Glossary

Dictionary of the most important VertexY terms, objects, and response fields.

A

Assessment

A single fraud decision returned by POST /risk-engine/assess or embedded inside /events/ingest.

assessmentId

The UUID for a stored assessment. Use it for feedback, reviews, and graph exploration.

Access token

A short-lived JWT used with Authorization: Bearer <token>.

C

Company

Your tenant in VertexY. Every company has its own users, subscription, policy, and event history.

companyId

Your tenant UUID. Required during login and event ingestion.

E

Event

A signed historical signal sent to POST /events/ingest.

eventSource

The system inside your stack that emitted an event, such as checkout-service or auth-service.

externalEventId

The ID from your source system or upstream provider.

F

Feature gate

A capability enabled by plan features, such as graph_explorer or reviews.

Feedback

The final outcome you send back to VertexY after a decision is made.

H

HMAC signature

The SHA-256 digest used to authenticate /events/ingest.

I

idempotencyKey

A client-supplied retry key that prevents duplicate processing.

P

Plan

The product tier assigned to your company. It controls features and limits.

Policy mode

How scores are translated into final client-facing actions. Values: hybrid, advisory, shadow.

R

reasonCodes

Machine-readable explanation codes that describe why an assessment reached its result.

Refresh token

A longer-lived token used to obtain new access tokens.

Review

A manual fraud case tied to an assessment.

riskLevel

Human-friendly severity band: low, medium, high, critical.

riskScore

Numeric fraud score from 0 to 100.

S

Subscription

Your company’s billing state and attached plan.

subscriptionStatus

Login-time summary of plan state such as active or pending.

T

Threat-intel subscription

An outbound webhook registration where VertexY sends threat updates to your endpoint.

transactionId

Your business-level identifier for the assessed action. It does not need to be a UUID.

U

Usage metric

A metered counter attached to your plan, such as fraud_events_ingested.

W

Webhook signing secret

Your company secret used to sign event ingestion requests.