Skip to content

Optional ageTiers parameter for privacy-preserving granularity #248

Description

@yyeAduna

Problem description
Current consumers of the API (e.g., banks) often need more granular signals to assess account-takeover risk alongside their own data. A simple boolean result (True/False) doesn’t provide enough detail, while returning the underlying event date/time isn’t feasible due to strict privacy requirements (e.g., GDPR) and operator restrictions. As a result, clients must make multiple calls with different maxAge values (for example, 1 hour, then 24 hours) to infer the risk level—creating unnecessary network and API load and poor overall performance.

Possible evolution
Introduce an optional input parameter ageTiers (list of integers) that enables a "Tiered Response" mode, where the highest tier is the maxAge.

Backward Compatible: If ageTiers is omitted, the API behaves exactly as it does today (using maxAge).

Privacy Friendly: Returns a tier index rather than an exact timestamp.

Efficient: Reduces N API calls to 1 call.

Alternative solution
make multiple calls with different maxAge values

Additional context
Samples1: Swapped at 3 hour ago

input:
{
"phoneNumber": "+1234567890",
"maxAge": 240,
"ageTiers": [1,4,24,72,240]
}

output:
{
"swapped": true, // Calculated using maxAge (3 < 240)
"tierIndex": 1 // 3 hours is > 1 but <= 4. It falls in the second bucket (Index 1).
}

Samples1: Swapped at more than 240 hour ago
output:
{
"swapped": false,
"tierIndex": -1 // out of the maxAge
}

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or request

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions