organization_type = comercio: you accept payments on your own behalf (e-commerce, app checkout, subscription billing). Your integration centers on pay-in assess before capture.
Modules you need
| Module | Required? | Guide |
|---|---|---|
| Prevention — pay-in assess | Yes | Real-time assessment |
| API keys | Yes | API keys |
| Browser SDK | Recommended | Browser SDK |
| Outbound webhooks | Recommended | Receiving webhooks |
| Assess resilience | Yes (prod) | Assess resilience |
| Stripe / ingest (post-payment) | Optional | Stripe webhooks · Event ingestion |
| Report fraud | When fraud confirmed | Report fraud |
| Cases & operations | If CLM-MOD-OPS | Case management |
| Payout assess | No | — |
| Submerchants | No | — |
Integration phases
Phase 1 — Keys & sandbox
- Conexiones → Claves API — create Publishable (
clm_pub_*) and Secret (clm_sk_*) with Assess permission. - Run Quickstart against sandbox.
- Exercise scenarios in Simulación — Simulation guide.
Phase 2 — Checkout prevention
Recommended pattern: browser SDK for device signals → server assess with
clm_sk_* before PSP capture.- Embed Browser SDK on checkout.
- On payment submit, your backend calls
POST /api/v1/assesswith:amount,currency(decimal major preferred — see assess guide)order_id(stable idempotency key)device.ipfrom the HTTP requestemailorcustomer_idpayment_method(BIN/last4 for card rules)session_idfrom SDK when available
- Branch on
decision: proceed only onapprove(or your policy forreview/challenge). - Your server calls Stripe / Mercado Pago / your PSP — Clausum does not capture for you.
Phase 3 — Async notifications
- Conexiones → Entrada (webhooks) — set outbound URL.
- Subscribe to
transaction.createdandtransaction.blocked. - Verify
X-Clausum-Signature— Receiving webhooks. - Put
clausum_session_idin PSP metadata when capturing.
Phase 4 — Post-payment (optional)
Connect provider events for disputes and reconciliation:
- Stripe: Stripe webhooks
- Other PSPs: Event ingestion with
clm_wh_*
Phase 5 — Operations & go-live
- Configure Protection — rules, blocklists, thresholds.
- Implement Assess resilience fail-open policy for
503/504. - Train team on Transaction monitor.
- On confirmed fraud → Report fraud.
- Production keys on
https://dashboard.clausum.ai(or your assigned host).
Required assess fields (pay-in)
| Field | Level |
|---|---|
amount, currency | Required |
order_id | Recommended — idempotency and webhooks |
device.ip | Recommended on server assess |
email or customer_id | Recommended |
payment_method | Recommended (card BIN rules) |
submerchant_id | Not used |
GET /api/v1/assess → field_requirements_by_segment.merchant.
Go-live checklist
- Server-side assess with
clm_sk_*before every capture - Stable
order_idper checkout attempt - Outbound webhook URL tested in sandbox
- Resilience policy documented for maintenance / timeout
- Team roles assigned — Team & access
- Rate limits understood — Rate limits
Next capability deep-dives
Real-time assess
Payload, decisions, amounts
Browser SDK
Device fingerprinting
Webhooks
Signatures and events
All capabilities
Module catalog by segment