Overview
How VertexY fits into a modern fraud stack for payments, accounts, and order workflows.
VertexY helps product and risk teams decide whether to allow, review, or block sensitive activity in real time. Most teams integrate it at checkout first, then expand into account, refund, dispute, and analyst workflows.
Call the risk engine before approving a payment, order, or account action.
Send lifecycle signals so VertexY can build velocity and graph context.
Submit final outcomes so future decisions learn from confirmed results.
Where VertexY sits
Place VertexY between your application workflow and the final business action:
- Your backend receives a checkout, login, refund, or other risk-bearing request.
- Your backend calls
POST /risk-engine/assesswith identity, payment, device, geo, and order context. - VertexY returns
allow,review, orblockwith a score and reason codes. - Your system applies the decision, then sends outcome feedback when the result is known.
Core APIs
/risk-engine/assessReal-time risk assessment
Use this before completing a sensitive action. The response includes riskScore, action, riskLevel, and reasonCodes.
/events/ingestSigned event ingestion
Send payment, order, account, refund, dispute, and chargeback events with HMAC headers.
/risk-engine/feedbackOutcome feedback
Report approved, rejected, chargeback, confirmed fraud, or false positive outcomes.
Regional integration examples
US marketplaces
A US marketplace calls VertexY before card authorization, using USD amounts, BIN data, device fingerprinting, and IP geo from New York or California checkout traffic.
Common signals: card-not-present velocity, email reputation, coupon abuse, chargebacks, and repeat shipping address overlap.
European fintech and commerce
A European fintech scores EUR or GBP transactions while keeping PII minimized and hashed where possible. Teams usually pair VertexY decisions with their GDPR retention policy.
Common signals: PSD2 challenge outcomes, cross-border account access, device timezone mismatch, and refund abuse.
Southeast Asian platforms
A Southeast Asian commerce platform scores SGD, IDR, THB, PHP, or VND orders across wallet, card, and cash-on-delivery flows.
Common signals: mobile-wallet fingerprints, device reuse, voucher abuse, failed payment bursts, and account farming.
Authentication model
VertexY uses two authentication modes:
- Bearer JWTs for dashboard and backend APIs such as
POST /risk-engine/assess. - HMAC signatures for
POST /events/ingest, where VertexY verifies the raw request body.
Read Authentication before building, then use the interactive API reference when you are ready to test endpoints.
Production checklist
- Keep access and refresh tokens server-side where possible.
- Sign every event ingestion request.
- Use stable
transactionId,externalEventId, andidempotencyKeyvalues. - Store
assessmentIdon your order or risk record. - Send feedback as soon as final outcomes are known.
- Combine plan feature gates with assigned user permissions inside the dashboard.
What VertexY does not replace
Your system still owns payment authorization, customer communication, regulatory retention rules, gateway dispute operations, and final workflow execution. VertexY gives your team the risk decision and investigation context needed to act consistently.