Anti-Fraud Platform · Quickstart
End-to-end: register a device session (simulated, no SDK), evaluate a transaction, inspect the resulting alert.
Time: ~10 minutes.
Prerequisites
Sandbox API key with scopes: evaluate:write. (For dashboard work, you'd need broader scopes; evaluate:write covers the programmable path.)
1. (Optional) Register a device session
If your evaluate call originates from a mobile app, the SDK collects device signals and posts them here, getting back a sessionToken you forward to evaluate.
For the quickstart we'll simulate the SDK with a raw POST:
/api/device-sessioncurl -X POST https://sandbox.quantumelixir.tech/anti-fraud/api/device-session \
-H "Authorization: Bearer $QE_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"device": {
"platform": "iOS",
"osVersion": "17.4",
"model": "iPhone15,4",
"locale": "id_ID",
"timezone": "Asia/Jakarta"
},
"riskSignals": {
"jailbroken": false,
"rooted": false,
"emulator": false,
"vpn": false
}
}'Response:
{
"data": {
"sessionToken": "ds_01HXY...",
"expiresIn": 1800,
"attestationVerdict": null
},
"ok": true
}You have 30 minutes to use this token in an evaluate call.
2. Evaluate a transaction
/api/evaluatecurl -X POST https://sandbox.quantumelixir.tech/anti-fraud/api/evaluate \
-H "Authorization: Bearer $QE_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"customerId": "cus_demo_12345",
"lane": "transaction",
"sessionToken": "ds_01HXY...",
"externalId": "tx-2026-05-24-001",
"amount": 250000,
"currency": "IDR",
"data": {
"channel": "qris",
"beneficiaryName": "Warung Sate Pak Budi",
"merchantCategory": "5812"
}
}'Response:
{
"data": {
"decision": "allow",
"fraudScore": 12,
"subScores": { "rules": 0, "velocity": 5, "ml": 7 },
"appliedRules": [],
"sessionId": "alt_01HXY..."
},
"ok": true
}sessionId is the alert ID if an alert was created. For a benign transaction like this, the alert exists but decision: allow means no action is needed.
3. Force a block
Try an amount that hits the default high-amount rule + a sanctioned beneficiary in sandbox:
curl -X POST .../api/evaluate \
-H "Authorization: Bearer $QE_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"customerId": "cus_demo_12345",
"lane": "transaction",
"externalId": "tx-2026-05-24-002",
"amount": 80000000,
"currency": "IDR",
"data": {
"channel": "transfer",
"beneficiaryName": "John FraudList",
"beneficiaryAccount": "1234567890"
}
}'{
"data": {
"decision": "block",
"fraudScore": 92,
"subScores": { "rules": 70, "velocity": 12, "ml": 10 },
"appliedRules": [
{ "code": "BLK-001", "name": "Blocked beneficiary list", "action": "block", "severity": "critical", "score": 50 },
{ "code": "VL-003", "name": "High amount unverified counterparty", "action": "review", "severity": "high", "score": 20 }
],
"sessionId": "alt_01HXZ..."
}
}decision: block → reject the transaction in your transaction processor.
4. List recent alerts
curl "https://sandbox.quantumelixir.tech/anti-fraud/api/alerts?status=open&lane=transaction&limit=20" \
-H "Authorization: Bearer $QE_API_KEY"Returns alerts your evaluations created. Use this for backoffice triage UIs or to subscribe to a webhook.
Production wiring
In production, two pieces shift:
- SDK does step 1. Your mobile app embeds @quantum-elixir/device-sdk-rn and calls
device-sessionfrom the device. You never assemble the payload server-side. - Evaluate becomes inline-blocking. Your transaction processor calls
/api/evaluatebefore committing. p95 < 100ms means it can sit on the critical path.
Next steps
- Risk evaluation → — every field of
POST /api/evaluatedocumented - Device SDK (mobile) → — RN integration + native attestation
- Rules → — write your own
- Webhooks →