Risk Intelligence page in docs

LICENSE

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2020-2024 Friendly Captcha GmbH
+Copyright (c) 2020-2026 Friendly Captcha GmbH
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

README.md

@@ -2,7 +2,7 @@
 
 This is the source code of [Friendly Captcha](https://friendlycaptcha.com)'s [Developer Hub](https://developer.friendlycaptcha.com).
 
-This website uses [Docusaurus 2](https://docusaurus.io/).
+This website uses [Docusaurus 3](https://docusaurus.io/).
 
 ## Am I using V1 or V2
 

docs/api/siteverify.md

@@ -35,9 +35,10 @@ The response body is a JSON object which has a `success` field that tells you wh
   "data": {
     "event_id": "ev_CkK-YXwlFf-15_f", // Unique identifier for the siteverify request.
     "challenge": {
-        "timestamp": "2025-03-18T13:01:25Z", // ISO 8601 timestamp when the captcha challenge was completed.
+        "timestamp": "2026-02-05T13:01:25Z", // ISO 8601 timestamp when the captcha challenge was completed.
         "origin": "https://example.com" // Origin where the challenge happened. This can be empty if unknown.
-    }
+    },
+    "risk_intelligence": null // `null` unless you have enabled Risk Intelligence on your account. See below.
   }
 }
 ```
@@ -94,6 +95,11 @@ It is better to temporarily accept bots or spam than to reject all requests. *Do
 :::
 
 
+## Risk Intelligence
+The `risk_intelligence` field in the successful response is `null` unless you have enabled [*Risk Intelligence*](../risk-intelligence) on your account.
+
+Risk Intelligence allows you to receive risk scores and details about the solver of the request. This can help you make more informed decisions about how to handle the request, and allows you to feed the risk data into your fraud detection systems. This is a paid add-on feature that is available on **Friendly Captcha Advanced** and **Enterprise** plans.
+
 ## Troubleshooting & Tips
 
 ### `method_not_allowed`

docs/getting-started/verify.md

@@ -48,9 +48,10 @@ The response body is a JSON object which has a `success` field that tells you wh
   "data": {
     "event_id": "ev_CkK-YXwlFf-15_f", // Unique identifier for the siteverify request.
     "challenge": {
-        "timestamp": "2025-03-18T13:01:25Z", // ISO 8601 timestamp when the captcha challenge was completed.
+        "timestamp": "2026-02-05T13:01:25Z", // ISO 8601 timestamp when the captcha challenge was completed.
         "origin": "example.com" // Origin where the challenge happened. This can be empty if unknown.
-    }
+    },
+    "risk_intelligence": null // `null` unless you have enabled Risk Intelligence on your account.
   }
 }
 ```

docs/risk-intelligence/index.md

@@ -0,0 +1,161 @@
+# Risk Intelligence
+
+*Risk Intelligence* helps make decisions about the trustworthiness of users interacting with your services.
+
+Friendly Captcha provides Risk Intelligence data as part of its API responses. This data includes various risk scores and signals that can help you assess the likelihood of fraudulent or malicious activity.
+
+You can store and use this data to enhance your (existing) security systems, such as implementing risk-based authentication or fraud detection systems. For example, you may want to flag users with high risk scores for additional verification steps.
+
+## How do I get Risk Intelligence data?
+Risk Intelligence is a paid add-on feature that is available on **Friendly Captcha Advanced** and **Enterprise** plans.
+
+When enabled, the Risk Intelligence data will be included in the `risk_intelligence` field of the response from the [siteverify API](../api/siteverify.md).
+
+## Why is Risk Intelligence useful?
+We wrote up example use cases for Risk Intelligence data in the [**Use Cases**](./use-cases.md) document.
+
+## Modular
+We offer Risk Intelligence as a modular add-on, allowing you to choose the specific data points that are most relevant to your use case.
+
+There are 5 modules available:
+* **Risk Scores**: Combined risk scores that summarize the risk in different categories such as browser risk and network risk.
+* **IP Intelligence**: Information about the IP address of the user, such as geolocation and the ASN and the ASN type such as residential vs datacenter.
+* **Anonymization Detection**: Signals that indicate whether the user is using anonymization or masking services like VPNs or proxies. *This module will be launched in Q2 2026.*
+* **Browser Identification**: Signals that help identify the browser and device being used by the user.
+* **Bot Detection**: Information about what kind of automation or bot was detected.
+
+## Risk Intelligence data format
+The Risk Intelligence data is returned as a JSON object in the `risk_intelligence` field of the siteverify response. Below is an example of what the data might look like:
+
+```json
+{
+  // Risk scores summarizing the assessment into scores per category (1-5)
+  // Available when the Risk Scores module is enabled, null otherwise
+  risk_scores: {
+    overall: 2,      // Overall risk score combining all factors
+    network: 2,      // Network-related risk based on IP, ASN, reputation, geolocation
+    browser: 1       // Browser-related risk based on user agent, automation traces, consistency
+  },
+
+  network: {
+    ip: "88.64.123.45",  // IP address of the request, note this plain IP is *never* stored on our servers
+
+    // Autonomous System information (available when IP Intelligence module is enabled)
+    as: {
+      asn: 3209,                       // Autonomous System Number
+      name: "VODANET",                 // AS name/handle
+      company: "Vodafone GmbH",        // Organization name that owns the ASN
+      description: "Provides mobile and fixed broadband and telecommunication services to consumers and businesses.",
+      domain: "vodafone.de",           // Domain associated with the ASN
+      country: "DE",                   // Two-letter country code where ASN is registered
+      rir: "RIPE",                     // Regional Internet Registry that allocated the ASN
+      route: "88.64.0.0/12",           // IP route in CIDR notation
+      type: "isp"                      // AS type (isp, hosting, mobile, etc.)
+    },
+
+    // Geographic location of the IP (available when IP Intelligence module is enabled)
+    geolocation: {
+      country: {
+        iso2: "DE",                    // Two-letter ISO 3166-1 alpha-2 code
+        iso3: "DEU",                   // Three-letter ISO 3166-1 alpha-3 code
+        name: "Germany",               // Country name in English
+        name_native: "Deutschland",    // Country name in native language
+        region: "Europe",              // Major world region
+        subregion: "Western Europe",   // More specific world region
+        currency: "EUR",               // ISO 4217 currency code
+        currency_name: "Euro",         // Full name of the currency
+        phone_code: "49",              // International dialing code
+        capital: "Berlin"              // Capital city
+      },
+      city: "Eschborn",                // City name (empty string if unknown)
+      state: "Hessen"                  // State/region/province (empty string if unknown)
+    },
+
+    // Abuse contact information (available when IP Intelligence module is enabled)
+    abuse_contact: {
+      address: "Vodafone GmbH, Campus Eschborn, Duesseldorfer Strasse 15, D-65760 Eschborn, Germany",  // Postal address
+      name: "Vodafone Germany IP Core Backbone",  // Abuse contact name
+      email: "abuse.de@vodafone.com",  // Abuse contact email
+      phone: "+49 6196 52352105"       // Abuse contact phone
+    },
+
+    // IP anonymization detection (available when Anonymization Detection module is enabled)
+    anonymization: {
+      vpn_score: 2,                    // VPN likelihood score (1-5)
+      proxy_score: 1,                  // Proxy likelihood score (1-5)
+      tor: false,                      // Tor exit node detected
+      icloud_private_relay: false      // iCloud Private Relay detected
+    }
+  },
+
+  client: {
+    // User-Agent HTTP header sent by the browser
+    header_user_agent: "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:146.0) Gecko/20100101 Firefox/146.0",
+
+    // Time zone from the browser (available when Browser Identification module is enabled)
+    time_zone: {
+      name: "Europe/Berlin",           // IANA time zone identifier
+      country_iso2: "DE"               // Country derived from time zone
+    },
+
+    // Detected browser information (available when Browser Identification module is enabled)
+    browser: {
+      id: "firefox",                   // Browser identifier
+      name: "Firefox",                 // Human-readable browser name
+      version: "146.0",                // Browser version
+      release_date: "2026-01-28"       // Release date of this version (YYYY-MM-DD)
+    },
+
+    // Browser rendering engine (available when Browser Identification module is enabled)
+    browser_engine: {
+      id: "gecko",                     // Engine identifier
+      name: "Gecko",                   // Human-readable engine name
+      version: "146.0"                 // Engine version
+    },
+
+    // Device information (available when Browser Identification module is enabled)
+    device: {
+      type: "desktop",                 // Device type (desktop, mobile, tablet, etc.)
+      brand: "",                       // Device manufacturer brand (empty for desktop)
+      model: ""                        // Device model name (empty for desktop)
+    },
+
+    // Operating system information (available when Browser Identification module is enabled)
+    os: {
+      id: "windows",                   // OS identifier
+      name: "Windows",                 // Human-readable OS name
+      version: "10"                    // OS version
+    },
+
+    // TLS/SSL signatures (available when Bot Detection module is enabled)
+    tls_signature: {
+      ja3: "d87a30a5782a73a83c1544bb06332780",             // JA3 hash
+      ja3n: "28ecc2d2875b345cecbb632b12d8c1e0",            // JA3N hash (normalized)
+      ja4: "t13d1516h2_8daaf6152771_02713d6af862"          // JA4 signature
+    },
+
+    // Automation and bot detection (available when Bot Detection module is enabled)
+    automation: {
+      // Automation tool detection
+      automation_tool: {
+        detected: false,               // Whether automation tool was detected
+        id: "",                        // Tool identifier (puppeteer, selenium, etc.)
+        name: "",                      // Human-readable tool name
+        type: ""                       // Tool type (webdriver, cdp, etc.)
+      },
+
+      // Known bot/crawler detection (good bots with public documentation)
+      known_bot: {
+        detected: false,               // Whether a known bot was detected
+        id: "",                        // Bot identifier (googlebot, bingbot, etc.)
+        name: "",                      // Human-readable bot name
+        type: "",                      // Bot type (search, monitor, social, etc.)
+        url: ""                        // URL to bot documentation
+      }
+    }
+  }
+}
+```
+
+## Next steps
+You can enable Risk Intelligence on your account by contacting our support team. If you want to learn more about how to use the Risk Intelligence data, check out the [**Use Cases**](./use-cases.md) document where we provide example implementations and ideas for how to use this data to enhance your security.

docs/risk-intelligence/use-cases.md

@@ -0,0 +1,79 @@
+# Use Cases
+
+Risk Intelligence data can be used in various ways to enhance the security and fraud detection capabilities of your applications. Here we describe some common use cases for Risk Intelligence data.
+
+## Risk-based Authentication
+Risk Intelligence can be used to implement **risk-based authentication (RBA)** for preventing *account takeover*. With RBA you adjust the authentication requirements based on the assessed risk of the login attempt. For example, if a user is logging in from a new device or location and has a high-risk score, you might require them to complete additional verification steps such as entering a one-time password sent to their email or phone.
+
+A Risk-Based Authentication setup helps prevent account takeover attacks while allowing low-risk users to log in without additional friction. Even if the account credentials have been compromised, the additional verification steps can block unauthorized access.
+
+In practice this means an end-user may need to click a link in their email inbox or enter a code sent via SMS to complete the login process. *"You are logging in from a new device, please verify your identity by entering the code sent to your email."* 
+
+<details>
+<summary>Example: Risk-Based Authentication Email</summary>
+
+<p align="center">
+  <img src="/mockups/risk-auth-email.png" alt="Example of a Risk-Based Authentication email" />
+</p>
+<p align="center">
+  <em>A security alert email notifying the user of an unusual login attempt from a new location, with options to confirm or secure their account.</em>
+</p>
+
+</details>
+
+## Fraud Detection and Prevention
+Risk Intelligence data can be integrated into your existing fraud detection systems to help identify and block fraudulent activity. For example, if a user is attempting to create multiple accounts from a country that you don't usually see traffic from, and has a high-risk score, you might want to block the account creation or flag it for manual review.
+
+<details>
+<summary>Example: Fraud Detection Dashboard</summary>
+
+<p align="center">
+  <img src="/mockups/fraud-detection-dashboard.png" alt="Fraud Detection Dashboard showing flagged signups with risk scores" />
+</p>
+<p align="center">
+  <em>A fraud detection dashboard showing high-risk signups awaiting review with detailed risk signals including VPN detection, AS type, network risk scores, and device information.</em>
+</p>
+
+</details>
+
+## Auditing and Monitoring
+You can use Risk Intelligence data for auditing and monitoring purposes. By logging the risk scores and signals associated with user interactions, you can analyze patterns of behavior and identify potential security threats. For example, you might notice a spike in high-risk scores from a particular network, geographic region or device type, which could indicate a coordinated attack.
+
+You can feed this data into your SIEM (Security Information and Event Management) system to correlate it with other security events.
+
+## Account Sharing Prevention
+Risk Intelligence can also help you detect and prevent account sharing. If you see a user logging in from multiple different browsers, devices or locations, it could indicate that the account is being shared among multiple people, which may violate your terms of service.
+
+<details>
+<summary>Example: Account Sharing Detection</summary>
+
+<p align="center">
+  <img src="/mockups/account-sharing-detection.png" alt="Account Sharing Detection showing concurrent sessions from multiple locations" />
+</p>
+<p align="center">
+  <em>An account sharing detection view showing concurrent active sessions from New York, London, and Sydney with detailed device information and geographic distribution on a world map.</em>
+</p>
+
+</details>
+
+## Known Bot Identification
+More and more bots are active on the internet with the rise in LLMs and generative AI.
+
+> *"ChatGPT go to this website, fill in the job application form with my details and submit it"*.
+
+Risk Intelligence helps you identify these known bots,automated traffic, and user-initiated AI automation, allowing you to decide what to do with this traffic.
+
+<details>
+<summary>Example: Bot Detection Dashboard</summary>
+
+<p align="center">
+  <img src="/mockups/bot-detection-dashboard.png" alt="Bot Detection Dashboard showing bot traffic analysis" />
+</p>
+<p align="center">
+  <em>A bot detection dashboard showing traffic distribution between humans and bots, top detected bots (GPTBot, Scrapy, ClaudeBot), and detailed bot activity with risk scores.</em>
+</p>
+
+</details>
+
+## Custom Use Cases
+The modular nature of Risk Intelligence allows you to use the specific data points that are most relevant to your use case. For example, if you are particularly concerned about users using anonymization services such as VPNs or proxies, you can focus on the signals provided by the **Anonymization Detection** module.

docs/sdk/events.md

@@ -47,7 +47,7 @@ Below are all the custom events a widget can emit and their payload.
 
 Called when the widget completes, in the payload you can find the `response` which is the value that should be part of the request to your server.
 
-#### Event payload (**`event.details`**)
+#### Event payload (**`event.detail`**)
 ```typescript
 {
   name: "frc:widget.complete",

docusaurus.config.js

@@ -39,6 +39,7 @@ const config = {
   plugins: [
     "docusaurus-plugin-sass",
     "./src/plugins/tailwind-config.js",
+    "docusaurus-plugin-zooming",
     [
       "@docusaurus/plugin-client-redirects",
       {