The evaluation object
Attributes
id string
The unique identifier of the evaluation.
action string
The action that was evaluated. One of login, signup, access, or a custom action string.
verdict string
The verdict of the evaluation.
allow
The action should be allowed.
challenge
The action should require a challenge. A challenge object will be present, and redirect carries the URL to the hosted challenge page.
deny
The action should be blocked.
restrict
The action should be restricted.
challenge_and_restrict
The action should be restricted and a challenge should be issued.
reasons array
The reasons that contributed to the verdict.
redirect string (optional)
When the verdict is challenge, the URL to the hosted challenge page. Navigate the user here to begin the challenge.
user object (optional)
The end user the evaluation is bound to. See The user object.
challenge object (optional)
The challenge that was issued, when the verdict is challenge.
challenge.id string
The challenge identifier. Use it with getChallenge to fetch full state.
challenge.status string
The current status of the challenge.
challenge.type string
The challenge category (for example, fake_account, account_sharing).
policy object (optional)
The policy that matched.
policy.id string
The policy identifier.
policy.name string
The policy's display name as configured in the Rupt dashboard.
policy.action object
The action the policy applied, e.g. { "type": "challenge" }.
fingerprint object (optional)
The fingerprint resolved for the request.
fingerprint.id string
The fingerprint identifier.
fingerprint.confidence number
Match confidence between 0 and 1.
geolocation object (optional)
Coarse geolocation data resolved from the IP. Includes city, region, country, country_code, ip, and a security sub-object with vpn, proxy, tor, hosting flags.
device string (optional)
The identifier of the device tied to this evaluation, when the action created or referenced one.
access string (optional)
The identifier of the access record tied to this evaluation, when applicable (typically only for access actions).
risks array (optional)
Risk objects detected during the evaluation. Each has category, severity, score, and indicators.
risk_summary array (optional)
A compact summary of risks: category and severity only.
metadata object (optional)
The custom metadata you attached when calling evaluate().
checks object (optional)
A snapshot of the boolean and numeric checks the policy engine evaluated.
createdAt date
When the evaluation was created.
updatedAt date
When the evaluation was last updated.
{
"id": "649873be6e8b6f9b33722a0c",
"action": "login",
"verdict": "challenge",
"reasons": ["new_fingerprint", "new_ip"],
"redirect": "https://challenge.rupt.dev/?challenge=649873be6e8b6f9b33722a0c",
"user": {
"rupt_id": "649873be6e8b6f9b33722a0c",
"id": "external_account_id",
"email": "user@example.com",
"phone": "+15551234567"
},
"challenge": {
"id": "649873be6e8b6f9b33722a0c",
"status": "created",
"type": "account_takeover"
},
"policy": {
"id": "649873be6e8b6f9b33722a0c",
"name": "Challenge new fingerprints",
"action": { "type": "challenge" }
},
"fingerprint": {
"id": "649873be6e8b6f9b33722a0c",
"confidence": 0.97
},
"geolocation": {
"city": "San Francisco",
"region": "CA",
"country": "United States",
"country_code": "US",
"ip": "1.2.3.4",
"security": { "vpn": false, "proxy": false, "tor": false, "hosting": false }
},
"risk_summary": [{ "category": "ato", "severity": "low" }],
"metadata": { "key": "value" },
"createdAt": "2021-09-01T00:00:00.000Z",
"updatedAt": "2021-09-01T00:00:00.000Z"
}