# How it works

<img src="https://992597239-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FglP5cKjSNRgDHCPNNsT4%2Fuploads%2FLC3WIAqy3qG6DHwvWkJ4%2Ffile.excalidraw.svg?alt=media&#x26;token=2857679c-cd63-4747-9098-b12ee5c09457" alt="" class="gitbook-drawing">

### Workflow

1. **Create Decision:** Send a transaction to the `create_decision` endpoint to get an initial risk assessment.
2. **Evaluate Result:**
   * If the status is `Accepted` or `Rejected`, the decision is final.
   * If the status is `Review`, the transaction requires manual review.
3. **Update Decision (if needed):** For transactions in `Review` status, use the `update_decision` endpoint with the `transaction_id` obtained in step 1 to make a final decision.

***

### Risk Information Codes

Information codes (`info_codes`) provide details about the factors that influenced the decision:

* **address:** Address-related codes
* **phone:** Phone-related codes
* **globalVelocity:** Transaction velocity codes
* **suspicious:** Suspicious activity indicators
* **identityChange:** Identity change indicators
* **internet:** IP and internet-related information

***

### Error Handling

In case of an error, the API will return a response with the following format:

{% code overflow="wrap" %}

```json
{
    "status_code": "ERROR_CODE",
    "status": "fail",
    "description": "Error description"
}
```

{% endcode %}

Common HTTP error codes include:

* `400 Bad Request`: Invalid parameters
* `401 Unauthorized`: Invalid API key
* `403 Forbidden`: Resource not found
* `500 Internal Server Error`: Internal server error