Create a Rule
Create a custom rule to gain more control over the risk scoring of events.
For example, you can create a rule to blocklist certain countries or locations that will trigger a maximum risk score to be returned via the Verify API.
10 Minute Cache
Vigilance AI has a 10 minute cache for loading rules. This means that any rules that are created may not come into effect for up to 10 minutes.
Resource URL
https://<subdomain>/api/2/risk/rulesHeader Parameters
Authorization required string | Set to Set The access token must have been generated using an API credential pair created using the scope required to call this API. This API can be called using any one of the following scopes: |
Content-Type required string |
Set to application/json. |
Request Parameters
|
name required string |
The name of this rule |
|
type required string |
The type parameter specifies the type of rule that will be created. Currently the following types are supported:
|
|
target string required |
The target parameter that will be used when evaluating the rule against an incoming event. Currently the following targets are supported:
|
|
filters string required |
An array of string values to evaluate against each event. It could be a list of IP addresses or country code or name. IP AddressAn IPv4 or IPv6 address or CIDR range. The ISO 3166 alpha-2 code for the country. |
source string |
The source can be used to scope rules to a specific group of people, customers, or even a single user. It matches against the source.id parameter that you can send with a Event or Verify API request. e.g. You might want to blocklist certain IP addresses for a group of users. You could achieve this by creating a blacklist rule containing the IP address and setting the source to your own unique ID for the group that the user belongs to. You can also use it to allow or override global blacklist rules. For example you create a blocklist on certain bad IP addresses and don’t specify source. Because one group needs access from a blocklisted IP you would create a whitelist rule containing that IP and the set the source to the group ID. Source is not compatible with the OneLogin multi step login flow. It is for custom applications that make use of the Get a Risk Score API. |
Sample Request Body
{
"name": "IP Blocklist for Guests",
"description": "Blocklist for guest account users",
"type": "blacklist",
"target": "location.ip",
"source": "guest-123",
"filters": ["123.123.123.123"]
}Sample Response
- 201 Created
- 400 Bad Request
- 401 Unauthorized
{
"id": "816677874491720987",
"name": "IP Blocklist for Guests",
"description": "Blocklist for guest account users",
"type": "blacklist",
"target": "location.ip",
"source": "guest-123",
"filters": ["123.123.123.123"]
}Invalid API Key
Sample Code
cURL
curl -XPOST 'https://<subdomain>.onelogin.com/api/2/risk/rules' \
-H 'Authorization: Bearer xxxxxxxxxxxxx' \
-d '{
"name": "IP Blocklist for Guests",
"description": "Blocklist for guest account users",
"type": "blacklist",
"target": "location.ip",
"source": "guest-123",
"filters": ["123.123.123.123"]
}'Postman Collection
- Clicking Run in Postman button navigates to the page where you can fork the collection to your workspace. Forking the collection into your workspace will enable you to contribute to the source collection using pull requests. You can also view the collection in a public workspace if you like and even import a copy of the collection using the links present on the screen.
Have a Question?
Found a problem or a bug? Submit a support ticket.
Looking for walkthroughs or how-to guides on OneLogin's user and admin features? Check out the documentation in our Knowledge Base.
Have a product idea or request? Share it with us in our Ideas Portal.