Skip to main content
Specter is delivered as single-tenant managed infrastructure — each merchant runs its own isolated instance, reachable at https://{instance}.eu1.on-hellgate.cloud. There is no multi-tenancy within an instance.
Specter operates exclusively on dedicated infrastructure. There are no shared environments — every instance, including Test tier deployments, is dedicated and isolated solely for your organization.

Capabilities

Every Specter instance combines three sources of signal in a single ruleset: local rules and velocity counters, the blacklist, and external risk backends reached through a Link integration. Backend rules let a decision call providers such as VISA Decision Manager, Ravelin, or FraudSight — see Backends to configure them.

Tiers

Specter provides two environment tiers, each a separate dedicated instance:
  • Production: Your live environment for real-time decisioning on production traffic.
  • Test: A dedicated environment for development, integration testing, and quality assurance.

PCI level

Your instance runs at a PCI certification level — fixed when it is provisioned — that determines whether it can accept a raw PAN in the decision context:
LevelRaw PAN in decisionsUse
SAQ_A (default)Not acceptedSend tokenized or masked credentials only
SAQ_DAcceptedInstances certified to handle full card data
ROCAcceptedReport on Compliance — full card data
On an SAQ_A instance, a decision request with credential.type: "pan" is rejected; use masked_pan or another non-PAN credential — see Decisions. Regardless of level, a PAN supplied in a decision is used only for evaluation and fingerprinting; it is never persisted.

Getting access

To get access to Specter and for available options, contact your account representative or reach out to our sales team via hellgate.io/demo. Once your Specter instance is provisioned, Hellgate Support will provide you with:
  • Your dedicated instance URL — https://{instance-name}.{env}.on-hellgate.cloud, where {env} is currently eu1 and {instance-name} is your unique slug
  • Client credentials (client ID and secret) to request access tokens

Next steps

Authentication

Authenticate to your instance, and the scopes that gate each endpoint.