Skip to main content
GET
/
v1
/
risk
/
ato
/
alerts
List ATO alerts
curl --request GET \
  --url https://api.truthlocks.com/v1/risk/ato/alerts \
  --header 'X-API-Key: <api-key>'
{
  "items": [
    {
      "id": "<string>",
      "subject_id": "<string>",
      "severity": "<string>",
      "created_at": "<string>"
    }
  ]
}
Returns a paginated list of ATO alerts for your tenant. Alerts are created automatically when the ATO evaluation endpoint detects that a subject has crossed a risk threshold. Each alert includes the subject, alert type, risk level at the time of triggering, and a reference to the auto-ingested risk signal. See the account takeover detection guide for the full workflow.

Query parameters

subject_id
string
Filter alerts by subject identifier.
limit
integer
Maximum number of alerts to return (default 25, max 100).
cursor
string
Cursor for pagination. Use the value from the previous response to fetch the next page.

Response

alerts
array
Array of alert objects.
alerts[].alert_id
string
UUID of the alert.
alerts[].subject_id
string
The subject that triggered the alert.
alerts[].alert_type
string
Alert category: velocity_exceeded or credential_stuffing.
alerts[].risk_level
string
Risk level when the alert was created: elevated | high | critical
alerts[].risk_score
integer
Risk score when the alert was created.
alerts[].signal_id
string
UUID of the auto-ingested risk signal linked to this alert.
alerts[].created_at
string
ISO 8601 timestamp of when the alert was created.
next_cursor
string
Cursor for the next page of results. null when there are no more results.

Authorizations

X-API-Key
string
header
required

API key for machine-to-machine authentication

Query Parameters

limit
integer
default:20
severity
enum<string>
Available options:
low,
medium,
high,
critical

Response

ATO alerts

items
object[]