier outcome

/risk_api/report/

Free authenticated writeback path for structured outcome events tied to any supported identifier family.

Body: `kind`, `key`, `title`, `summary`, optional `details` and related subjects Supports report-backed and broader risky identifiers Stores the outcome in governed workspace memory
GET / POST

Read the lower-level model directly

/risk_api/holistic/ and /risk_api/holistic-weighted/

Optional lower-level reads for systems that want the raw dimensional payload instead of the commercial score wrapper.

Accepts `kind` and `key` Weighted variant allows custom dimension weights Best for deeper model inspection and experimentation

Implementation References

These are the main code surfaces behind the current API contract, so a technical buyer or operator can trace the implementation quickly.

Route map

common/urls_risk.py

Defines the public API surface for score, rate, report, and the lower-level holistic lookups.

score/ rate/ report/ holistic/ holistic-weighted/
Views

common/risk_views.py

Authenticates API keys, handles quota posture, validates bodies, and returns the JSON contracts documented on this page.

score_api rate_api report_api
Scoring model

common/holistic_risk.py

Builds the contextual-risk payload by resolving the report hierarchy and composing the dimensional evidence behind the score.

build_holistic_risk_payload resolve_report_context parse_weights
Writeback memory

syndu_mcp/services/knowledge.py

The structured `report` endpoint writes into the same governed subject and outcome memory system that powers the MCP hive mind.

store_outcome_event workspace visibility policy shared subject model
Tests

common/tests_holistic_risk.py

Covers the scoring endpoints, quota behavior, writeback responses, and the current API contract under test.

Score success Quota exhaustion Rate feedback Report writeback

Copy-Ready API Examples

These snippets are meant to be copied directly into a terminal, a notebook, or application code.

bash

Score request

curl -X POST https://syndu.com/risk_api/score/ \
  -H "Authorization: Bearer syndu_live_xxx" \
  -H "Content-Type: application/json" \
  -d '{
    "ip": "8.8.8.8"
  }'
json

Score response

{
  "ok": true,
  "endpoint": "score",
  "query": {"ip": "8.8.8.8"},
  "api_key": {
    "name": "Production",
    "prefix": "syndu_live_test_prefix"
  },
  "quota": {
    "daily_limit": 1000,
    "used_today": 24,
    "remaining": 976,
    "over_limit": false
  },
  "score": {
    "overall_score": 88,
    "overall_risk_level": "high",
    "matched_count": 8,
    "dimensions": [
      {"code": "country", "matched": true, "score": 100},
      {"code": "org", "matched": true, "score": 100}
    ]
  },
  "community_signal": {
    "ok": true,
    "state": {"label": "Spiking now", "has_spike": true},
    "metrics": {"lookups_10m": 4, "requesters_60m": 3, "spike_windows_7d": 9},
    "recent_query_windows": [
      {"label": "19:20", "hits": 4, "requesters": 3}
    ]
  }
}
bash

Free IP rating request

curl -X POST https://syndu.com/risk_api/rate/ \
  -H "Authorization: Bearer syndu_live_xxx" \
  -H "Content-Type: application/json" \
  -d '{
    "ip": "8.8.8.8",
    "rating": 1,
    "note": "Known trustworthy infrastructure"
  }'
bash

Structured identifier report request

curl -X POST https://syndu.com/risk_api/report/ \
  -H "Authorization: Bearer syndu_live_xxx" \
  -H "Content-Type: application/json" \
  -d '{
    "kind": "domain",
    "key": "payments.example.com",
    "title": "Synthetic payment abuse",
    "summary": "Observed suspicious checkout automation",
    "details": "Multiple related sessions converged on the same checkout surface.",
    "outcome_code": "fraud_watch",
    "severity": "high",
    "tags": ["fraud", "automation"],
    "related_subjects": [
      {"kind": "ipaddress", "key": "8.8.8.8", "role": "source_ip"}
    ]
  }'
json

Structured identifier report response

{
  "ok": true,
  "endpoint": "report",
  "query": {
    "kind": "domain",
    "key": "payments.example.com",
    "namespace": ""
  },
  "quota": {
    "counted": false,
    "reason": "free_endpoint"
  },
  "memory": {
    "requested_visibility": "workspace",
    "effective_visibility": "workspace",
    "policy_notice": ""
  },
  "report": {
    "id": 142,
    "event_type": "observation",
    "outcome_code": "fraud_watch",
    "title": "Synthetic payment abuse",
    "summary": "Observed suspicious checkout automation",
    "severity": "high",
    "status": "",
    "subject": {
      "kind": "domain",
      "key": "payments.example.com",
      "share_policy": "clear_share"
    },
    "related_subjects": [
      {"kind": "ipaddress", "key": "8.8.8.8", "role": "source_ip"}
    ]
  }
}
json

Unauthorized response

{
  "ok": false,
  "error": "missing_api_key",
  "message": "Provide X-API-Key or Authorization: Bearer <key>."
}

Related Resources

Documentation

Syndu Documentation Index

Syndu gives computer-using agents outside-in risk context and a governed memory loop. This index maps the supporting docs: plugin install, MCP workflows, the Risk API, pricing, privacy, and the evidence depth behind the system.

4 briefing points Documentation
Open article
Coverage

What Syndu Reports Cover

Syndu exposes a dimensional risk surface across network entities and geography: ip address, subnet, ISP, ASN, organization, city, region, and country. That same dimensional graph powers the Risk API, MCP tools, and the memory loop that preserves the resulting decisions.

4 briefing points Coverage
Open article
Operations

Using Syndu with SoC and SIEM Workflows

Syndu is an external context layer for monitoring, hygiene review, agent workflows, and decision support. It complements SoC and SIEM processes rather than replacing them, while sharing the same evidence and memory model used elsewhere on the platform.

4 briefing points Operations
Open article
Fraud operations

Using Syndu with Fraud, Payments, and Merchant-Risk Workflows

Syndu is also a decision surface for fraud, payments, merchant-risk, and trust workflows. The same outside-in evidence graph, Risk API, and governed memory loop help teams score, review, and preserve conclusions around risky identifiers.

4 briefing points Fraud operations
Open article
AI and scale

Consuming Syndu at Scale

The platform supports three access surfaces at scale: direct report access for large-scale browser or agent consumption, the Risk API for application-native scoring, and the MCP server for collaborative agent workflows.

4 briefing points AI and scale
Open article
Delivery modes

Direct, API, and MCP Access

Syndu is one platform with three access surfaces: direct access for report-shell consumption, API access for application-side scoring, and MCP access for agent collaboration. They sit under the same workspace, quota, and subscription control plane, but differ in delivery contract.

4 briefing points Delivery modes
Open article
Register

Create a workspace to govern access to Syndu.

Registration unlocks the workspace control plane, plan selection, credential provisioning, and the subscription flow across web, API, and MCP access.

Register Sign in to workspace