Docs/API Reference

API Reference

Base URL: https://api.riskguard.wejoona.com

Auth: Bearer token in header

Format: JSON

POST/v1/evaluate

Evaluate a transaction for fraud risk. Returns score and action.

Request Body

{
  "transaction_id": "txn_8k2m9x",
  "amount": 250000,
  "currency": "XOF",
  "sender": "usr_awa_diallo",
  "receiver": "usr_merchant_42",
  "channel": "mobile_money",
  "metadata": {
    "device_id": "dev_iphone_a1b2",
    "ip": "102.67.254.63",
    "location": { "lat": 5.36, "lng": -4.01 }
  }
}

Response

{
  "evaluation_id": "eval_9x2k8m",
  "score": 0.12,
  "action": "allow",
  "latency_ms": 23,
  "layers": {
    "rules": { "fired": 0, "checked": 14 },
    "graph": { "patterns_found": 0, "nodes_traversed": 47 },
    "sanctions": { "hits": 0, "lists_checked": 4 }
  },
  "reasons": [],
  "created_at": "2026-02-21T18:30:00Z"
}

GET/v1/evaluations/:id

Retrieve a past evaluation by ID. Includes full decision context.

Response

{
  "evaluation_id": "eval_9x2k8m",
  "transaction_id": "txn_8k2m9x",
  "score": 0.12,
  "action": "allow",
  "layers": { ... },
  "rules_fired": [],
  "graph_patterns": [],
  "sanctions_hits": [],
  "created_at": "2026-02-21T18:30:00Z"
}

GET/v1/rules

List all active rules. Returns YAML definitions and metadata.

Response

{
  "rules": [
    {
      "id": "rule_velocity_phone",
      "name": "High velocity same phone",
      "condition": "velocity.phone.1h.count > 5",
      "action": "review",
      "severity": "medium",
      "enabled": true
    }
  ]
}

PUT/v1/rules/:id

Update a rule. Changes take effect immediately (hot-reload).

Request Body

{
  "condition": "velocity.phone.1h.count > 3",
  "action": "block",
  "severity": "high"
}

Response

{
  "id": "rule_velocity_phone",
  "updated": true,
  "effective_at": "2026-02-21T18:31:00Z"
}

POST/v1/graph/query

Run a custom Cypher query against the transaction graph. Read-only.

Request Body

{
  "query": "MATCH (u:User)-[:SENT]->(t:Transaction)-[:TO]->(m:Merchant) WHERE u.phone = $phone RETURN m, count(t) as txn_count",
  "params": { "phone": "+22507585827580" }
}

Response

{
  "results": [
    { "merchant": "mrc_shop_42", "txn_count": 12 },
    { "merchant": "mrc_agent_99", "txn_count": 3 }
  ],
  "nodes_scanned": 156,
  "latency_ms": 45
}

Authentication

All API requests require a Bearer token in the Authorization header:

Authorization: Bearer rg_live_your_api_key

API keys are scoped per organization. You can create multiple keys with different permissions in the dashboard.

Key prefixes:

rg_live_ — Production key
rg_test_ — Sandbox key (returns mock scores, no billing)

Error Codes

Code	Meaning	Resolution
400	Invalid request body	Check required fields: transaction_id, amount, currency, sender, receiver
401	Invalid or missing API key	Check Authorization header format and key validity
403	Key lacks permission	Use a key with evaluate scope or contact org admin
409	Duplicate transaction_id	Each transaction_id must be unique per org
429	Rate limit exceeded	Default: 1000 req/min. Contact support to increase.
500	Internal error	Retry with exponential backoff. If persistent, contact support.