Radar

Radar allows you to detect, verify, and block harmful behavior in real time. The Radar API supports the management of WorkOS Radar block and allow lists as well as standalone Radar use-cases. While Radar is natively integrated with AuthKit, you can also leverage Radar’s risk decisioning engine outside of AuthKit to detect fraudulent sign-in and signup attempts in your own custom authentication flows using the attempts API.

The Radar standalone API is currently in preview, contact us to request access.

Attempts

A Radar attempt represents a sign-in or signup attempt and includes context such as IP address and user agent. The Radar engine assesses attempts for risk and returns a decision that you can use to drive behavior in your application.

Create an Attempt

Evaluates an authentication attempt based on the parameters provided and returns a verdict.

cURL

 curl https://api.workos.com/radar/attempts \
  --header "Authorization: Bearer sk_example_123456789" \
  --header "Content-Type: application/json" \
  --request POST \
  --data '{
    "ip_address": "192.168.1.1",
    "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.114 Safari/537.36",
    "email": "test@example.com",
    "auth_method": "Password",
    "action": "signup"
  }'

POST

`/radar/attempts`

`Returns`

Update an Attempt

You may optionally inform Radar that an authentication attempt or challenge was successful using this endpoint. Some Radar controls depend on tracking recent successful attempts, such as impossible travel.

cURL

 curl https://api.workos.com/radar/attempts/01E4ZCR3C56J083X43JQXF3JK5 \
  --header "Authorization: Bearer sk_example_123456789" \
  --header "Content-Type: application/json" \
  --request PUT \
  --data '{
    "attempt_status": "success"
  }'

PUT

`/radar/attempts/:id`

`Parameters`

Radar lists

Radar supports explicitly blocking and allowing attempts based on attempt attributes. You can manage these lists via the Radar list management APIs

Add Entry

Adds an entry to a Radar list

cURL

 curl https://api.workos.com/radar/lists/ip_address/block \
  --header "Authorization: Bearer sk_example_123456789" \
  --header "Content-Type: application/json" \
  --request POST \
  --data '{
    "entry": "49.78.240.97"
  }'

POST

`/radar/lists/:type/:action`

`Parameters`

Remove Entry

Removes an entry from a Radar list

cURL

 curl https://api.workos.com/radar/lists/ip_address/block \
  --header "Authorization: Bearer sk_example_123456789" \
  --header "Content-Type: application/json" \
  --request DELETE \
  --data '{
    "entry": "49.78.240.97"
  }'

DELETE

Radar

Attempts

Create an Attempt

/radar/attempts

ip_address: string

user_agent: string

email: string

auth_method: "Password" | "Passkey" | "Authenticator" | "SMS_OTP" | "Email_OTP" | "Social" | "SSO" | "Other"

action: "sign-up" | "sign-in"

Returns

verdict: "allow" | "block" | "challenge"

reason: string

attempt_id: string

control?: "bot_detection" | "brute_force_attack" | "credential_stuffing" | "domain_sign_up_rate_limit" | "ip_sign_up_rate_limit" | "impossible_travel" | "repeat_sign_up" | "stale_account" | "unrecognized_device" | "restriction"

blocklist_type?: "ip_address" | "domain" | "email" | "device" | "user_agent" | "device_fingerprint"

Update an Attempt

/radar/attempts/:id

challenge_status: "success"

attempt_status: "success"

Parameters

id: string

Radar lists

Add Entry

/radar/lists/:type/:action

entry: string

Parameters

type: "ip_address" | "domain" | "email" | "device" | "user_agent" | "device_fingerprint"

action: "block" | "allow"

Remove Entry

/radar/lists/:type/:action

entry: string

Parameters

type: "ip_address" | "domain" | "email" | "device" | "user_agent" | "device_fingerprint"

action: "block" | "allow"

`/radar/attempts`

`Returns`

`/radar/attempts/:id`

`Parameters`

`/radar/lists/:type/:action`

`Parameters`

`/radar/lists/:type/:action`

`Parameters`