Detection of anomalies associated with fraudulent access to a service platform

What is claimed is: 1 . A system for detecting anomalous access to a service platform, the system comprising: one or more memories; and one or more processors, communicatively coupled to the one or more memories, configured to: obtain service usage training data associated with one or more devices of a client system providing application programming interface (API) calls to one or more APIs associated with an API gateway; train, based on the service usage training data, a first model to identify feature data associated with the client system using the one or more APIs, wherein the feature data includes a service usage pattern of the client system and source data associated with the one or more devices; train, based on the feature data, a second model to identify anomalous API calls that include a client identifier of the client system; receive an API call associated with an acting device accessing an API of the API gateway, wherein the API call includes the client identifier; process the API call to identify access information associated with the acting device providing the API call; determine, based on the access information and using the second model, that the API call is a potential unauthorized API call; obtain, from a verification device, a verification that the API call is unauthorized; and perform, based on obtaining the verification, an action associated with the acting device. 2 . The system of claim 1 , wherein the service usage pattern identifies at least one of: time patterns associated with receiving corresponding API calls to the one or more APIs; or frequencies of receiving corresponding API calls to the one or more APIs during a time period. 3 . The system of claim 1 , wherein the source data identifies at least one of: corresponding source addresses of the one or more devices; client location information that identifies corresponding locations of the one or more devices; or corresponding user information associated with the one or more devices using the one or more APIs. 4 . The system of claim 1 , wherein the one or more processors, when determining that the API call is a potential unauthorized API call, are configured to: cause the second model, based on the access information, to determine whether the acting device is associated with the client system based on at least one of: a comparison of client location information identified in the source data and device location information, of the access information, that identifies a location of the acting device; or a comparison of client addresses identified in the source data and a device address of the acting device that is identified in the access information. 5 . The system of claim 1 , wherein the one or more processors, when determining that the API call is a potential unauthorized API call, are configured to: compare the access information and the feature data; determine, based on comparing characteristics of the access information with corresponding characteristics of the feature data, a probability that the acting device is not authorized by the client system to access the API; determine that the probability satisfies a threshold probability associated with unauthorized access of the API in association with the client identifier; and determine, based on the probability satisfying the threshold probability, that the acting device accessing the API corresponds to potential anomalous activity. 6 . The system of claim 1 , wherein the one or more processors, when obtaining the verification, are configured to: send, to the verification device, a request for a user input that indicates whether the acting device is authorized to access the API; and receive the user input from the verification device, wherein the verification is included within the user input. 7 . The system of claim 1 , wherein the first model comprises an unsupervised machine learning model that is trained according to a cosine similarity analysis and the second model comprises a supervised machine learning model that is trained according to a decision tree associated with the feature data. 8 . The system of claim 1 , wherein the one or more processors, when performing the action, are configured to at least one of: prevent the acting device from further accessing the API gateway; transmit, to a management device, a notification that indicates that the acting device provided an anomalous API call; storing, in a data structure, the API call in association with an indication that the acting device provided an anomalous API call; or retrain the second model based on the API call. 9 . A method for detecting anomalous access to a service platform, comprising: obtaining, by a device, a first model that is trained to identify feature data associated with a client system using one or more services of a service platform, wherein the feature data includes source data associated with one or more devices of the client system and a service usage pattern of one or more devices of the client system using the one or more services during a training period; training, by the device and based on the feature data, a second model to identify anomalies associated with devices accessing the one or more services in association with a client identifier of the client system; receiving, by the device, access data associated with an acting device accessing a service of the service platform, wherein the access data includes the client identifier and access information associated with the acting device accessing the service; determining, by the device and using the second model, that the acting device accessing the service corresponds to potential anomalous activity based on the access information; obtaining, by the device and from a verification device, a verification that the acting device accessing the service is anomalous activity; and performing, by the device and based on obtaining the verification, an action associated with the acting device. 10 . The method of claim 9 , wherein determining that the acting device accessing the service corresponds to potential anomalous activity comprises: causing the second model, based on the access information, to determine whether the acting device is associated with the client system based on at least one of: a comparison of client location information identified in the source data and device location information, of the access information, that identifies a location of the acting device; a comparison of corresponding identifiers of the one or more services in the service usage pattern and a service identifier of the service identified in the access information; or a comparison of timing of accessing the one or more services identified in the service usage pattern and timing of the device accessing the service identified in the access information. 11 . The method of claim 9 , wherein determining that the acting device accessing the service corresponds to potential anomalous activity comprises: comparing the access information and the feature data; determining, based on comparing characteristics of the access information with corresponding characteristics of the feature data, a probability that the acting device is not authorized by the client system to access the service platform; determining that the probability satisfies a threshold probability associated with unauthorized access of the service platform in association with the client identifier; and determining, based on the probability satisfying the threshold probability, that the acting device accessing the service corresponds to potential anomalous activity. 12 . The method of cla