Record velocity action - Truthlocks Documentation

Record velocity event

curl --request POST \
  --url https://api.truthlocks.com/v1/risk/velocity/record \
  --header 'Content-Type: application/json' \
  --header 'X-API-Key: <api-key>' \
  --data '
{
  "subject_id": "<string>",
  "action": "<string>",
  "metadata": {}
}
'

{
  "event_id": "<string>",
  "current_count": 123,
  "window": "<string>"
}

POST

risk

velocity

record

Record velocity event

curl --request POST \
  --url https://api.truthlocks.com/v1/risk/velocity/record \
  --header 'Content-Type: application/json' \
  --header 'X-API-Key: <api-key>' \
  --data '
{
  "subject_id": "<string>",
  "action": "<string>",
  "metadata": {}
}
'

{
  "event_id": "<string>",
  "current_count": 123,
  "window": "<string>"
}

Records an action for a subject and updates rolling window counters across four time windows (1 m, 5 m, 1 h, 24 h). A weighted velocity score is computed from the updated counts. When the score reaches 60 or above, a risk signal with signal_type: "velocity" is automatically ingested into the risk signal pipeline. See the velocity and anomaly scoring guide for the full workflow, scoring model, and integration patterns.

Scoring weights

Window	Weight	Purpose
1 minute	30	Burst detection
5 minutes	20	Sustained short-term abuse
1 hour	10	Medium-term patterns
24 hours	5	Persistent anomalies

Request

subject_id

string

required

Identifier of the subject performing the action (user ID, device ID, IP address, or any entity reference).

action_type

string

required

The type of action being recorded (e.g. login.failed, api.request, transaction.create).

ip_address

string

Source IP address associated with this action.

Response

subject_id

string

The subject that was recorded.

action_type

string

The action type that was recorded.

windows

object

Current action counts per rolling window: 1m, 5m, 1h, 24h.

velocity_score

integer

Weighted velocity score (0–100). Scores at or above 60 trigger automatic signal ingestion.

signal_ingested

boolean

true if a risk signal was auto-ingested because the velocity score reached 60 or above.

signal_id

string

UUID of the auto-ingested risk signal (only present when signal_ingested is true).

Authorizations

X-API-Key

string

header

required

API key for machine-to-machine authentication

Body

application/json

subject_id

string

required

action

string

required

Action type being tracked

metadata

object

Response

Velocity event recorded

event_id

string

current_count

integer

window

string

List ATO alerts Get velocity windows

​Scoring weights

​Request

​Response

Authorizations

Body

Response

Scoring weights

Request

Response