# LoginDetective

> LoginDetective is a fraud-detection API that unifies IP reputation, email risk analysis, and user-agent fingerprinting into a single **suspicious_score** on a four-band scale (very_low / low / high / very_high). Integrate in minutes with a REST API and an ld_ prefixed API key.

Key facts:

- Free tier: 100 detections/day per tenant, no credit card required
- Scoring combines IPDetective (IP type, ASN, bot flag), EmailDetective (disposable, MX, DMARC, SPF), and AI user-agent analysis
- All requests are tenant-scoped; multi-tenant architecture with owner/member roles
- Authentication: email+password with JWT, or Google OAuth; API keys for programmatic access

## API

- [Public OpenAPI spec](https://logindetective.com/public_openapi.yaml): Machine-readable REST API specification (OpenAPI 3.1)
- [Health check](https://logindetective.com/health): https://logindetective.com/health — returns {"status":"ok"}
- [Pricing tiers](https://logindetective.com/pricing): https://logindetective.com/pricing — returns available plans and daily limits

## Docs

- [API reference](https://logindetective.com/docs): Interactive docs and integration guide
- [Integration snippets](https://logindetective.com/integrations): cURL, Node, Python, Go, Express, Django, and Rails examples for the first API request
- [Privacy Policy](https://logindetective.com/privacy): How LoginDetective collects, uses, shares, and protects information
- [Terms of Service](https://logindetective.com/terms): Rules for using the dashboard and API
- [What data we process](https://logindetective.com/data): Plain-English summary of IP, email, user-agent, detection, and retention handling

## Optional

- [Sitemap](https://logindetective.com/sitemap.xml): Full list of public pages

## Integration example

To analyze a login attempt, send a POST request to /v1/analyze with your API key:

    POST https://logindetective.com/v1/analyze
    X-API-Key: ld_your_key_here
    Content-Type: application/json

    {
      "ip": "1.2.3.4",
      "email": "user@example.com",
      "user_agent": "Mozilla/5.0 ..."
    }

Response includes suspicious_score (very_low/low/high/very_high), component_scores for ip/email/combined,
full ip_analysis and email_analysis payloads, and a suspicious_reasoning string.

## Plans

- free: 100 detections/day, no credit card
- starter: 1 000/day (coming soon)
- pro: 10 000/day (coming soon)