Fraud Detection API
Synchronous fraud decision engine — rules, block/allow lists, and review queue
The Fraud Detection Service is the platform's synchronous risk evaluation layer.
It is called by the payments-service at authorization time and is also exposed publicly
via the api.* aggregator at /v1/fraud/. The rules engine is implemented in Go;
ML scoring via a Python sidecar is wired in Phase 2+.
Base URLs
| Environment | Hostname |
|---|---|
| Sandbox | https://sandbox.505pay.link |
| Production (505pay.link) | https://api.505pay.link |
| Production (straventa.com) | https://api.straventa.com |
Authentication
All fraud API endpoints require a Bearer JWT issued by the auth-service. The
tenant_id claim is extracted server-side — callers do not include it in the
request body.
Decision verdicts
| Verdict | Meaning |
|---|---|
allow | Passes all checks; proceed normally. |
review | Suspicious; flag for manual review, do not block. |
decline | High-confidence fraud; block the action. |
unavailable | Service temporarily unable to evaluate; apply your own fallback policy. |
Flag-only launch (P0)
At launch the service never hard-declines. Every decision is flagged for human review;
the decline verdict is reserved for Phase 2+ when the ML sidecar is wired in and
confidence calibration is complete.
Idempotency
Pass an Idempotency-Key header (UUID or opaque string, up to 64 characters) on
POST /v1/fraud/decisions. Duplicate submissions within the replay window return the
original decision with HTTP 200.
Reason codes
| Code | Meaning |
|---|---|
velocity_ip_exceeded | Payer IP exceeded per-(IP, merchant) attempt threshold within window |
velocity_card_exceeded | Payment card fingerprint seen across too many distinct merchants in 24h |
velocity_fingerprint_exceeded | Device fingerprint seen across too many distinct merchants in 24h |
high_risk_score | Computed risk score exceeds review threshold (no single rule tripped) |
list_block_ip | Payer IP appears on a block list |
list_block_card | Card fingerprint appears on a block list |
list_block_fingerprint | Device fingerprint appears on a block list |
ml_high_score | ML sidecar score above decline threshold (Phase 2+; not emitted in P0) |
P0 scope
Only event_type=payment is implemented in P0. Other event_type values return
400 event_type_unsupported.
Endpoint reference
Fraud decisions
Synchronous fraud evaluation — submit a platform event and receive a verdict, risk score, and reason codes. Called by the payments-service at authorization time and available directly via the api.* aggregator.
Configurable rules
Manage per-tenant fraud rules expressed as condition/action definitions. Each PATCH that supplies a definition appends an immutable version snapshot.
Block / allow lists
Manage per-tenant block and allow lists keyed by IP, device fingerprint, card fingerprint, email, or customer ID. Allow overrides block when both match.
Health & metadata
Liveness probe and OpenAPI specification endpoints.
Ungrouped operations
23 operations in the spec are not listed in the groups file. Add their operationIds to content/docs/api/fraud.groups.json.
List LTKT cash-CTR obligations for the tenant
Get the tenant's AML config
List AML reports for the tenant
Get a single AML report by ID
Export the AML report XML file for submission
List unified compliance cases
Get a case with its immutable trail
List a case's disposition trail
List the open case work queue
Get a narration artifact
List a subject's narration artifacts
Draft a goAML report for a compliance case
Approve a drafted AML report (maker-checker)
Mark an approved AML report ready for filing
Assign a case to an owner
Submit a case disposition
Approve a pending case disposition
Reject a pending case disposition
Escalate a case
Mark a narration draft reviewed (single-control, advisory)
Generate an advisory LTKM narrative draft for a compliance case
Generate an advisory triage summary for a fraud decision
Upsert the tenant's AML config
Was this page helpful?