Skip to main content
GET
/
risk_alert
/
{tenant_id}
cURL
curl --request GET \
  --url https://api.insightai.in/risk_alert/{tenant_id} \
  --header 'Authorization: Bearer <token>'
{
  "v": 1,
  "type": "risk.alert",
  "tier": "RISK_ONLY",
  "ts": "2025-12-15T10:20:30.123Z",
  "seq": 9103,
  "stream": {
    "org_id": "4561237890123456",
    "tenant_id": "A9F3K8M2Q7L4ZP1X"
  },
  "data": {
    "alert_id": "ALRT-20251215-9103",
    "decision": {
      "action": "BLOCK",
      "severity": "HIGH",
      "risk_score": 0.82,
      "confidence": 0.74
    },
    "entity": {
      "user": {
        "client_user_id": "u_123",
        "account_id": "acc_991",
        "labels": [
          "new_user",
          "high_value"
        ]
      },
      "device": {
        "device_id": "d_4OwdmtpInKd9fW1fMBSAHN",
        "device_fingerprint": "fp_9c1a...",
        "browser": "Chrome",
        "os": "MacOS",
        "ua": "Mozilla/5.0 (...) Chrome/142.0.0.0 Safari/537.36",
        "screen": "1792x1120@2",
        "timezone": "Asia/Calcutta",
        "language": "en-GB",
        "webgl_hash": "R29vZ2xlIEluYy4gKEludGVsKXxBTkdM..."
      },
      "session": {
        "session_id": "SESS-1765265709938-uuuc7n",
        "first_seen_ts": "2025-12-15T10:19:50.000Z",
        "last_seen_ts": "2025-12-15T10:20:30.000Z",
        "route": "/checkout",
        "event_id": "EID-1765265710965-1"
      },
      "network": {
        "ip": "203.0.113.10",
        "geo": {
          "country": "IN",
          "region": "DL",
          "city": "New Delhi"
        },
        "asn": "AS9498",
        "isp": "Airtel",
        "vpn_proxy_suspected": true,
        "rtt_ms": 12,
        "effective_type": "4g"
      }
    },
    "flags": [
      "VPN_SUSPECTED",
      "HIGH_VELOCITY",
      "AUTOMATION_LIKELY"
    ],
    "reasons": [
      {
        "code": "STAT_HYPER_VELOCITY_SPIKE",
        "weight": 0.35,
        "evidence": {
          "transaction_velocity_count": 27,
          "threshold": 20
        }
      }
    ],
    "correlation": {
      "device_seen_on_users": [
        "u_123",
        "u_881"
      ],
      "user_seen_on_devices": [
        "d_4Owd...",
        "d_k91..."
      ],
      "shared_ip_sessions_10m": 9
    },
    "client_action_hint": {
      "recommended_controls": [
        "3DS",
        "OTP",
        "KYC_STEP_UP"
      ],
      "ttl_seconds": 900,
      "note": "Block purchase attempt; device shows automation & abnormal velocity."
    },
    "additional_data": {
      "order_id": "ORD-9912",
      "payment_attempt_id": "PAY-12001"
    }
  }
}
Retrieves a real-time fraud risk alert for a given tenant.
The response includes risk score, decision (allow/block), device intelligence, session behavior, network details, velocity anomalies, and correlation insights.

Authorizations

Authorization
string
header
required

Bearer authentication header of the form Bearer <token>, where <token> is your auth token.

Path Parameters

tenant_id
string
required

Tenant ID for which the risk alert report is requested.

Response

Risk alert payload containing risk score, flags, device details, network info, and decision reasons.

v
integer

Schema version of the risk alert event.

Example:

1

type
string

Event type identifier.

Example:

"risk.alert"

tier
string

Risk engine tier indicating the evaluation mode.

Example:

"RISK_ONLY"

ts
string<date-time>

Timestamp at which the risk alert was generated.

Example:

"2025-12-15T10:20:30.123Z"

seq
integer

Sequence number of the alert, useful for ordering events.

Example:

9103

stream
object

Metadata related to the tenant and organization origin of the event.

data
object

Core risk evaluation payload including decision, risk score, entity details, and correlation signals.