Antifraud & Approval Flow
Financial transactions (PIX transfers, bill payments, external transfers) pass through an antifraud evaluation layer before execution.
Flow
Client Request
│
▼
┌─────────────────┐
│ Rate Limiter │ ── 429 Too Many Requests
└────────┬────────┘
│
▼
┌─────────────────┐
│ Tenant Billing │ ── 503 Suspended
└────────┬────────┘
│
▼
┌─────────────────┐
│ Antifraud Check │
└────────┬────────┘
│
┌────┼────┐
▼ ▼ ▼
200 202 403
OK Pending BlockedResponse Codes
200 OK — Transaction Approved
The transaction was approved and executed successfully.
202 Accepted — Pending Approval
The transaction was flagged and requires manual approval. The response includes:
json
{
"status": "PENDING_APPROVAL",
"data": {
"message": "Transaction requires approval",
"approvalType": "USER"
}
}| Approval Type | Description |
|---|---|
USER | Account holder must approve via email link |
ADMIN | Tenant admin must approve |
COMPLIANCE | Compliance officer must approve |
403 Forbidden — Transaction Blocked
The transaction was blocked by security rules.
json
{
"status": "ERROR",
"message": "Transaction blocked by security policy"
}Idempotency
For all financial operations, send an Idempotency-Key header with a UUID to prevent duplicate transactions:
Idempotency-Key: 550e8400-e29b-41d4-a716-446655440000- If a request with the same key was already processed, the original response is returned
- Keys are valid for 24 hours
- Always generate a new UUID for each distinct transaction intent