Protect Login with IP Intelligence
Block brute-force attacks and malicious logins by checking the client IP against WAYSCloud's threat intelligence before processing authentication.
What you are building
A login endpoint that checks the client's IP address against the IP Intelligence API before allowing authentication. High-risk IPs are blocked or challenged; clean IPs proceed normally.
Time to implement: 15 minutes
When to use this
- You have a login form or authentication API
- You want to block known attackers before they reach your auth logic
- You want to add risk scoring to your login flow without building your own threat database
Prerequisites
- A WAYSCloud account (sign up)
- An active IP Intelligence subscription (free tier works)
- Your API key from the dashboard
Step 1: Get your API key
- Go to my.wayscloud.services
- Navigate to IP Intelligence
- Click Activate (starts on free tier — 1,000 lookups/day)
- Copy your API key
Step 2: Check IP on login attempt
Before processing the login, call the threat endpoint:
bash
curl -H "X-API-Key: YOUR_KEY" \
https://api.wayscloud.services/v1/ip/CLIENT_IP/threatPython (FastAPI / Flask)
python
import httpx
WAYSCLOUD_API_KEY = "wayscloud_ip_YOUR_KEY"
THREAT_THRESHOLD = 60 # Block IPs with score >= 60
async def check_ip_threat(ip: str) -> dict:
"""Check IP threat score before login."""
async with httpx.AsyncClient(timeout=3.0) as client:
resp = await client.get(
f"https://api.wayscloud.services/v1/ip/{ip}/threat",
headers={"X-API-Key": WAYSCLOUD_API_KEY},
)
if resp.status_code == 200:
return resp.json()
return {"score": 0, "level": "clean", "is_clean": True}Node.js (Express)
javascript
const WAYSCLOUD_API_KEY = "wayscloud_ip_YOUR_KEY";
const THREAT_THRESHOLD = 60;
async function checkIpThreat(ip) {
const resp = await fetch(
`https://api.wayscloud.services/v1/ip/${ip}/threat`,
{ headers: { "X-API-Key": WAYSCLOUD_API_KEY } }
);
if (resp.ok) return resp.json();
return { score: 0, level: "clean", is_clean: true };
}Step 3: Enforce your policy
Add the check to your login handler:
Python
python
@app.post("/login")
async def login(request: Request, credentials: LoginForm):
client_ip = request.headers.get("X-Forwarded-For", request.client.host)
# Check threat score
threat = await check_ip_threat(client_ip)
if threat["score"] >= THREAT_THRESHOLD:
# Block high-risk IPs
return JSONResponse(
status_code=403,
content={"error": "Access denied due to security policy"}
)
if threat.get("flags", {}).get("tor") or threat.get("flags", {}).get("proxy"):
# Require additional verification for anonymized traffic
return JSONResponse(
status_code=403,
content={"error": "Please disable VPN/proxy to continue"}
)
# Proceed with normal authentication
return authenticate(credentials)Node.js
javascript
app.post("/login", async (req, res) => {
const clientIp = req.headers["x-forwarded-for"] || req.ip;
const threat = await checkIpThreat(clientIp);
if (threat.score >= THREAT_THRESHOLD) {
return res.status(403).json({ error: "Access denied due to security policy" });
}
if (threat.flags?.tor || threat.flags?.proxy) {
return res.status(403).json({ error: "Please disable VPN/proxy to continue" });
}
// Proceed with normal authentication
authenticate(req, res);
});Step 4: Verify it works
Test with a known clean IP:
bash
curl -H "X-API-Key: YOUR_KEY" \
https://api.wayscloud.services/v1/ip/8.8.8.8/threatExpected: score near 0, level is "clean" or "low".
Test with a known threat IP (check the live feed for examples):
bash
curl -H "X-API-Key: YOUR_KEY" \
https://api.wayscloud.services/v1/ip/threats/live?limit=1Use the returned IP to verify high scores trigger your block logic.
Recommended thresholds
| Score | Recommended action |
|---|---|
| 0–29 | Allow |
| 30–59 | Allow, but log for monitoring |
| 60–84 | Challenge (CAPTCHA, MFA) |
| 85–100 | Block |
Adjust thresholds based on your risk tolerance.
Next steps
- IP Intelligence API reference — full endpoint documentation
- IP Intelligence service overview — features and pricing
- Send OTP — add phone verification as a second factor