Feedbacks
Risk decision feedback enables Incognia to continuously evaluate the quality of its risk assessments. The Incognia Feedback API was built to facilitate the sharing of risk feedback. Clients can send details about a risk decision when one of Incognia's APIs has been called or at any important event. For example, the Feedback API can notify Incognia when a new application, login or payment is approved or denied.
Send feedback
POST
https://api.incognia.com/api/v2/feedbacks
Reports an event related to signups, logins, transactions, etc.
- Request
- Response
Headers
| Authorization | string | Required | Bearer token generated in Authenticating section. |
Query Parameters
| dry_run | string | Optional | Used for testing purposes. If set to true the feedback won`t be persisted. |
Body Parameters
| external_id | string | Optional | ID provided by the client that identifies a transaction which risk assessment was provided by Incognia in the past. |
| login_id | string | Optional | If the feedback is related to a previously assessed login, inform the ID provided in Transaction API response. |
| payment_id | string | Optional | If the feedback is related to a previously assessed payment, inform the ID provided in the Transaction API response. |
| signup_id | string | Optional | If the feedback is related to a previously assessed sign-up, inform the signup_id provided in the Onboarding API response. |
| account_id | string | Optional | User account identifier. For more info refer to Account ID. |
| installation_id | string | Optional | Installation ID related to the event. |
| event | string | Required | Name of the event releated to the feedback. The accepted event types are described below. |
| timestamp | long | Required | Date and time when the fraud or event happened in milliseconds since epoch. |
200: OK
Success
Empty.
400: Bad Request
If the event is signup related and the signup id and/or the installation id are missing, or if it's transaction related and the account id and/or the installation id are missing.
Missing installation_id or signup_id.
401: Unauthorized
Invalid token.
Empty.
403: Forbidden
The given installation isn't related to the provided token.
Empty.
500: Internal Server Error
Some internal error happened. Try again or, if the problem persists, contact us.
Empty.
Using cURL:
curl -v -X POST
-H "Content-Type: application/json"
-H "Authorization: Bearer {TOKEN}"
-d '{
"timestamp": 1610570403068,
"event": "signup_accepted",
"installation_id": "LX2K9uIfkPIL2UIXxQCqSXDTPKkG8gLG2heKnlMrwAaCLV2KHxuji1WLElDrFBlWYJLCwbkghZVmp5WVb6UAjfxlgcExS3W1fgQ4j0ikcp7Z8x9dGTaYcVFXVf0fupbcvhI8Nh0RO9oy+3NavbBX7Q",
"account_id": "214312130",
"signup_id": "5e76a7ca-577c-4f47-a752-9e1e0cee9e49"
}'
"https://api.incognia.com/api/v2/feedbacks"
Understanding event types
The event field possible values are described below:
| Possible value | Descriptions |
|---|---|
| signup_accepted | The account was successfully created as the client classified it as a trusted account. |
| signup_declined | The account was not created as the client classified it as an account that could not be trusted. |
| payment_accepted | The payment was successfully executed using Incognia risk assessment. |
| payment_accepted_by_third_party | The payment was successfully executed as the client classified it as a trusted transaction. |
| payment_accepted_by_control_group | The payment was successfully executed as the client classified it as a control group transaction. |
| payment_declined | The payment was not executed. |
| payment_declined_by_risk_analysis | The payment was not executed due to potentially fraudulent behavior detected by some risk engine. |
| payment_declined_by_manual_review | The payment was not executed after being manually reviewed. |
| payment_declined_by_business | The payment was not executed due to business reasons, like a missing product for example. |
| payment_declined_by_acquirer | The payment was not executed because the acquirer did not approve it. |
| login_accepted | The account successfully logged in to the app as the client classified it as a trusted login. |
| login_declined | The account did not log in to the app as the client classified it as a potentially fraudulent login. |
| verified | The client has verified that the new account is legitimate. Incognia recommends sending both the account_id and installation_id when using this event type. |
| identity_fraud | The account was created with fake or stolen data. |
| account_takeover | The installation logged in to an account that doesn't belong to its owner. Besides the installation_id, Incognia recommends sending the account_id if possible. |
| chargeback_notification | A chargeback was issued by an external provider for the account. |
| chargeback | A chargeback was issued by the credit card acquirer for the account. |
| mpos_fraud | mPOS Fraud was detected. |
| challenge_passed | The user passed an authentication challenge. |
| challenge_failed | The user has failed an authentication challenge. |
| password_changed_successfully | The user successfully changed his password. |
| password_change_failed | The user has failed the process to change his password. |
| promotion_abuse | The account has participated in a case of promotion abuse. |