Fraud Decisioning API | RequestGuard Docs

Use POST /assess to send request context and receive an application-ready decision: allow, challenge, review, or block.

Endpoint

POST /assess

Authentication is required.

Request

{
  "ip": "1.2.3.4",
  "email": "user@example.com",
  "domain": "example.com",
  "user_agent": "Mozilla/5.0 ...",
  "event": "signup",
  "user_id": "optional",
  "session_id": "optional",
  "phone": "optional",
  "billing_country": "US",
  "shipping_country": "US",
  "metadata": {
    "plan": "free",
    "campaign": "paid_ad"
  }
}

Response

{
  "request_id": "req_123",
  "risk_score": 87,
  "risk_level": "high",
  "decision": "block",
  "confidence": 0.91,
  "recommended_action": "block_request",
  "summary": "Block signup request because email domain is associated with temporary inbox services.",
  "reasons": [
    {
      "code": "disposable_email",
      "severity": "high",
      "description": "Email domain is associated with temporary inbox services."
    }
  ],
  "matched_rules": [],
  "signals": {
    "ip": {},
    "email": {},
    "domain": {},
    "device": {},
    "behavior": {}
  }
}

Decisions

Decision	Use
`allow`	Continue normally.
`challenge`	Ask for stronger verification such as CAPTCHA.
`review`	Delay fulfillment or queue manual review.
`block`	Reject the request.

Store request_id with your user, order, session, or event record so support and security teams can search the investigation log later.