Get ATO profile - Truthlocks Documentation

Get ATO profile

curl --request GET \
  --url https://api.truthlocks.com/v1/risk/ato/profile/{subject_id} \
  --header 'X-API-Key: <api-key>'

{
  "subject_id": "<string>",
  "risk_level": "<string>",
  "last_login": "<string>",
  "known_devices": 123,
  "alerts": [
    {}
  ]
}

GET

risk

ato

profile

{subject_id}

Get ATO profile

curl --request GET \
  --url https://api.truthlocks.com/v1/risk/ato/profile/{subject_id} \
  --header 'X-API-Key: <api-key>'

{
  "subject_id": "<string>",
  "risk_level": "<string>",
  "last_login": "<string>",
  "known_devices": 123,
  "alerts": [
    {}
  ]
}

Returns the ATO risk profile for the specified subject. The profile tracks failed login velocity in a rolling one-hour window and records known IP addresses and devices. Use this endpoint to check the current risk posture of a user without triggering a new evaluation. See the account takeover detection guide for the full workflow.

Path parameters

subject_id

string

required

The subject identifier to look up (user ID, email, or external ID).

Response

subject_id

string

The subject identifier.

subject_type

string

Type of subject (user).

risk_level

string

Current ATO risk level: normal | elevated | high | critical

Number of failed logins in the current one-hour window.

known_ips

array

List of IP addresses previously seen for this subject.

known_devices

array

List of device identifiers previously seen for this subject.

updated_at

string

ISO 8601 timestamp of the last profile update.

Authorizations

X-API-Key

string

header

required

API key for machine-to-machine authentication

Path Parameters

subject_id

string

required

Subject identifier

Response

ATO profile

subject_id

string

risk_level

string

known_devices

integer

alerts

object[]

Evaluate ATO risk List ATO alerts

​Path parameters

​Response

Authorizations

Path Parameters

Response

Path parameters

Response