engineeradmin
Integration Architecture
Understand where synchronous decisions, signed events, feedback, and dashboard workflows fit.
Reviewed 2026-06-21Product 1.1
Request flow
plaintext
Customer action
→ Your trusted backend
→ POST /risk-engine/assess (JWT)
← allow | review | block
→ Your business action
→ POST /events/ingest (HMAC lifecycle signal)
→ POST /risk-engine/feedback (JWT final outcome)Assessment is synchronous and belongs on the decision path. Event ingestion builds historical graph and velocity context. Feedback closes the learning loop after an operational or financial outcome becomes known.
Trust boundaries
- Call risk and feedback APIs only from trusted services.
- Store refresh tokens and webhook secrets server-side.
- HMAC covers the exact raw ingestion body; JSON must not change after signing.
- VertexY recommends an action, while your system owns payment authorization and customer communication.
Resilience
Set a client timeout appropriate to your workflow, record latency and the assessment identifier, and define your own safe fallback for timeouts. Retry ingestion and feedback with stable idempotency keys; do not blindly retry synchronous assessments after an ambiguous response without reconciling the transaction.