Skip to main content
POST
/
rules
Create Rule
curl --request POST \
  --url http://api.gu1.ai/rules \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "name": "<string>",
  "description": "<string>",
  "category": "<string>",
  "targetEntityTypes": [
    {}
  ],
  "conditions": {},
  "actions": [
    {}
  ],
  "enabled": true,
  "priority": 123,
  "score": 123,
  "status": "<string>",
  "evaluationMode": "<string>",
  "riskMatrixId": "<string>",
  "countries": [
    {}
  ],
  "scope": {},
  "tags": [
    {}
  ]
}
'
{
  "id": "<string>",
  "name": "<string>",
  "description": "<string>",
  "organizationId": "<string>",
  "status": "<string>",
  "enabled": true,
  "version": 123,
  "createdAt": "<string>",
  "createdBy": "<string>"
}

​
Overview

Creates a new rule for automated risk detection, compliance monitoring, and fraud prevention. Rules can evaluate entities (persons, companies), transactions, relationships, and network patterns using flexible condition logic and automated actions.

​
Endpoint

POST http://api.gu1.ai/rules

​
Authentication

Requires a valid API key in the Authorization header: 
Authorization: Bearer YOUR_API_KEY

​
Request Body

​
name
string
required
Descriptive name for the rule
​
description
string
required
Detailed description of what the rule detects
​
category
string
required
Category of the rule: kyc, kyb, aml, fraud, compliance, custom
​
targetEntityTypes
array
required
Array of entity types this rule applies to: ["person"], ["company"], ["transaction"], ["person", "company"]
​
conditions
object
required
Condition logic structure (see Condition Structure below)
​
actions
array
required
Array of actions to execute when conditions match (see Actions below)
​
enabled
boolean
default:"true"
Whether the rule is enabled
​
priority
number
default:"50"
Rule priority (1-100). Higher values = higher priority
​
score
number
Risk score to assign when rule matches (0-100). Used in score-based risk matrices
​
status
string
default:"active"
Rule status: draft, in_progress, in_review, active, shadow, archived, inactive
​
evaluationMode
string
default:"async"
Evaluation mode: sync (immediate) or async (background processing)
​
riskMatrixId
string
UUID of the risk matrix to associate this rule with
​
countries
array
Array of ISO country codes to restrict rule execution: ["BR", "AR", "US"]
​
scope
object
Additional scope configuration including temporal windows and triggers
​
tags
array
Array of tags for organizing rules: ["high-risk", "pep", "sanctions"]

​
Condition Structure

Rules use a nested condition structure with logical operators: 
{
  "operator": "AND" | "OR" | "NOT" | "XOR",
  "conditions": [
    {
      "id": "cond-unique-id",
      "type": "simple",
      "field": "enrichmentData.normalized.taxId",
      "operator": "eq",
      "value": "12.345.678/0001-90",
      "filters": [],
      "countryMetadata": {
        "countryCode": "BR",
        "confidence": 100,
        "manuallySet": true,
        "autoDetected": false,
        "reason": "Selected from BR enrichment fields"
      }
    }
  ]
}

​
Condition Fields

  • operator: Logical operator connecting conditions (AND, OR, NOT, XOR)
  • conditions: Array of condition objects (can be nested for complex logic)
  • id: Unique identifier for the condition
  • type: Condition type (simple, complex, array, object)
  • field: Field path to evaluate (e.g., taxId, entityData.company.revenue, enrichmentData.normalized.sanctions.$.type)
  • operator: Comparison operator (see Operators below)
  • value: Value to compare against
  • filters: Array of filters for array/object fields
  • countryMetadata: Country-specific metadata for the condition

​
Operators

​
Comparison Operators

  • eq - Equals
  • neq - Not equals
  • gt - Greater than
  • gte - Greater than or equal
  • lt - Less than
  • lte - Less than or equal

​
String Operators

  • contains - Contains substring
  • notContains - Does not contain substring
  • startsWith - Starts with
  • endsWith - Ends with
  • regex - Matches regular expression

​
Array Operators

  • in - Value is in array
  • notIn - Value is not in array
  • hasAny - Has any of the values
  • hasAll - Has all of the values

​
List Operators

  • inList - Value exists in a data list
  • notInList - Value does not exist in a data list

​
Existence Operators

  • exists - Field exists
  • notExists - Field does not exist
  • isEmpty - Field is empty/null
  • isNotEmpty - Field is not empty/null

​
Boolean Operators

  • isTrue - Boolean field is true
  • isFalse - Boolean field is false

​
Array Field Syntax

For fields within arrays, use the $ symbol: 
{
  "field": "enrichmentData.normalized.sanctions.$.type",
  "operator": "in",
  "value": "terrorism",
  "filters": []
}
This evaluates if ANY item in the sanctions array has type equal to "terrorism".

​
Filters

You can pre-filter array items before evaluation: 
{
  "field": "enrichmentData.normalized.legalProceedings.$.amount",
  "operator": "gt",
  "value": 100000,
  "filters": [
    {
      "field": "status",
      "operator": "eq",
      "value": "active"
    }
  ]
}
This evaluates if ANY active legal proceeding has an amount greater than 100,000.

​
Actions

Rules support multiple action types:

​
Create Alert

{
  "type": "createAlert",
  "createAlert": {
    "type": "FRAUD" | "COMPLIANCE" | "AML" | "KYC" | "OTHER",
    "title": "High Risk Transaction Detected",
    "description": "Transaction exceeds threshold",
    "severity": "LOW" | "MEDIUM" | "HIGH" | "CRITICAL",
    "recipients": ["user@example.com"]
  },
  "tags": ["high-value", "cross-border"]
}

​
Update Entity Status

{
  "type": "updateEntityStatus",
  "updateEntityStatus": {
    "status": "blocked",
    "reason": "Failed sanctions check"
  }
}

​
Send Notification

{
  "type": "sendNotification",
  "sendNotification": {
    "channel": "email" | "sms" | "webhook",
    "recipients": ["compliance@company.com"],
    "message": "Urgent: High risk entity detected"
  }
}

​
Create Case

{
  "type": "createCase",
  "createCase": {
    "title": "PEP Investigation Required",
    "description": "Entity flagged as politically exposed person",
    "assignee": "user-uuid"
  }
}

​
Example Requests

​
Simple KYC Rule - Check Tax ID

curl -X POST http://api.gu1.ai/rules \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "CNPJ Blocklist Check",
    "description": "Block companies with specific CNPJ",
    "category": "kyb",
    "targetEntityTypes": ["company"],
    "enabled": true,
    "priority": 100,
    "score": 85,
    "conditions": {
      "operator": "AND",
      "conditions": [
        {
          "id": "cond-1",
          "type": "simple",
          "field": "enrichmentData.normalized.taxId",
          "operator": "eq",
          "value": "33.592.510/0001-54",
          "filters": [],
          "countryMetadata": {
            "countryCode": "BR",
            "confidence": 100,
            "manuallySet": true,
            "autoDetected": false,
            "reason": "Selected from BR enrichment fields"
          }
        }
      ]
    },
    "actions": [
      {
        "type": "createAlert",
        "createAlert": {
          "type": "COMPLIANCE",
          "title": "Blocklisted Company Detected",
          "description": "Company CNPJ found in blocklist",
          "severity": "CRITICAL",
          "recipients": ["compliance@company.com"]
        },
        "tags": ["blocklist", "high-priority"]
      },
      {
        "type": "updateEntityStatus",
        "updateEntityStatus": {
          "status": "blocked",
          "reason": "CNPJ in blocklist"
        }
      }
    ],
    "scope": {
      "type": "entity",
      "countries": ["BR"],
      "entityTypes": ["company"]
    },
    "status": "active",
    "evaluationMode": "sync"
  }'

​
Complex Rule - Sanctions Check with Multiple Conditions

curl -X POST http://api.gu1.ai/rules \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Terrorism Sanctions Check",
    "description": "Detect entities with terrorism-related sanctions",
    "category": "aml",
    "targetEntityTypes": ["person", "company"],
    "enabled": true,
    "priority": 100,
    "score": 95,
    "conditions": {
      "operator": "OR",
      "conditions": [
        {
          "id": "cond-1",
          "type": "simple",
          "field": "enrichmentData.normalized.sanctions.$.type",
          "operator": "in",
          "value": "terrorism",
          "filters": [],
          "countryMetadata": {
            "countryCode": "GLOBAL",
            "confidence": 100,
            "manuallySet": true,
            "autoDetected": false,
            "reason": "Global sanctions field"
          }
        },
        {
          "id": "cond-2",
          "type": "simple",
          "field": "enrichmentData.normalized.sanctioned",
          "operator": "isTrue",
          "value": true,
          "filters": []
        }
      ]
    },
    "actions": [
      {
        "type": "createAlert",
        "createAlert": {
          "type": "AML",
          "title": "Sanctions Match - Immediate Review Required",
          "description": "Entity matched terrorism sanctions list",
          "severity": "CRITICAL",
          "recipients": ["aml-team@company.com"]
        },
        "tags": ["sanctions", "terrorism", "critical"]
      },
      {
        "type": "updateEntityStatus",
        "updateEntityStatus": {
          "status": "blocked",
          "reason": "Terrorism sanctions match"
        }
      },
      {
        "type": "createCase",
        "createCase": {
          "title": "Sanctions Investigation Required",
          "description": "Entity flagged for terrorism-related sanctions",
          "assignee": "compliance-lead-uuid"
        }
      }
    ],
    "scope": {
      "type": "entity",
      "entityTypes": ["person", "company"]
    },
    "status": "active",
    "evaluationMode": "sync",
    "tags": ["sanctions", "aml", "critical"]
  }'

​
Transaction Monitoring Rule

curl -X POST http://api.gu1.ai/rules \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "High Value Transaction Alert",
    "description": "Alert on transactions over $50,000 USD",
    "category": "fraud",
    "targetEntityTypes": ["transaction"],
    "enabled": true,
    "priority": 80,
    "score": 70,
    "conditions": {
      "operator": "AND",
      "conditions": [
        {
          "id": "cond-1",
          "type": "simple",
          "field": "amountInUsd",
          "operator": "gt",
          "value": 50000,
          "filters": []
        },
        {
          "id": "cond-2",
          "type": "simple",
          "field": "status",
          "operator": "eq",
          "value": "PENDING",
          "filters": []
        }
      ]
    },
    "actions": [
      {
        "type": "createAlert",
        "createAlert": {
          "type": "FRAUD",
          "title": "High Value Transaction Detected",
          "description": "Transaction exceeds $50,000 threshold",
          "severity": "HIGH",
          "recipients": ["fraud-team@company.com"]
        },
        "tags": ["high-value", "pending-review"]
      }
    ],
    "scope": {
      "type": "transaction"
    },
    "status": "active",
    "evaluationMode": "sync"
  }'

​
Response

​
id
string
UUID of the created rule
​
name
string
Rule name
​
description
string
Rule description
​
organizationId
string
Your organization ID
​
status
string
Current rule status
​
enabled
boolean
Whether rule is enabled
​
version
number
Rule version number
​
createdAt
string
ISO timestamp of creation
​
createdBy
string
User ID who created the rule

​
Response Example

{
  "id": "e2cdd639-52cc-4749-9b16-927bfa5dfaea",
  "organizationId": "71e8f908-e032-4fcb-b0ce-ad0cd0ffb236",
  "name": "CNPJ Blocklist Check",
  "description": "Block companies with specific CNPJ",
  "category": "kyb",
  "status": "active",
  "enabled": true,
  "priority": 100,
  "score": 85,
  "conditions": {
    "operator": "AND",
    "conditions": [...]
  },
  "actions": [
    {
      "type": "createAlert",
      "createAlert": {...},
      "tags": ["blocklist", "high-priority"]
    }
  ],
  "scope": {
    "type": "entity",
    "countries": ["BR"],
    "entityTypes": ["company"]
  },
  "targetEntityTypes": ["company"],
  "evaluationMode": "sync",
  "version": 1,
  "previousVersionId": null,
  "tags": [],
  "createdBy": "f35c10cb-9b67-4cda-9aea-f36567375dba",
  "createdAt": "2024-12-23T10:00:00.000Z",
  "updatedAt": "2024-12-23T10:00:00.000Z",
  "stats": {
    "executions": 0,
    "successes": 0,
    "failures": 0
  }
}

​
Error Responses

​
400 Bad Request - Invalid Condition

{
  "error": "Validation failed",
  "details": {
    "field": "conditions",
    "message": "Invalid operator 'xyz'"
  }
}

​
400 Bad Request - Missing Required Fields

{
  "error": "Validation failed",
  "details": {
    "missingFields": ["name", "targetEntityTypes", "conditions"]
  }
}

​
401 Unauthorized

{
  "error": "Invalid or missing API key"
}

​
Best Practices

  1. Start with Shadow Mode: Use status: "shadow" to test rules without affecting production
  2. Use Descriptive Names: Make rule names clear and searchable
  3. Set Appropriate Priorities: Higher priority rules execute first (1-100 scale)
  4. Tag Your Rules: Use tags for organization and filtering
  5. Country-Specific Rules: Use scope.countries for geo-specific compliance
  6. Test Thoroughly: Test rules with sample data before enabling
  7. Monitor Performance: Use sync mode for critical real-time rules, async for batch processing
  8. Score Strategically: Align scores with your risk matrix thresholds

​
See Also