Integration Patterns
FinWatch supports three primary integration patterns:
Most deployments use a combination: Direct API for real-time evaluation and Data Synchronization for historical context.
Direct API: POST /inject
The most common integration pattern. Your application sends each transaction to FinWatch for real-time risk evaluation.
Endpoint
Request Payload
Required vs. Optional Fields
Response
- Success:
200 OKwith an empty body. - Bad Request:
400 Bad Requestwith an error message if the JSON is malformed. - Server Error:
500 Internal Server Errorif the transaction cannot be processed.
Integration Examples
curl
Node.js (fetch)
Python (requests)
Go (net/http)
Best Practices for Direct API Integration
- Send transactions asynchronously. Don’t block your main transaction processing pipeline waiting for FinWatch’s response. Use a background queue or goroutine.
- Set a timeout. FinWatch should respond within 50ms for most transactions. Set a 5-second timeout to handle edge cases, and fall back to allowing the transaction if FinWatch is unresponsive.
- Include rich metadata. The more data you send in
meta_data, the more expressive your rules can be. Include IP addresses, device types, geo-location, MCC codes, account age, KYC level — anything that could be relevant for fraud detection. - Use consistent field names. If your rules reference
metadata.destination_country, make sure every transaction includes that exact field name. A typo means the rule silently fails.
Blnk Webhook Integration
If you’re using Blnk as your ledger, FinWatch can receive transaction events directly from Blnk’s webhook system.Endpoint
Webhook Payload Format
Blnk sends webhook events in this format:Configuring Blnk to Send Events
In your Blnk configuration, set the webhook URL to point to FinWatch:How It Works
- Blnk processes a transaction and emits a
transaction.createdevent. - The webhook payload is sent to FinWatch’s
/blnkwebhookendpoint. - FinWatch extracts the
datafield and converts it into aTransactionstruct. - The transaction is injected into DuckDB and evaluated against all active rules.
- FinWatch returns
200 OKwith a confirmation message.
Response
When to Use Webhook vs. Direct API
Data Synchronization
For aggregate functions to work effectively, FinWatch needs historical transaction data. If you’re using Blnk with a PostgreSQL database, the watermark sync feature automatically copies data from PostgreSQL into FinWatch’s local DuckDB.Why Data Sync Matters
Consider this rule:Configuration
Set theBLNK_DSN environment variable to your Blnk PostgreSQL connection string:
What Gets Synced
The watermark sync copies four entity types from PostgreSQL to DuckDB:Sync Behavior
- Incremental: Only new records (since the last sync) are transferred.
- Automatic: Runs periodically in the background.
- Resilient: Uses a watermark (timestamp + ID) to track progress. If interrupted, it resumes from the last watermark.
- Non-blocking: Sync runs in a background goroutine and does not block transaction processing or rule evaluation.
For the complete technical specification of the watermark sync mechanism, see the Watermark Sync Documentation.
Handling Verdicts
When a transaction triggers one or more rules, FinWatch produces a consolidated risk assessment. Here’s how to handle each verdict type in your application:Verdict Response Flow
Implementation Pattern
Since FinWatch processes transactions asynchronously via the risk evaluation worker, verdicts are communicated through:- Anomaly Notifications — Sent via the WebSocket tunnel to the Blnk Cloud dashboard.
- Logs — All verdicts are logged with full context (transaction ID, score, verdict, reason).
- Instructions API — You can query the
GET /instructionsendpoint to see all active rules and their compiled state.
Querying Active Instructions
Anomaly Notifications
FinWatch sends real-time anomaly notifications to the Blnk Cloud dashboard via a persistent WebSocket tunnel.What Gets Reported
When the risk consolidator determines a transaction is risky, it sends anAnomalyMessage containing:
Risk Level Mapping
The risk consolidator maps the aggregated risk score to a risk level:Resilience
- If the WebSocket tunnel is disconnected, anomalies are logged locally but not sent. Transaction processing is never blocked by a reporting failure.
- The tunnel automatically reconnects when the connection is restored.
- No anomaly data is lost from the DuckDB storage — it’s always available locally regardless of tunnel status.
Health Monitoring
Verifying FinWatch is Running
The simplest health check is to call the instructions endpoint:200 OK response (even with an empty array []) confirms FinWatch is running and the API is responsive.
Checking Git Repository Status
If you’re using GitOps, check the sync status:Monitoring Key Indicators
In production, monitor these indicators:Integration Checklist
Before going to production, verify:- Transactions are flowing. Inject a test transaction and verify it appears in FinWatch.
- Rules are loaded. Check
GET /instructionsreturns your expected rules. - Rules are firing. Inject a transaction that should trigger a rule and verify the verdict.
- Metadata is complete. Verify that all fields referenced by your rules are present in the transaction payload.
- Data sync is working. If using
BLNK_DSN, verify that historical data is being synced. - Anomaly reporting works. If using the WebSocket tunnel, verify anomalies appear on the dashboard.
- Error handling is in place. Test what happens when FinWatch is unavailable. Your application should fail gracefully.
- Timeouts are configured. Set appropriate timeouts on all HTTP calls to FinWatch.
Next Steps
- Production Deployment — Configure FinWatch for production workloads.
- GitOps Rule Management — Set up Git-based rule deployment.
- Troubleshooting — Resolve common integration issues.
- API Documentation — Full REST API reference with all endpoints.
.png?fit=max&auto=format&n=0JF6z69u57hmqsWm&q=85&s=531373acedba0eb783b669f6d558dfd8)