This backend API is used to report client actions, add the user context and report action results, allowing Fraud Prevention reporting and user profiling.
Client Actions
Download OpenAPI description
Languages
Servers
Sandbox environment
https://api.sbx.transmitsecurity.io/risk/v1/
Production environment (US)
https://api.transmitsecurity.io/risk/v1/
Production environment (EU)
https://api.eu.transmitsecurity.io/risk/v1/
Production environment (CA)
https://api.ca.transmitsecurity.io/risk/v1/
Production environment (AU)
https://api.au.transmitsecurity.io/risk/v1/
Bodyapplication/jsonrequired
A token returned by the SDK for the device session established upon SDK initialization.
Specifies the type of value provided in the claimed_user_id field. This field is especially important when claimed_user_id contains a hashed value, as it clarifies the original data type used.
Enum"email""phone_number""account_id""ssn""national_id""passport_number""drivers_license_number""other"
User identifier of the not yet authenticated user, used to enhance risk and trust assessments. This field should not contain sensitive data in plain text. Once the user has authenticated, to set the user, report the action result via API call or call 'setAuthenticatedUser' from the client SDK.
- Sandbox environmenthttps://api.sbx.transmitsecurity.io/risk/v1/action/trigger-action
- Production environment (US)https://api.transmitsecurity.io/risk/v1/action/trigger-action
- Production environment (EU)https://api.eu.transmitsecurity.io/risk/v1/action/trigger-action
- Production environment (CA)https://api.ca.transmitsecurity.io/risk/v1/action/trigger-action
- Production environment (AU)https://api.au.transmitsecurity.io/risk/v1/action/trigger-action
- cURL
- Node.js
- Go
- JavaScript
- Java
- Python
curl -i -X POST \
'https://api.sbx.transmitsecurity.io/risk/v1/action/trigger-action?get_recommendation=false' \
-H 'Authorization: Bearer <YOUR_JWT_HERE>' \
-H 'Content-Type: application/json' \
-d '{
"session_token": "string",
"action_type": "transaction",
"user_id": "string",
"claimed_user_id_type": "email",
"claimed_user_id": "string",
"correlation_id": "string",
"transaction_data": {
"amount": 999999999.99,
"currency": "USD",
"reason": "string",
"transactionDate": 0,
"payer": {
"name": "string",
"bankIdentifier": "string",
"branchIdentifier": "string",
"accountNumber": "string"
},
"payee": {
"name": "string",
"bankIdentifier": "string",
"branchIdentifier": "string",
"accountNumber": "string"
}
},
"custom_attributes": {
"property1": "string",
"property2": "string"
}
}'Response
application/json
{ "action_token": "string", "recommendation": { "id": "385cd06b527a974982e0560b67123fe2b1b5a39fd98d8d32cdbaca8ec16fd62d", "issued_at": 1648028118123, "recommendation": { … }, "risk_score": 73.2, "context": { … }, "risk_signals": { … }, "reasons": [ … ], "transaction_data": { … }, "threats": [ … ], "preview_rule": { … } } }
Bodyapplication/jsonrequired
Identifier containing sensitive user data. Mosaic will encrypt and securely store this data.
- Sandbox environmenthttps://api.sbx.transmitsecurity.io/risk/v1/action/result
- Production environment (US)https://api.transmitsecurity.io/risk/v1/action/result
- Production environment (EU)https://api.eu.transmitsecurity.io/risk/v1/action/result
- Production environment (CA)https://api.ca.transmitsecurity.io/risk/v1/action/result
- Production environment (AU)https://api.au.transmitsecurity.io/risk/v1/action/result
- cURL
- Node.js
- Go
- JavaScript
- Java
- Python
curl -i -X POST \
https://api.sbx.transmitsecurity.io/risk/v1/action/result \
-H 'Authorization: Bearer <YOUR_JWT_HERE>' \
-H 'Content-Type: application/json' \
-d '{
"action_token": "string",
"result": "success",
"user_id": "string",
"private_user_identifier": "string",
"challenge_type": "sms_otp"
}'Bodyapplication/jsonrequired
Example: ["ea49707f023f48d64a7a817a2e7a5ff4277281a8f8ac1848ccac407967d9d2ce"]
- Sandbox environmenthttps://api.sbx.transmitsecurity.io/risk/v1/action/assignee
- Production environment (US)https://api.transmitsecurity.io/risk/v1/action/assignee
- Production environment (EU)https://api.eu.transmitsecurity.io/risk/v1/action/assignee
- Production environment (CA)https://api.ca.transmitsecurity.io/risk/v1/action/assignee
- Production environment (AU)https://api.au.transmitsecurity.io/risk/v1/action/assignee
- cURL
- Node.js
- Go
- JavaScript
- Java
- Python
curl -i -X PUT \
https://api.sbx.transmitsecurity.io/risk/v1/action/assignee \
-H 'Authorization: Bearer <YOUR_JWT_HERE>' \
-H 'Content-Type: application/json' \
-d '{
"action_ids": [
"ea49707f023f48d64a7a817a2e7a5ff4277281a8f8ac1848ccac407967d9d2ce"
],
"assignee": "string"
}'Response
application/json
{ "success": true, "affectedActionsCount": 4 }
Request
Sets the user context for a client action reported to the SDK. It should be set only after you've fully authenticated the user (including, for example, any 2FA that was required). This call is deprecated, set the user with Report action result API.
Security
risk_access_token
- Sandbox environmenthttps://api.sbx.transmitsecurity.io/risk/v1/action/authenticated-user
- Production environment (US)https://api.transmitsecurity.io/risk/v1/action/authenticated-user
- Production environment (EU)https://api.eu.transmitsecurity.io/risk/v1/action/authenticated-user
- Production environment (CA)https://api.ca.transmitsecurity.io/risk/v1/action/authenticated-user
- Production environment (AU)https://api.au.transmitsecurity.io/risk/v1/action/authenticated-user
- cURL
- Node.js
- Go
- JavaScript
- Java
- Python
curl -i -X POST \
https://api.sbx.transmitsecurity.io/risk/v1/action/authenticated-user \
-H 'Authorization: Bearer <YOUR_JWT_HERE>' \
-H 'Content-Type: application/json' \
-d '{
"user_id": "string",
"action_token": "string"
}'