The Risk Intelligence API uses JWT-based authentication. Clients authenticate using a client_id and client_secret to obtain an access token, which is then used to authorize all subsequent API requests.4
The client_id and client_secret will be provided by our customer support team upon onboarding.

Integration Steps

1. Access Token Creation

Clients initiate authentication by sending a POST request to the /v1/auth endpoint with their client_id and client_secret. If successful, the response includes:
  • access_token — a short-lived token used for authenticating API requests
  • refresh_token — used to renew the access token without re-authenticating

2. Access Token Refresh

When the access token expires, clients can request a new one by sending a POST request to /v1/auth/refresh with a valid refresh_token.

3. Usage in API Requests

Include the access token in the Authorization header of every API request: Authorization: Bearer <access_token>

📈 Rate Limit

To ensure fair usage and system stability, the API enforces rate limits.
  • If a client exceeds the rate limit, the API responds with: 429 Too Many Requests
  • A Retry-After header will be included in the response, indicating how long the client must wait before retrying the request.
Be sure to implement retry logic and token refresh handling in your integration to avoid disruptions.