@truthlock/sdk-antifraud
v1.0.2
Published
TypeScript SDK for Truthlocks Anti-Fraud Identity Firewall API
Maintainers
truthlocksReadme
Zero-dependency TypeScript SDK for the Truthlocks Anti-Fraud Identity Firewall. Evaluate risk signals, block/challenge suspicious actors, manage fraud cases, and export SIEM data -- all with full type safety and native fetch.
Installation
npm install @truthlocks/sdk-antifraudyarn add @truthlocks/sdk-antifraudpnpm add @truthlocks/sdk-antifraudQuick Start
import { TruthlockRisk } from "@truthlocks/sdk-antifraud";
const client = new TruthlockRisk({
baseUrl: "https://api.truthlocks.com",
apiKey: process.env.TRUTHLOCKS_API_KEY!,
});
// Evaluate a risk signal
const decision = await client.evaluate({
signal_type: "login",
subject_id: "user-123",
subject_type: "user",
risk_score: 72,
metadata: { ip: "203.0.113.42", country: "US" },
});
console.log(decision.action); // "allow" | "challenge" | "block"Features
| Feature | Description | | ---------------------- | --------------------------------------------------- | | Risk Evaluation | Real-time risk scoring with configurable policies | | Signal Ingestion | Ingest raw risk signals from any source | | Block/Challenge | Instantly block or challenge suspicious subjects | | Quarantine | Check and manage quarantined entities | | Case Management | Create, assign, and track fraud investigation cases | | Evidence Packs | Generate evidence packs for case review | | Dashboard Metrics | Retrieve fraud dashboard KPIs and trends | | SIEM Export | Export signals in JSON, CSV, CEF, or LEEF format | | Policy Management | CRUD operations on risk policies and configs | | Deepfake Detection | Scan content for AI-generated manipulation |
API Reference
Client Initialization
const client = new TruthlockRisk({
baseUrl: "https://api.truthlocks.com", // required
apiKey: "tlk_live_...", // required
timeout: 30000, // optional (ms)
});Risk Evaluation
// Evaluate risk
const result = await client.evaluate({
signal_type: "transaction",
subject_id: "user-456",
subject_type: "user",
risk_score: 85,
});
// Ingest a raw signal
await client.ingestSignal({
signal_source: "device-fingerprint",
signal_type: "new_device",
subject_id: "user-456",
risk_score: 40,
});Block & Challenge
// Block a suspicious subject
await client.blockOrChallenge({
subject_id: "user-789",
subject_type: "user",
action: "block",
reason: "Multiple failed payment attempts",
duration_seconds: 3600,
});
// Check quarantine status
const status = await client.getQuarantineStatus("user-789", "user");Case Management
// Create a fraud case
const fraudCase = await client.createCase({
subject_id: "user-789",
subject_type: "user",
severity: "high",
title: "Suspected account takeover",
});
// Generate evidence pack
const evidence = await client.generateEvidencePack(fraudCase.id);Dashboard & SIEM
// Get dashboard metrics
const metrics = await client.getDashboardMetrics();
// Get trend data
const trends = await client.getDashboardTrends("7d");
// Export to SIEM
const siem = await client.createSIEMExport({
format: "cef",
since: "2026-01-01T00:00:00Z",
});Account Takeover (ATO)
// Evaluate ATO risk
const ato = await client.evaluateATO({
subject_id: "user-123",
signal_type: "password_reset",
risk_score: 90,
});
// Get ATO profile
const profile = await client.getATOProfile("user-123", "user");Error Handling
import {
TruthlockRiskError,
AuthenticationError,
RateLimitError,
} from "@truthlocks/sdk-antifraud";
try {
await client.evaluate(request);
} catch (err) {
if (err instanceof AuthenticationError) {
// Invalid or expired API key
} else if (err instanceof RateLimitError) {
// Back off and retry
} else if (err instanceof TruthlockRiskError) {
console.error(`API error ${err.status}: ${err.message}`);
}
}Requirements
- Node.js >= 18.0.0 (uses native
fetch) - TypeScript >= 5.0 (optional, full type definitions included)
Documentation
License
MIT -- see LICENSE for details.