Feedbacks

Risk decision feedback enables Incognia to continuously evaluate the quality of its risk assessments. The Incognia Feedback API was built to facilitate the sharing of risk feedback. Clients can send details about a risk decision when one of Incognia's APIs has been called or at any important event. For example, the Feedback API can notify Incognia when a new application, login or payment is approved or denied.

post
Send feedback

https://incognia.inloco.com.br/api/v2/feedbacks/
Reports some type of event related to signups, logins, transactions, etc.
Request
Response
Request
Headers
Authorization
required
string
Bearer token generated in Authenticating section.
Query Parameters
dry_run
optional
boolean
Used for testing purposes. If set to true the feedback won't be persisted.
Body Parameters
external_id
optional
string
ID provided by the client that identifies a transaction which risk assessment was provided by Incognia in the past.
login_id
optional
string
If the feedback is related to a previously assessed login, inform the ID provided in Transaction API response.
payment_id
optional
string
If the feedback is related to a previously assessed payment, inform the ID provided in the Transaction API response.
signup_id
optional
string
If the feedback is related to a previously assessed sign-up, inform the signup_id provided in the Onboarding API response.
account_id
optional
string
User account identifier. For more info refer to Account ID.
installation_id
optional
string
Installation ID related to the event.
event
required
string
Name of the event releated to the feedback. The accepted event types are described below.
timestamp
required
string
Date and time when the fraud or event happened in milliseconds since epoch.
Response
200: OK
Success.
Empty.
400: Bad Request
If the event is signup related and the signup id and/or the installation id are missing, or if it's transaction related and the account id and/or the installation id are missing.
Missing installation_id or signup_id.
401: Unauthorized
Invalid token.
Empty.
403: Forbidden
The given installation isn't related to the provided token.
Empty.
Body
Body
{
"timestamp": 1610570403068,
"event": "signup_accepted",
"installation_id": "LX2K9uIfkPIL2UIXxQCqSXDTPKkG8gLG2heKnlMrwAaCLV2KHxuji1WLElDrFBlWYJLCwbkghZVmp5WVb6UAjfxlgcExS3W1fgQ4j0ikcp7Z8x9dGTaYcVFXVf0fupbcvhI8Nh0RO9oy+3NavbBX7Q",
"account_id": "214312130",
"signup_id": "5e76a7ca-577c-4f47-a752-9e1e0cee9e49"
}

Using cURL:

curl -v -X POST
-H "Content-Type: application/json"
-H "Authorization: Bearer {TOKEN}"
-d '{
"timestamp": 1610570403068,
"event": "signup_accepted",
"installation_id": "LX2K9uIfkPIL2UIXxQCqSXDTPKkG8gLG2heKnlMrwAaCLV2KHxuji1WLElDrFBlWYJLCwbkghZVmp5WVb6UAjfxlgcExS3W1fgQ4j0ikcp7Z8x9dGTaYcVFXVf0fupbcvhI8Nh0RO9oy+3NavbBX7Q",
"account_id": "214312130",
"signup_id": "5e76a7ca-577c-4f47-a752-9e1e0cee9e49"
}'
"https://incognia.inloco.com.br/api/v2/feedbacks/"

Understanding event types

The event field possible values are described below:

Possible value

Descriptions

signup_accepted

The account was successfully created as the client classified it as a trusted account.

signup_declined

The account was not created as the client classified it as an account that could not be trusted.

payment_accepted

The payment was successfully executed as the client classified it as a trusted transaction.

payment_declined

The payment was not executed.

payment_declined_by_risk_analysis

The payment was not executed due to potentially fraudulent behavior detected by some risk engine.

payment_declined_by_manual_review

The payment was not executed after being manually reviewed.

payment_declined_by_business

The payment was not executed due to business reasons, like a missing product for example.

payment_declined_by_acquirer

The payment was not executed because the acquirer did not approve it.

login_accepted

The account successfully logged in to the app as the client classified it as a trusted login.

login_declined

The account did not log in to the app as the client classified it as a potentially fraudulent login.

verified

The client has verified that the new account is legitimate. Incognia recommends sending both the account_id and installation_id when using this event type.

not_verified

The client has identified that the new account is fraudulent.

account_takeover

The installation logged in to an account that doesn't belong to its owner. Besides the installation_id, Incognia recommends sending the account_idif possible.

chargeback

User requested chargeback on some transaction.

‚Äč