Set Rule

POST
https://telemetry.stytch.com/v1/rules/set

Set a rule for a particular visitor_id, browser_id, visitor_fingerprint, browser_fingerprint, hardware_fingerprint, network_fingerprint, cidr_block, asn, or country_code. This is helpful in cases where you want to allow or block a specific user or fingerprint. You should be careful when setting rules for browser_fingerprint, hardware_fingerprint, or network_fingerprint as they can be shared across multiple users, and you could affect more users than intended.

You may not set an ALLOW rule for a country_code.

Rules are applied in the order specified above. For example, if an end user has an ALLOW rule set for their visitor_id but a BLOCK rule set for their hardware_fingerprint, they will receive an ALLOW verdict because the visitor_id rule takes precedence.

If there are conflicts between multiple cidr_block rules (for example, if the ip_address of the end user overlaps with multiple CIDR blocks that have rules set), the conflicts are resolved as follows:

  • The smallest block size takes precedence. For example, if an ip_address overlaps with a cidr_block rule of ALLOW for a block with a prefix of /32 and a cidr_block rule of BLOCK with a prefix of /24, the rule match verdict will be ALLOW.
  • Among equivalent size blocks, BLOCK takes precedence over CHALLENGE, which takes precedence over ALLOW. For example, if an ip_address overlaps with two cidr_block rules with blocks of the same size that return CHALLENGE and ALLOW, the rule match verdict will be CHALLENGE.

Body parameters


action*string

visitor_idstring

browser_idstring

visitor_fingerprintstring

browser_fingerprintstring

hardware_fingerprintstring

network_fingerprintstring

cidr_blockstring

asnstring

country_codestring

expires_in_minutesint

descriptionstring

Response fields


request_idstring

status_codeint

actionstring

browser_idstring

visitor_idstring

visitor_fingerprintstring

browser_fingerprintstring

hardware_fingerprintstring

network_fingerprintstring

cidr_blockstring

asnstring

country_codestring

expires_atstring
const stytch = require('stytch');

const client = new stytch.Client({
  project_id: 'PROJECT_ID',
  secret: 'SECRET',
});

const params = {
  action: "CHALLENGE",
  visitor_id: "visitor-6139cbcc-4dda-4b1f-b1c0-13c08ec64d72",
  expires_in_minutes: 120,
};

client.fraud.rules.set(params)
  .then(resp => { console.log(resp) })
  .catch(err => { console.log(err) });
RESPONSE
{
  "action": "CHALLENGE",
  "browser_id": "",
  "visitor_id": "visitor-6139cbcc-4dda-4b1f-b1c0-13c08ec64d72",
  "visitor_fingerprint": "",
  "browser_fingerprint": "",
  "hardware_fingerprint": "",
  "network_fingerprint": "",
  "asn": "",
  "cidr_block":,
  "country_code": "",
  "expires_at": "2033-01-01T00:00:00Z",
  "request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
  "status_code": 200
}