The Fraud Prevention lets you query historical actions for your tenant programmatically within a bounded time window. Use it to build investigation workflows, export records in bulk for offline analytics, or feed downstream fraud-review systems.
Results include the same action and recommandation details as Recommendations API—the same context, risk_signals, transaction_data, and recommendation objects—so any existing integration can consume historical actions without learning a second schema.
Use the Search Actions API to retrieve a paginated list of actions. Both start_time and end_time are required as Unix epoch time in milliseconds.
Keep the time window as narrow as your use case allows: a tighter range keeps responses fast and pagination predictable. When iterating across multiple pages, fix start_time and end_time once and reuse the same values on every subsequent call.
Rate limit: 20 requests per 60 seconds per tenant.
Authorization: Requests are authorized with a client access token obtained via the token endpoint. The token authenticates requests and scopes results to your tenant.
Retrieve the first page of all actions for a 24-hour window:
GET https://api.transmitsecurity.io/risk/v1/search/actions?start_time=1779600000000&end_time=1779686400000
Authorization: Bearer <access_token>Narrow results to login actions that received a DENY recommendation. The filters parameter accepts URL-encoded JSON:
GET https://api.transmitsecurity.io/risk/v1/search/actions
?start_time=1779600000000
&end_time=1779686400000
&filters=<url-encoded-json>
Authorization: Bearer <access_token>Decoded filter value:
{
"and": [
{ "field": "recommendation.type", "operator": "eq", "value": "DENY" },
{ "field": "context.action_type", "operator": "eq", "value": "login" }
]
}You can also filter on a single condition or use or instead of and. Supported operators include eq, neq, lt, gt, between, in, and nin.
To export all actions within a window, page through results using skip and take:
take: page size, up to 400 items per request (default: 100)skip: offset, up to 10,000
Use the fields parameter to return only the fields you need, which reduces response size significantly for large exports:
GET https://api.transmitsecurity.io/risk/v1/search/actions
?start_time=1779600000000
&end_time=1779686400000
&take=400
&skip=0
&fields=<url-encoded-json>
Authorization: Bearer <access_token>Decoded fields value:
["id", "issued_at", "recommendation.type", "risk_score", "context.user_id", "context.action_type"]For datasets larger than 10,000 items, split the export into shorter, non-overlapping time windows and run requests for each segment.
For the full parameter list, filter syntax, and response schema, see Search actions.