Fusebill Payments API Risk Fields

When using Fusebill Payments, additional fields will need to be included in your payment method creation payload.

The Fusebill Post Payment method call accepts:

  • ClientIP
  • riskToken

These elements are mandatory when configured with the Fusebill Payment Gateway and should be captured by the registration page obtaining customer payment method information in order to improve Fusebill’s risk decision making process.

Client IP

The Post payment method call must contain the public IP address of the client whom the API call is made on behalf of.

Use the following format when passing in the ClientIP element, where is the public IP address of the client:

“clientIp”: “”


Risk-token is a proprietary javascript library generated token that gathers a variety of client side information and associates it to a generated GUID which can be passed to Fusebill via the RiskToken field in the post payment method call.

This riskToken element value should be the risk token UUID generated by the Risk JavaScript library (defined below) on the webpage of the user who triggered the API request on your system.

Use the following form when passing in the RiskToken element, where 123e4567-e89b-12d3-a456-426655440000 is the risk token generated by the Risk JavaScript library:

“RiskToken”: “123e4567-e89b-12d3-a456-426655440000”

Risk JavaScript library

The WePay Risk JavaScript library (Risk.js) is responsible for generating a risk token for use with the RiskToken element used by Fusebill Payments. It collects risk-related information from the client that loads the JavaScript and associates it with the risk token.


To use the JavaScript library, add a script HTML element to your webpage using https://static.wepay.com/min/js/risk.1.latest.js as the source.

<script type="text/javascript" src="https://static.wepay.com/min/js/risk.1.latest.js"></script>

When your webpage finishes loading, Risk.js waits 5 seconds and then generates a risk token. This delay ensures that the token generation process does not impact your page load performance. You can also choose to manually generate the token when you are ready.


Risk.js has two methods for generating and receiving the risk token:


Returns a UUID token that is associated with the client machine on which Risk.js is loaded. If called before the token has been generated it returns 0.


Immediately generates the risk token. If called after the risk token has been generated, it will have no effect. The best time to use this method is after your page has fully finished rendering so as not to impact page load performance. Note: this method does not return the risk token.
Best Practices

To get the most out of Risk.js, follow these recommended best practices:

  • Load the Risk JavaScript library on the webpage that triggers your API calls to WePay.
  • Load the Risk JavaScript library as soon as possible on the webpage. This gives the library time to collect and tokenize risk related information.
  • WePay risk tokens are only valid for 48 hours, so try to generate new ones when possible.
  • When your webpage has fully finished rendering, call WePay.risk.generate_risk_token() to ensure that the risk token is available when you call WePay.risk.get_risk_token().
  • If you are choosing not to load the Risk JavaScript library immediately on page view, make sure to call WePay.risk.generate_risk_token() immediately after loading the script.
<script type="text/javascript" src="https://static.wepay.com/min/js/risk.1.latest.js"></script>

<script type="text/javascript">