Record velocity action

Record velocity event

curl --request POST \
  --url https://api.truthlocks.com/v1/risk/velocity/record \
  --header 'Content-Type: application/json' \
  --header 'X-API-Key: <api-key>' \
  --data '
{
  "subject_id": "<string>",
  "action": "<string>",
  "metadata": {}
}
'

{
  "event_id": "<string>",
  "current_count": 123,
  "window": "<string>"
}

POST

risk

velocity

record

Record velocity event

curl --request POST \
  --url https://api.truthlocks.com/v1/risk/velocity/record \
  --header 'Content-Type: application/json' \
  --header 'X-API-Key: <api-key>' \
  --data '
{
  "subject_id": "<string>",
  "action": "<string>",
  "metadata": {}
}
'

{
  "event_id": "<string>",
  "current_count": 123,
  "window": "<string>"
}

Records an action for a subject and updates rolling window counters across four time windows (1 m, 5 m, 1 h, 24 h). A weighted velocity score is computed from the updated counts. When the score reaches 60 or above, a risk signal with signal_type: "velocity" is automatically ingested into the risk signal pipeline. See the velocity and anomaly scoring guide for the full workflow, scoring model, and integration patterns.

Scoring weights

Window	Weight	Purpose
1 minute	30	Burst detection
5 minutes	20	Sustained short-term abuse
1 hour	10	Medium-term patterns
24 hours	5	Persistent anomalies

Request

subject_id

string

required

Identifier of the subject performing the action (user ID, device ID, IP address, or any entity reference).

action_type

string

required

The type of action being recorded (e.g. login.failed, api.request, transaction.create).

ip_address

string

Source IP address associated with this action.

Response

subject_id

string

The subject that was recorded.

action_type

string

The action type that was recorded.

windows

object

Current action counts per rolling window: 1m, 5m, 1h, 24h.

velocity_score

integer

Weighted velocity score (0–100). Scores at or above 60 trigger automatic signal ingestion.

signal_ingested

boolean

true if a risk signal was auto-ingested because the velocity score reached 60 or above.

signal_id

string

UUID of the auto-ingested risk signal (only present when signal_ingested is true).

Authorizations

X-API-Key

string

header

required

API key for machine-to-machine authentication

Body

application/json

subject_id

string

required

action

string

required

Action type being tracked

metadata

object

Response

Velocity event recorded

event_id

string

current_count

integer

window

string

List ATO alerts Get velocity windows

Attestations

Receipts

Risk Evaluation

Risk Signals

Account Takeover

Velocity Scoring

Verification

Verification Packs

Issuers

API Keys

Policies

Issuer Applications

Identity & Access

Webhooks

Audit & Logs

Consumer (B2C)

Billing

Machine Agents

Agent Sessions & Tools

Trust & Witness

Truth Claims & Documents

Compliance & Anomalies

Datasets & Models

Orchestrations & Workflows

Guardrails & Delegation

MAIP Policies

Observability

Assets

System

Scoring weights

Request

Response

Authorizations

Body

Response

Attestations

Receipts

Risk Evaluation

Risk Signals

Account Takeover

Velocity Scoring

Verification

Verification Packs

Issuers

API Keys

Policies

Issuer Applications

Identity & Access

Webhooks

Audit & Logs

Consumer (B2C)

Billing

Machine Agents

Agent Sessions & Tools

Trust & Witness

Truth Claims & Documents

Compliance & Anomalies

Datasets & Models

Orchestrations & Workflows

Guardrails & Delegation

MAIP Policies

Observability

Assets

System

​Scoring weights

​Request

​Response

Authorizations

Body

Response

Scoring weights

Request

Response