Recommendations

Download OpenAPI specification:Download

Recommendation APIs provided by Detection and Response services are used to assess risk level, obtain recommendations, and provide feedback

Get recommendation

Get a risk recommendation for a client action reported to the SDK (via triggerActionEvent() call)

SecurityHTTP: risk_access_token

Request

query Parameters

action_token required	string Default: "REPLACE_WITH_ACTION_TOKEN" Action token returned by the SDK when the action was reported
user_id	string Default: "REPLACE_WITH_USER_ID" User identifier as sent to the SDK on the client-side

Responses

200

Recommendation

400

Bad request

401

Invalid authentication

403

Invalid authorization

429

Rate limit reached

500

Internal error

get/recommendation

Request samples

Response samples

application/json

{"id": "385cd06b527a974982e0560b67123fe2b1b5a39fd98d8d32cdbaca8ec16fd62d",
"issued_at": 1648028118123,
"recommendation": {"type": "CHALLENGE"
},
"risk_score": 73.2,
"context": {"action_id": "885cd06b527a97498200560b67123fe221b5a39fd98d8d22cdb7ca8ec16ed62d",
"action_type": "login",
"action_performed_at": 1648028118123,
"device_timestamp": 1648028107819,
"client_id": "d152ddd.ece93f4.c2a3d12.riskid.security",
"application_id": "ece93f4",
"tenant_id": "c2a3d12",
"device_id": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIwZGE4ZmZjYy01NmE1LTRmMjgtYThkZi04NDY5MmYwYThmYTAiLCJ2ZXJzaW9uIjoxLCJpYXQiOjE2NTU3OTYzODQ1MzF9.TeGoqlCe_6eWzl9a3-vAumG4Xap8WjwsgcO2-DzGtLg",
"correlation_id": "bcb934d8-89cb-433b-a4c7-b7d94299586b",
"device_fingerprint": "a3c8f5ea75cb65fcdc3d0452b985f957a46e24afdc912e93dac1e115ecf408e5",
"device_public_key": "625ad815e47a1a05318c98185ff8cfb35fd706d836a1ad7459842f381929a8e3",
"user_id": "5c4afa75c",
"claimed_user_id": "5c4afa75c",
"location": "https://www.amazingapp.com/shops?target=1",
"ip": "192.168.0.1",
"ip_country": "UK",
"ip_region": "California",
"ip_location_city": "Los Angeles",
"ip_location_zip": 92131,
"ip_location_longitude": "-117.0903",
"ip_location_latitude": "32.9167",
"ip_asn_name": "AS174 Cogent Communications",
"ip_asn_id": "AS174",
"ip_organization_name": "Cogent Communications",
"ip_organization_type": "isp",
"ip_location_timezone": "America/Los_Angeles",
"device_timezone": "America/Los_Angeles",
"device_languages": ["en-US",
"en"
],
"device_platform": "desktop",
"os_name": "macOS",
"os_version": "14.1.0",
"browser_name": "Chrome",
"browser_version": 113,
"user_agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.90 Safari/537.36"
},
"risk_signals": {"device": {"ram": 0,
"total_storage": 0,
"available_storage": 0,
"battery_level": 0,
"core_number": 0,
"graphic_card": "string",
"model": "string",
"screen_width": 0,
"screen_height": 0,
"incognito": true,
"tampered": true,
"emulated": true,
"spoofed": true,
"tz_mismatch": true,
"esim_usage": true,
"accept_languages": "string",
"mobile_network_code": "string",
"screen_avail_width": 0,
"screen_avail_height": 0,
"font_count": 0,
"cpu_arch": "string"
},
"network": {"vpn": true,
"tor": true,
"hosting": true,
"proxy": true,
"anonymizer": true
},
"behavior": {"typing_velocity": 0.867,
"movement_velocity": 10,
"input_method": ["is_typing",
"is_paste"
],
"no_user_interaction": true
},
"history": {"ip_action_rate_60_sec": 1,
"user_action_rate_60_sec": 2,
"device_action_rate_60_sec": 1,
"ip_user_count_last_hour": 1,
"linking_user_to_device_count": 1,
"linking_device_to_users_count": 1,
"ip_device_count_last_hour": 1
}
},
"reasons": ["BEHAVIOR_BOT",
"IP_RISKY_REPUTATION",
"DEVICE_SUSPICIOUS_ATTRIBUTE",
"PROFILE_DEVICE_NEW"
],
"transaction_data": {"amount": 120,
"currency": "USD",
"reason": "string",
"transactionDate": 0,
"payer": {"name": "string",
"bankIdentifier": "string",
"branchIdentifier": "string",
"accountNumber": "string"
},
"payee": {"name": "string",
"bankIdentifier": "string",
"branchIdentifier": "string",
"accountNumber": "string"
}
},
"preview_rule": {"rule_name": "string",
"recommendation": "string"
}
}

Create ruleDeprecated

Creates a new recommendation rule. Returns the rule_id used to reference the rule in subsequent requests.

SecurityHTTP: risk_access_token

Request

Request Body schema: application/json
required

name	string Name of the recommendation rule. Must be unique across the tenant. Auto generated if not provided.
priority required	integer [ 1 .. 1000 ] Priority of the recommendation rule, which determines the order in which rules are evaluated. Rules are evaluated from smallest to biggest priority value and only the first rule to match will apply. Priority value must be unique.
required	ip_cidrs (object) or device_ids (object) or device_fingerprints (object) or device_public_keys (object) or user_ids (object) or country_codes (object) or browser_names (object) or os_versions (object) (matcher) Activity field matcher. Only one matcher can be defined per rule.
recommendation required	string (rule_recommendation_type) Recommendation type Enum: "CHALLENGE" "DENY" "TRUST"
enabled required	boolean Whether or not the rule will be evaluated
mode required	string (rule_mode) Allows you to simulate a rule and evaluate its impact before releasing it to production. The simulation occurs each time a recommendation is requested. If a preview rule matches the request (meaning, its priority is higher than all matching rules), the response will include this preview rule and what the recommendation would have been if all rules were in production. Enum: "PREVIEW" "PRODUCTION"

Responses

201

Rule created successfully

400

Bad request

401

Invalid authentication

403

Invalid authorization

409

Unique field collision

429

Rate limit reached

500

Internal error

post/recommendation/rules

Request samples

application/json

{"name": "Block risky countries",
"priority": 10,
"matcher": {"ip_cidrs": ["string"
]
},
"recommendation": "CHALLENGE",
"enabled": true,
"mode": "PREVIEW"
}

Response samples

application/json

{"message": "string",
"rule_id": "string"
}

Get all rulesDeprecated

Retrieves a list of all recommendation rules

SecurityHTTP: risk_access_token

Responses

200

Rules retrieved successfully

400

Bad request

401

Invalid authentication

403

Invalid authorization

429

Rate limit reached

500

Internal error

get/recommendation/rules

Request samples

Response samples

application/json

{"data": [{"id": "string",
"name": "Block risky countries",
"priority": 10,
"matcher": {"ip_cidrs": ["string"
]
},
"recommendation": "CHALLENGE",
"enabled": true,
"mode": "PREVIEW"
}
]
}

Get rule by IDDeprecated

Retrieves a specific recommendation rule by its ID

SecurityHTTP: risk_access_token

Request

path Parameters

rule_id

required

string

ID of the recommendation rule

Responses

200

Rule retrieved successfully

400

Bad request

401

Invalid authentication

403

Invalid authorization

404

Not found

429

Rate limit reached

500

Internal error

get/recommendation/rules/{rule_id}

Request samples

Response samples

application/json

{"id": "string",
"data": {"name": "Block risky countries",
"priority": 10,
"matcher": {"ip_cidrs": ["string"
]
},
"recommendation": "CHALLENGE",
"enabled": true,
"mode": "PREVIEW"
}
}

Update rule by IDDeprecated

Updates a specific recommendation rule

SecurityHTTP: risk_access_token

Request

path Parameters

rule_id

required

string

ID of the recommendation rule

Request Body schema: application/json
required

name	string Name of the recommendation rule. Must be unique across the tenant. Auto generated if not provided.
priority required	integer [ 1 .. 1000 ] Priority of the recommendation rule, which determines the order in which rules are evaluated. Rules are evaluated from smallest to biggest priority value and only the first rule to match will apply. Priority value must be unique.
required	ip_cidrs (object) or device_ids (object) or device_fingerprints (object) or device_public_keys (object) or user_ids (object) or country_codes (object) or browser_names (object) or os_versions (object) (matcher) Activity field matcher. Only one matcher can be defined per rule.
recommendation required	string (rule_recommendation_type) Recommendation type Enum: "CHALLENGE" "DENY" "TRUST"
enabled required	boolean Whether or not the rule will be evaluated
mode required	string (rule_mode) Allows you to simulate a rule and evaluate its impact before releasing it to production. The simulation occurs each time a recommendation is requested. If a preview rule matches the request (meaning, its priority is higher than all matching rules), the response will include this preview rule and what the recommendation would have been if all rules were in production. Enum: "PREVIEW" "PRODUCTION"

Responses

200

Rule updated successfully

400

Bad request

401

Invalid authentication

403

Invalid authorization

404

Not found

429

Rate limit reached

500

Internal error

put/recommendation/rules/{rule_id}

Request samples

application/json

{"name": "Block risky countries",
"priority": 10,
"matcher": {"ip_cidrs": ["string"
]
},
"recommendation": "CHALLENGE",
"enabled": true,
"mode": "PREVIEW"
}

Response samples

application/json

{"message": "string"
}

Delete rule by IDDeprecated

Deletes a specific recommendation rule. Note that you can also disable rules if needed using the enabled rule attribute.

SecurityHTTP: risk_access_token

Request

path Parameters

rule_id

required

string

ID of the recommendation rule

Responses

200

Rule updated successfully

400

Bad request

401

Invalid authentication

403

Invalid authorization

404

Not found

429

Rate limit reached

500

Internal error

delete/recommendation/rules/{rule_id}

Request samples

Response samples

application/json

{"message": "string"
}

Recommendations

Get recommendation

query Parameters

Create ruleDeprecated

Request Body schema: application/jsonrequired

Get all rulesDeprecated

Get rule by IDDeprecated

path Parameters

Update rule by IDDeprecated

path Parameters

Request Body schema: application/jsonrequired

Delete rule by IDDeprecated

path Parameters

Request Body schema: application/json
required

Request Body schema: application/json
required