> ## Documentation Index
> Fetch the complete documentation index at: https://developer.hellgate.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Execute interceptor

> Submits an acquirer request body to the interceptor identified by `ref`; Specter maps it to a decision and either forwards it (ALLOW) or returns a configured block or review response.



## OpenAPI

````yaml /products/specter/openapi.yaml post /api/interceptors/{ref}
openapi: 3.1.0
info:
  contact:
    email: hello@starfish.team
    name: Starfish GmbH & Co. KG
    url: https://hellgate.io/cpa/specter
  description: Composable decision engine and fraud prevention service.
  license:
    name: Hellgate API Terms
    url: https://hellgate.io/terms-and-conditions
  title: Specter API
  version: '1.0'
servers:
  - description: Managed instance of Specter
    url: https://{instance}.{env}.on-hellgate.cloud
    variables:
      instance:
        default: my-instance
        description: Your unique instance slug, provided during onboarding.
      env:
        default: eu1
        description: Deployment environment (currently eu1).
security: []
tags:
  - description: Evaluate transactions and retrieve decision results.
    name: Decisions
  - description: Close decisions that were flagged for manual review.
    name: Resolutions
  - description: Report payment lifecycle events for a prior decision.
    name: Lifecycle Events
  - description: Manage rulesets and their activation lifecycle.
    name: Rulesets
  - description: Configure interceptors and intercept live payment requests.
    name: Interceptors
  - description: Subscribe to decision and event notifications.
    name: Webhooks
  - description: Manage blocked field values.
    name: Blacklist
paths:
  /api/interceptors/{ref}:
    post:
      tags:
        - Interceptors
      summary: Execute interceptor
      description: >-
        Submits an acquirer request body to the interceptor identified by `ref`;
        Specter maps it to a decision and either forwards it (ALLOW) or returns
        a configured block or review response.
      operationId: interceptors_execute
      parameters:
        - description: The interceptor's reference
          in: path
          name: ref
          required: true
          schema:
            type: string
        - description: >-
            Payment type declared by the merchant. Controls the initial payment
            state on the decision.
          in: header
          name: payment-type
          required: false
          schema:
            type: string
      requestBody:
        content:
          application/json:
            schema:
              type: object
        description: Acquirer request body
        required: true
      responses:
        '200':
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/InterceptorDecisionResponse'
          description: >-
            Interceptor outcome. On ALLOW the merchant's request is forwarded
            and the destination's response is returned verbatim. On BLOCK/REVIEW
            the body is either the configured template response or, in
            `decision` mode, the decision result shown below.
          headers:
            x-specter-decision-id:
              description: UUID of the decision created for this interceptor call
              schema:
                format: uuid
                type: string
              style: simple
            x-specter-interceptor-id:
              description: >-
                UUID of the specific interceptor version that handled the
                request
              schema:
                format: uuid
                type: string
              style: simple
            x-specter-interceptor-version:
              description: Version number of the interceptor that handled the request
              schema:
                type: integer
              style: simple
        '401':
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Error'
          description: Unauthorized
        '403':
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Error'
          description: Forbidden
        '404':
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Error'
          description: Interceptor not found
      callbacks: {}
      security:
        - bearerAuth: []
components:
  schemas:
    InterceptorDecisionResponse:
      allOf:
        - $ref: '#/components/schemas/DecisionResponse'
        - properties:
            payload:
              description: Masked raw request body captured at intercept time.
              type:
                - object
                - 'null'
            payment_state:
              description: >-
                Current payment lifecycle state. Advances as lifecycle events
                are submitted via POST /api/events.
              enum:
                - authorized
                - captured
                - voided
                - fraud_reported
                - chargedback
                - failed
              type:
                - string
                - 'null'
            payment_type:
              description: >-
                Payment type declared by the merchant via the `payment-type`
                request header.
              enum:
                - unknown
                - authorization
                - authorization-and-capture
              type:
                - string
                - 'null'
          type: object
      description: >-
        Decision body returned by the interceptor runtime endpoint when it
        produces a decision (BLOCK or REVIEW in `decision` response mode).
        Identical to the standard decision result plus the interceptor-specific
        `payment_type`, `payment_state`, and `payload` fields.
      title: InterceptorDecisionResponse
    Error:
      description: Generic error response with classifier, code, and message
      example:
        classifier: NOT_FOUND
        code: 404
        message: The requested resource does not exist
      properties:
        classifier:
          example: NOT_FOUND
          type: string
        code:
          example: 404
          type: integer
        message:
          example: The requested resource does not exist
          type: string
      required:
        - classifier
        - code
        - message
      title: Error
      type: object
    DecisionResponse:
      description: Result of evaluating a transaction against the active ruleset.
      properties:
        id:
          description: Unique decision identifier
          format: uuid
          type: string
        amount:
          type:
            - integer
            - 'null'
        backend_results:
          description: One entry per backend rule that was executed.
          items:
            $ref: '#/components/schemas/BackendResult'
          type: array
        context:
          example: checkout
          type: string
        credential_fingerprint:
          description: Deterministic HMAC-SHA256 card instrument identifier
          example: crd_4ba218...
          type: string
        credential_type:
          description: Type of credential supplied in the request
          enum:
            - pan
            - masked_pan
            - sepa
          type:
            - string
            - 'null'
        currency:
          type:
            - string
            - 'null'
        customer_id:
          type:
            - string
            - 'null'
        decision:
          description: >-
            BLOCK terminates on first match. REVIEW accumulates. ALLOW is the
            default when no rules match.
          enum:
            - ALLOW
            - BLOCK
            - REVIEW
            - PROVISIONAL
          type: string
        device_fingerprint:
          type:
            - string
            - 'null'
        device_ip:
          type:
            - string
            - 'null'
        evaluated_at:
          format: date-time
          type: string
        events:
          description: Always empty on a freshly evaluated decision.
          items:
            properties:
              id:
                format: uuid
                type: string
              occurred_at:
                format: date-time
                type: string
              processed_at:
                format: date-time
                type: string
              type:
                enum:
                  - authorization
                  - capture
                  - refund
                  - void
                  - chargeback
                  - fraud_report
                  - failed
                type: string
            type: object
          type: array
        has_backend_error:
          description: >-
            True if any backend_results entry carries a non-nil error (e.g.
            "backend_capability_disabled").
          type: boolean
        integration:
          description: Integration type that originated this decision (e.g. 'interceptor')
          type:
            - string
            - 'null'
        interceptor_id:
          description: ID of the interceptor that originated this decision
          format: uuid
          type:
            - string
            - 'null'
        latency_us:
          example: 4250
          type: integer
        masked_credential:
          description: Display-safe masked representation, e.g. '411111 ****** 4242'
          example: 411111 ****** 4242
          type:
            - string
            - 'null'
        metadata:
          additionalProperties:
            type: string
          description: Merchant-supplied key-value pairs stored with the decision.
          type:
            - object
            - 'null'
        resolution:
          description: Always null on a freshly evaluated decision.
          properties:
            action:
              enum:
                - ACCEPTED
                - REJECTED
              type: string
            resolved_at:
              format: date-time
              type: string
          type:
            - object
            - 'null'
        ruleset_id:
          format: uuid
          type:
            - string
            - 'null'
        ruleset_version:
          type:
            - integer
            - 'null'
        source:
          description: >-
            RULE_ENGINE — condition rules only. BACKEND — backend rule(s) only.
            COMBINED — both.
          enum:
            - RULE_ENGINE
            - BACKEND
            - COMBINED
          type: string
        transaction_reference:
          type:
            - string
            - 'null'
        triggered_rules:
          items:
            $ref: '#/components/schemas/TriggeredRule'
          type: array
      title: DecisionResponse
      type: object
    BackendResult:
      description: Outcome of a single backend rule that was executed.
      properties:
        backend:
          type: string
        decision:
          enum:
            - ALLOW
            - BLOCK
            - REVIEW
          type:
            - string
            - 'null'
        error:
          description: >-
            Error code when the backend did not produce a decision.
            "insufficient_context" means required context fields were missing
            and no call was made.
          type:
            - string
            - 'null'
        latency_ms:
          type: integer
        link_execution_id:
          description: >-
            Execution ID from the Link integration. Present only for Link-backed
            backends.
          type:
            - string
            - 'null'
        link_timing:
          description: >-
            Server-Timing breakdown in milliseconds, parsed from the backend
            response. Present only for Link-backed backends.
          properties:
            external:
              type: number
            internal:
              type: number
            total:
              type: number
          type:
            - object
            - 'null'
        live:
          description: Whether the backend ran live (true) or in shadow mode (false).
          type: boolean
        missing_fields:
          description: >-
            Dot-notation paths of required context fields that were absent.
            Populated only when error is "insufficient_context".
          items:
            type: string
          type:
            - array
            - 'null'
        raw_response:
          type:
            - object
            - 'null'
        rule_id:
          type: string
      title: BackendResult
      type: object
    TriggeredRule:
      properties:
        action:
          enum:
            - BLOCK
            - REVIEW
          example: BLOCK
          type:
            - string
            - 'null'
        name:
          example: Block USD
          type:
            - string
            - 'null'
        rule_id:
          example: r1
          type: string
        type:
          enum:
            - condition
            - blacklist
            - backend
            - backend_group
          example: condition
          type: string
      title: TriggeredRule
      type: object
  securitySchemes:
    bearerAuth:
      bearerFormat: JWT
      description: >-
        HS256-signed JWT bearer token, obtained via the OAuth2
        client-credentials grant (see Authentication).
      scheme: bearer
      type: http

````