What signals does the IRBIS enrichment API return?

Depending on the endpoint: phone number intelligence (carrier, line type, owner name, messaging app accounts), email enrichment (linked social profiles, platform accounts, breach history), face image search (reverse face match with confidence scores), name SocialScan (digital footprint across 500+ platforms), IP geolocation and VPN/proxy detection, and breach/dark web exposure data.

How does IRBIS compare to Pipl, Telesign, or Ekata?

Pipl covers email and name identity resolution. Telesign focuses on phone intelligence. Ekata covers phone, email, and IP. None of them cover face image search or breach data. IRBIS covers all signal types — phone, email, face, name, IP, breach — under one API key. For teams that currently use 3-4 providers for different signals, IRBIS consolidates that into a single integration.

What industries use IRBIS as a data layer?

Fintechs and neobanks building onboarding flows, fraud detection platforms enriching risk scores, KYC software vendors adding identity signals, crypto exchanges running AML screening, online lending platforms doing credit risk assessment, and insurance companies verifying claimant identities.

Identity Enrichment API · Data Layer for KYC & Fraud

The Identity Data Layer
Your KYC Stack Is Missing

Q: How is IRBIS different from a full KYC platform?

IRBIS is a data layer, not a workflow tool. We don't replace your KYC stack — we feed it. You call our enrichment API with a phone number, email, or face image and get back structured identity signals in JSON. Your risk engine, fraud model, or compliance workflow makes the decision. Think of us as the data infrastructure underneath your verification logic.

Q: Is the API RESTful? What format are responses?

Yes. All IRBIS enrichment calls are standard HTTP POST requests with JSON responses. Authentication is Bearer token. The async model means you POST a lookup and GET results when ready — your application never blocks. Most enrichment results are available within 10-30 seconds.

Q: Is IRBIS GDPR and AML compliant?

Yes. IRBIS is GDPR compliant and ISO 27001 certified. All API calls are encrypted in transit. Data is processed only to return your results. For compliance documentation, audit log support, and data retention policies, contact the ESPY team directly.

IRBIS gives you phone intelligence, email enrichment, face search, social footprint, IP signals, and breach data — all under one API key. Feed richer identity signals into your verification engine without managing four separate data vendors.

Get Free API Key → Read the Docs

6Signal types

1API key

200+Countries

15 minTo integrate

Your platform sends →

phone: "+14155552671"

email: "user@domain.com"

face: [image_base64]

IRBIS enrichment API processes

Phone intelligence Email graph Face match Social footprint IP signals Breach data PEP/Watchlist

{ "name": "Alex Rivera", "phone_risk": 0.12, "carrier": "T-Mobile", "line_type": "mobile", "social_accounts": ["WhatsApp", "Facebook"], "breaches": 0, "pep_match": false, "confidence": 0.94 }

↓ Your risk engine makes the decision

What IRBIS actually is

A Data Layer. Not a KYC Platform.

There's a difference between a KYC workflow tool and an identity data infrastructure provider. IRBIS is the second one — and that matters for how you use it.

✗ What IRBIS is not

✗ A replacement for your KYC workflow

✗ A document verification platform

✗ A compliance dashboard for end users

✗ A liveness detection or biometric tool

✗ Competing with Jumio, Onfido, or Sumsub

✓ What IRBIS is

✓ Multi-signal enrichment API — phone, email, face, IP, social, breach

✓ Real-time enrichment, not static dataset delivery

✓ Investigative depth — raw data back, not just a risk score

✓ Flexible API — no locked workflows, no required dashboards

✓ One key replacing Pipl + Telesign + Ekata + MaxMind

The gap every competitor leaves open: Identity Graph providers (Pipl, Ekata) are real-time but cover 2-3 signal types. Raw Dataset providers (PDL, LexisNexis) have broad coverage but deliver static or batch data — not real-time API enrichment. Signal API providers (Telesign, MaxMind) are real-time but each covers exactly one signal. And the hybrid players (Sift) return a score, not the raw data your team needs to investigate. IRBIS is the only provider that is real-time, multi-signal, and gives you investigative-grade data — not just a number.

Identity signals

Six Signal Types. One API Key.

Most data providers cover one or two signal types well. IRBIS covers all of them — which means you stop paying for four separate vendor contracts.

Phone Intelligence

id: "phone" · "real_phone" · "phone_name"

Carrier lookup, line type detection (mobile vs VoIP vs landline), owner name resolution, messaging app accounts linked to the number, and phone-vs-name cross-validation. Flags throwaway numbers and VoIP accounts commonly used in synthetic identity fraud.

CarrierLine typeOwner nameWhatsApp / TelegramRisk score

✉️

Email Enrichment

id: "email"

Search by email and retrieve all linked social profiles, platform accounts, and usernames registered to that address across 200+ platforms. Reveals the digital footprint behind an email — thin profiles or mismatched data are early fraud indicators.

Social profilesPlatform accountsUsernamesAccount age signals

Reverse Face Search

id: "face"

Upload a face image and find where it appears online. Returns confidence-scored matches with source URLs. Catches stolen profile photos used in fake identity creation — something no other enrichment API provider offers.

Match confidenceSource URLsKnown fraud DB

👤

Name & Social Footprint

id: "name" · "name_webscan"

Name-based identity resolution across social networks and the open web. Returns linked accounts, usernames, location signals, and presence consistency scores. Useful for spotting thin or inconsistent digital identities that document checks alone would pass.

Social accountsWeb presenceAliasesLocation signals

IP Geolocation & Risk

id: "ip" · "phone_ip"

Country, city, ISP, and VPN/proxy/Tor detection for any IP. The phone-vs-IP validator cross-checks a phone's registered country against the session IP — a mismatch is one of the strongest available signals of account manipulation.

GeolocationVPN / proxyISPPhone-IP mismatch

🔓

Breach & Exposure Data

id: "breach"

Check whether an email or phone appears in known data breach databases. Returns breach names, dates, and exposed data types. Used for credential stuffing detection, risk scoring at onboarding, and ongoing AML monitoring of existing accounts.

Breach namesExposure datesData types exposed

Architecture

Where IRBIS Fits in Your Stack

IRBIS is an enrichment layer — it goes between your data collection and your risk decision. Here's how most teams wire it in.

Customer submits data at onboarding

Name, phone number, email address, ID document, selfie — whatever your flow collects

↓

IRBIS enrichment API call ← you are here

POST phone/email/face to IRBIS → get back identity signals, risk indicators, social graph, breach status, PEP/watchlist match

↓

Your risk engine scores the enriched profile

Your model, your rules, your thresholds — IRBIS just gives you better inputs to work with

↓

Approve / flag / reject

Auto-approve clean profiles, send borderline cases to manual review, block high-risk ones automatically

What teams typically replace with IRBIS

→ Pipl or FullContact for identity resolution

→ Telesign or Ekata for phone intelligence

→ MaxMind for IP geolocation and VPN detection

→ HaveIBeenPwned for breach data

→ A custom face search solution (or nothing)

That's 4-5 separate vendor contracts, 4-5 API keys, 4-5 sets of documentation. IRBIS replaces all of them with one integration.

Use cases

Who Builds With IRBIS

Not end users. Engineers and product teams who are building something and need identity data infrastructure underneath it.

Fintechs & neobanks

Enrich user-submitted phone and email at account creation. Cross-check the social footprint against the claimed identity. Flag VoIP numbers and synthetic identities before they get through onboarding.

phoneemailphone_ipbreach

Fraud detection platforms

Add identity enrichment signals to your fraud scoring model. Phone line type, email account age, IP-phone country mismatch, and breach exposure are all strong predictors that pure transactional data misses.

real_phonephone_ipipbreach

KYC software vendors

If you're selling a KYC product and want to add richer identity signals to your platform — social graph, phone intelligence, face search — IRBIS is the data layer you call behind the scenes without building it yourself.

phoneemailfacename

Crypto exchanges & wallets

FATF Travel Rule and AML requirements mean crypto platforms need to know their customers at a level well beyond a document scan. Phone and email enrichment add the digital identity layer that document-only KYC can't provide.

phoneemailkycbreach

Online lending & BNPL

Credit risk models rely on identity confidence. Enriching application data with phone intelligence, social presence, and breach exposure gives underwriting models better signals without adding friction to the borrower journey.

phone_nameemailip

Risk & compliance teams

In-house fraud and AML teams at banks, insurers, and marketplaces use IRBIS to run enrichment checks on flagged accounts, investigate suspicious customers, and feed better data into ongoing AML monitoring workflows.

phonefacenamebreach

How we compare

IRBIS vs Specialist Signal Providers

The market splits into four types of providers. IRBIS is the only one that crosses all four categories — which is the whole point.

Identity Graph

Links email, phone, name → real person. Pipl, Ekata, FullContact

Raw Dataset

Static or batch data delivery. PDL, Coresignal, LexisNexis

Signal API

Single-signal modular enrichment. Telesign, MaxMind, IPQS

Multi-signal + Investigative ← IRBIS

Cross-signal enrichment + investigative depth. Only IRBIS.

Signal / capability	IRBIS	Pipl	Telesign	Ekata	MaxMind	PDL	Sift	LexisNexis
Phone number intelligence	✓	Partial	✓ Core	✓	✗	✗	Partial	✓
Phone line type (VoIP / mobile)	✓	✗	✓	✓	✗	✗	✗	Partial
Email identity enrichment	✓	✓	Partial	✓	✗	✓	Partial	✓
Reverse face / image search	✓ Unique	✗	✗	✗	✗	✗	✗	✗
Social footprint / identity graph	✓	✓	✗	Partial	✗	✓	Network signals	Partial
IP geolocation + VPN detection	✓	✗	Partial	✓	✓ Core	✗	Device signals	✗
Breach / dark web exposure	✓	✗	✗	✗	✗	✗	✗	Partial
Real-time API (not static dataset)	✓	✓	✓	✓	✓	Batch / static	✓	Mostly static
Investigative depth (not just scoring)	✓	Partial	✗	✗	✗	✗	Score only	Partial
All signals under one API key	✓	✗	✗	✗	✗	✗	✗	✗
Flexible / pay-per-lookup pricing	✓	Enterprise	Volume commit	Enterprise	✓	Subscription	Enterprise	Enterprise

Cross-signal enrichment

Every other provider owns one signal type. IRBIS crosses phone, email, social, face, IP, and breach in a single call — so your model gets a joined identity picture, not isolated data points.

Investigative depth

Most signal providers return a score. IRBIS returns the raw data behind it — linked accounts, source URLs, platform-level matches. Your team can investigate, not just accept a risk number.

No locked workflows

IRBIS is a pure API — you call what you need, when you need it. No required integrations, no onboarding flows, no dashboard you have to use. Your logic, your rules, your system.

Integration

First API Call in 15 Minutes

Standard REST API, Bearer token auth, JSON responses. If your stack already calls any enrichment API, you already know how to integrate IRBIS.

Phone enrichment · cURL

# 1. Submit enrichment request
curl -X POST \
  https://irbis.espysys.com/api/developer/post \
  -H "Authorization: Bearer YOUR_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "searches": [
      { "id": "phone", "term": "+14155552671" },
      { "id": "real_phone", "term": "+14155552671" }
    ]
  }'

# Returns lookupId immediately
{ "lookupId": "lk_9e2c83a1f" }

# 2. Retrieve enriched results
curl \
  https://irbis.espysys.com/api/developer/results/lk_9e2c83a1f \
  -H "Authorization: Bearer YOUR_KEY"

Async by design

POST returns a lookupId immediately. Your system stores it and GETs the result when ready. No blocking, no timeout risk on your application layer. Most results land in 10–30 seconds.

Run multiple signals in one call

The searches array accepts multiple signal types in a single POST request. One round trip to get phone + email + IP enrichment simultaneously.

Credit-based pricing

Each enrichment call costs credits based on endpoint depth. No monthly fee to access the API. No charge for empty responses. Check your remaining balance anytime with the /credits endpoint.

Full API documentation →

FAQ

Dev & Compliance FAQs

What is identity enrichment for KYC?

Identity enrichment means taking a data point you already have — a phone number, email, or name — and expanding it with additional signals: linked social profiles, location data, risk indicators, breach history, and network connections. KYC platforms and fraud engines use enrichment APIs to make better decisions without building their own data infrastructure.

How is IRBIS different from a full KYC platform like Sumsub or Jumio?

IRBIS is a data layer, not a workflow tool. Jumio and Sumsub handle document verification, liveness detection, and onboarding UX. IRBIS feeds identity signals to whatever system is doing the decision-making — your own risk engine, a fraud model, or a third-party KYC platform. We don't replace those tools, we make them better.

What signals does the enrichment API return?

Depending on the endpoint: phone intelligence (carrier, line type, owner name, messaging app presence), email enrichment (linked social profiles, platform accounts, breach history), face image reverse search (confidence-scored matches with source URLs), name SocialScan (digital footprint across 500+ platforms), IP geolocation and VPN/proxy detection, and breach/dark web exposure.

How does IRBIS compare to Pipl, Telesign, and Ekata?

Each of those covers 1-2 signal types. Pipl: email and name identity graph. Telesign: phone intelligence. Ekata: phone, email, IP. None of them cover face image search or breach data. IRBIS covers all six signal types under one API key — so teams that currently use 3-4 separate providers can consolidate onto a single integration.

Is the API RESTful? What format are responses?

Yes. All calls are standard HTTP POST requests. Authentication is via Bearer token. Responses are structured JSON. The async model means you POST a lookup and GET results when ready — your application never blocks. Full endpoint documentation is at api-docs.espysys.com.

Is IRBIS GDPR and AML compliant?

IRBIS is GDPR compliant and ISO 27001 certified. All API calls are encrypted in transit. Data is processed only to return lookup results and is not shared with third parties. For compliance documentation, data processing agreements, and retention policy details, contact the ESPY team directly.

What industries use IRBIS as a data enrichment layer?

Fintechs and neobanks enriching onboarding flows, fraud detection platforms adding identity signals to risk scoring, KYC software vendors adding data depth to their own products, crypto exchanges running AML screening, online lenders doing credit risk assessment, and in-house compliance teams at banks and insurers.

How long does integration take?

Most teams make their first live API call within 15 minutes of registering. A full production integration — including async result handling — typically takes one to two days. Free trial credits are included on signup. No credit card required.

The Identity Data LayerYour KYC Stack Is Missing