Skip to content

Search and export recommendations via API

The Fraud Prevention lets you query historical actions for your tenant programmatically within a bounded time window. Use it to build investigation workflows, export records in bulk for offline analytics, or feed downstream fraud-review systems.

Results include the same action and recommandation details as Recommendations API—the same context, risk_signals, transaction_data, and recommendation objects—so any existing integration can consume historical actions without learning a second schema.

Query actions

Use the Search Actions API to retrieve a paginated list of actions. Both start_time and end_time are required as Unix epoch time in milliseconds.

Tip

Keep the time window as narrow as your use case allows: a tighter range keeps responses fast and pagination predictable. When iterating across multiple pages, fix start_time and end_time once and reuse the same values on every subsequent call.

Rate limit: 20 requests per 60 seconds per tenant.

Authorization: Requests are authorized with a client access token obtained via the token endpoint. The token authenticates requests and scopes results to your tenant.

Basic query

Retrieve the first page of all actions for a 24-hour window:

GET https://api.transmitsecurity.io/risk/v1/search/actions?start_time=1779600000000&end_time=1779686400000
Authorization: Bearer <access_token>

Filter by recommendation and action type

Narrow results to login actions that received a DENY recommendation. The filters parameter accepts URL-encoded JSON:

GET https://api.transmitsecurity.io/risk/v1/search/actions
  ?start_time=1779600000000
  &end_time=1779686400000
  &filters=<url-encoded-json>
Authorization: Bearer <access_token>

Decoded filter value:

{
  "and": [
    { "field": "recommendation.type", "operator": "eq", "value": "DENY" },
    { "field": "context.action_type", "operator": "eq", "value": "login" }
  ]
}

You can also filter on a single condition or use or instead of and. Supported operators include eq, neq, lt, gt, between, in, and nin.

Bulk export

To export all actions within a window, page through results using skip and take:

  • take: page size, up to 400 items per request (default: 100)
  • skip: offset, up to 10,000

Use the fields parameter to return only the fields you need, which reduces response size significantly for large exports:

GET https://api.transmitsecurity.io/risk/v1/search/actions
  ?start_time=1779600000000
  &end_time=1779686400000
  &take=400
  &skip=0
  &fields=<url-encoded-json>
Authorization: Bearer <access_token>

Decoded fields value:

["id", "issued_at", "recommendation.type", "risk_score", "context.user_id", "context.action_type"]

For datasets larger than 10,000 items, split the export into shorter, non-overlapping time windows and run requests for each segment.

API reference

For the full parameter list, filter syntax, and response schema, see Search actions.