Skip to main content
POST
Execute interceptor

Authorizations

Authorization
string
header
required

HS256-signed JWT bearer token, obtained via the OAuth2 client-credentials grant (see Authentication).

Headers

payment-type
string

Payment type declared by the merchant. Controls the initial payment state on the decision.

Path Parameters

ref
string
required

The interceptor's reference

Body

application/json

Acquirer request body

The body is of type object.

Response

Interceptor outcome. On ALLOW the merchant's request is forwarded and the destination's response is returned verbatim. On BLOCK/REVIEW the body is either the configured template response or, in decision mode, the decision result shown below.

Decision body returned by the interceptor runtime endpoint when it produces a decision (BLOCK or REVIEW in decision response mode). Identical to the standard decision result plus the interceptor-specific payment_type, payment_state, and payload fields.

id
string<uuid>

Unique decision identifier

amount
integer | null
backend_results
BackendResult · object[]

One entry per backend rule that was executed.

context
string
Example:

"checkout"

credential_fingerprint
string

Deterministic HMAC-SHA256 card instrument identifier

Example:

"crd_4ba218..."

credential_type
enum<string> | null

Type of credential supplied in the request

Available options:
pan,
masked_pan,
sepa
currency
string | null
customer_id
string | null
decision
enum<string>

BLOCK terminates on first match. REVIEW accumulates. ALLOW is the default when no rules match.

Available options:
ALLOW,
BLOCK,
REVIEW,
PROVISIONAL
device_fingerprint
string | null
device_ip
string | null
evaluated_at
string<date-time>
events
object[]

Always empty on a freshly evaluated decision.

has_backend_error
boolean

True if any backend_results entry carries a non-nil error (e.g. "backend_capability_disabled").

integration
string | null

Integration type that originated this decision (e.g. 'interceptor')

interceptor_id
string<uuid> | null

ID of the interceptor that originated this decision

latency_us
integer
Example:

4250

masked_credential
string | null

Display-safe masked representation, e.g. '411111 ****** 4242'

Example:

"411111 ****** 4242"

metadata
object | null

Merchant-supplied key-value pairs stored with the decision.

resolution
object | null

Always null on a freshly evaluated decision.

ruleset_id
string<uuid> | null
ruleset_version
integer | null
source
enum<string>

RULE_ENGINE — condition rules only. BACKEND — backend rule(s) only. COMBINED — both.

Available options:
RULE_ENGINE,
BACKEND,
COMBINED
transaction_reference
string | null
triggered_rules
TriggeredRule · object[]
payload
object | null

Masked raw request body captured at intercept time.

payment_state
enum<string> | null

Current payment lifecycle state. Advances as lifecycle events are submitted via POST /api/events.

Available options:
authorized,
captured,
voided,
fraud_reported,
chargedback,
failed
payment_type
enum<string> | null

Payment type declared by the merchant via the payment-type request header.

Available options:
unknown,
authorization,
authorization-and-capture