The protection loop
Assess
Your backend (or the browser SDK) sends transaction, device, and behavioral data to
POST /api/v1/assess. Clausum evaluates blocklists, configurable signal weights, velocity, custom rules, and payer history, then returns a decision and risk_score.Enforce
You enforce the decision: approve, send to manual review, challenge with step-up verification, or decline.
Report
When fraud is confirmed (chargeback, ATO, etc.), you call
POST /api/v1/report-fraud. Clausum marks the transaction, opens a case, and auto-populates blocklists.Learn
New blocklist entries and payer history immediately influence the next assessment, closing the loop.
Surfaces
| Surface | Where | Purpose |
|---|---|---|
| Web application | sandbox.clausum.ai | Panel, simulation, protection, team, keys |
| Partner API | $CLAUSUM_API_BASE (assigned by support) | Assess, report fraud, ingest |
| Management API | Same base URL + dashboard JWT | Blocklists, cases, dashboard overview |
Components
| Component | Endpoint(s) | Auth | Purpose |
|---|---|---|---|
| Risk assessment | POST /api/v1/assess | API key | Real-time scoring and decisions |
| Fraud reporting | POST /api/v1/report-fraud | API key (fraud:report) | Confirm fraud, auto-block, open case |
| Event ingestion | POST /api/webhooks/ingest | API key | Stream raw provider events for rule processing |
| Dashboard overview | GET /api/v1/dashboard/overview | Dashboard JWT | Protection KPIs and trend series |
| Blocklists | /api/v1/blocklists | Dashboard JWT | Manage emails, IPs, BINs, devices, countries |
| Cases | /api/v1/cases* | Dashboard JWT | Create, update, and submit regulatory cases |
| Outbound webhooks | configured in dashboard | Signed HMAC | Notify your systems of events |
Two authentication surfaces
Clausum exposes two distinct surfaces, each with its own credential type.Programmatic (API keys)
Server-to-server and client SDK calls —
assess, report-fraud, ingest. Authenticated with clm_sk_ / clm_pub_ keys. This is what you use to integrate Clausum into your product.Management (dashboard JWT)
Endpoints that back the dashboard —
blocklists, cases, team, dashboard/overview. Authenticated with a Supabase session token from a signed-in user at the web application.Operational dashboard
The Panel aggregates protection metrics (evaluations, blocked, approved, money protected) with time filters (24 h / 7 d / 30 d) aligned to the analyst’s browser timezone. Simulación exercises the same assess pipeline without moving real funds. See Dashboard overview and Simulation.Data you provide
The more context you send, the sharper the decision. Clausum is payment-platform agnostic — it works with Stripe, MercadoPago, Conekta, OpenPay, PayPal, bank transfers, and custom rails.- Transaction: amount, currency, type
- Identity: email, phone, customer id
- Payment method: card BIN/last4, country, brand, bank code, wallet type
- Device: IP, fingerprint, user agent, timezone
- Behavior: session duration, mouse/keyboard activity, copy-paste events
- Geography: billing and shipping country/city
None of these fields except
amount and currency are required, but each one unlocks additional fraud signals.