IP Velocity Fields
As of April 2022, you can have optional IP velocity fields returned as part of the Verify v4 API response. To have these fields configured for your organization in Arkose Bot Manager, contact your CSM (Customer Success Manager).
When enabled, the IP velocity fields and their values appear in the Verify v4 API response as an "aggregations" field with subfields and their values as shown. The short_term
fields are for detecting volumetric attacks, while the long_term fields are for detecting low & slow attacks.
"aggregations": {
"ip": {
"short_term": {
"interval_minutes": 60,
"count": 22,
"threshold": 11
},
"long_term": {
"interval_minutes": 720,
"count": 22,
"threshold": 50
}
},
The fields' meanings and allowed values are:
Field | Subfield | Subfield | Subfield | Description and Values |
---|---|---|---|---|
| ||||
| Data consists of aggregated over time sightings of an IP address on a customer’s key. | |||
| A shorter time bucket for detecting volumetric attacks. | |||
| The period of time over which the aggregation was done. For example, if this value is | |||
| Number of times an IP address was seen on a public key for the duration defined in | |||
| The threshold set on the public key. A threshold is determined based on historical data. As a rule of thumb, if the | |||
| A longer time bucket for detecting low & slow attacks. | |||
| The period of time over which the aggregation was done. For example, if this value is | |||
| Number of times an IP address was seen on a public key for the duration defined in | |||
| The threshold set on the public key. A threshold is determined based on historical data. As a rule of thumb, if the |
Error Handling
If the IP Velocity fields have been turned on and there was an error limited to them that does not apply to the other Verify API response fields, the following is returned in the Verify response. Note that you must include in any code you write to handle the IP Velocity fields a way of detecting and handling this error response.
"aggregations":
{
"error": "unable to contact service"
},
The overall Verify API response need not show an HTTP error code. If it does, it will be handled by the overall Verify error code logic. This error code block is orthogonal to any overall error that Verify may send as a response. In other words, even if "aggregations"
shows the above error, the overall Verify API response can still show a 200
successful code.
Updated 10 days ago