ONCE Fraud API

    Limited-time · Free during beta

    Fraud scoring for music releases, in one API call

    The ONCE Fraud API takes an email address and returns a weighted risk score and the exact flags behind it. It is powered by ONCE Fraud Detection, the same system that protects the ONCE catalog, and it hands back only scores and flags, never sensitive data.

    What it does

    One endpoint, one clear answer

    Ask the Fraud API about an email and it tells you how risky the account looks and why. No pipelines to build, no sensitive data to handle.

    Email in, score and flags out

    POST a single email address and get back one weighted risk score from 0 to maxScore, a severity band, and the exact flags that fired. Nothing else to wire up.

    Secure by design

    The response carries only scores and flags. Never IPs, personal data, account details, or any internal detection method. Safe to store and act on in your own systems.

    Seven signal categories

    Every flag is tagged with a category and a severity, so you can route decisions by what actually fired instead of trusting one opaque number.

    Simple REST plus an API key

    One POST endpoint, bearer auth with a ONCE API key, JSON in and JSON out. No SDK required, no separate signup, no webhooks to manage.

    Request and response

    A single POST, JSON back

    Send an email to the scoring endpoint with your API key. The score is a weighted total out of maxScore, and every flag explains itself.

    Request

    curl -X POST https://once.app/v1/fraud/score \
      -H "Authorization: Bearer once_pat_xxx" \
      -H "Content-Type: application/json" \
      -d '{"email":"artist@example.com"}'

    Response 200 · application/json

    {
      "email": "artist@example.com",
      "score": 145,
      "maxScore": 300,
      "severity": "high",
      "computedAt": "2026-07-05T07:30:00Z",
      "flags": [
        {
          "code": "banned_account_metadata_match",
          "label": "Release metadata matches a banned account",
          "category": "account_integrity",
          "severity": "high",
          "triggered": true,
          "points": 60
        },
        {
          "code": "audio_match_multiple",
          "label": "Audio fingerprint matches on multiple tracks",
          "category": "rights",
          "severity": "high",
          "triggered": false,
          "points": 0
        }
      ]
    }

    Authenticate with a ONCE API key

    Create a personal access token in the ONCE dev center under Settings, then Developer, with the once:fraud scope enabled. Send it as Authorization: Bearer once_pat_xxx. Auth is your ONCE account plus the key, so there is no separate signup for the API.

    Predictable limits and errors

    The free tier allows 60 requests per minute and 1,000 per day per account, and the limits are tunable. Expect 403 when the key is missing the once:fraud scope, 404 when there is no ONCE account for that email, and 429 when you hit the rate limit or daily quota.

    What you get back

    Seven signal categories

    Every flag in the response is tagged with one of these categories, a severity of low, medium, high, or critical, and the points it contributed to the score.

    Rights

    Rights and audio conflicts, like a fingerprint that matches existing tracks.

    Account integrity

    Signals that a release ties back to a banned or duplicated account.

    Content

    Problems in the release itself: metadata, artwork, and title issues.

    Distribution

    Patterns in how and where a release is being pushed out.

    Streaming

    Streaming and playback signals associated with manipulation.

    Behavior

    Account and release behavior seen over time.

    Abuse

    Direct abuse signals that put a catalog at risk.

    Security promise

    Scores and flags. Nothing sensitive.

    The ONCE Fraud API returns only scores and flags. It never returns IPs, personal data, account details, or any internal detection method. That means the response is safe to log, store, and act on inside your own systems without carrying any sensitive data about the account you scored.

    Limited-time · Free during beta

    Free while the beta is open

    The ONCE Fraud API is free for a limited time during the public beta. This free period is temporary and will end. When the beta closes, the API moves to usage-based pricing.

    We announce pricing and give notice before anything changes, so nothing starts billing silently. Start now while it is free, on 60 requests per minute and 1,000 per day.

    Fraud API FAQ