StaySignals
Risk API

Handling the response

Route the checkout based on suggested_action.

Each /v1/risk response carries a suggested_actionallow, challenge, or deny — that tells you how to route the checkout. You decide the mechanism.

allow

Commit the reservation. No extra steps.

challenge

A reserved middle option. In practice StaySignals rarely returns challenge — treat it as an escape hatch rather than a common branch.

When it does come back, you decide: let the booking through, or route it to a manual review queue. StaySignals does not prescribe the mechanism.

deny

Stop the checkout and surface a neutral error to the user. Don't spell out the reason — a generic "we couldn't process this booking" message is enough.

Store the decision ID

For every decision — regardless of action — store decision_id on the order record:

POST /orders
{
  ...,
  "pot_decision_id": "dec_8f2a1c7b2e8d"
}

The decision ID is your entry point for looking up the full decision in the Dashboard later — helpful when a customer pushes back on a denial, when operations wants to audit a batch, or when you're tuning your routing logic.

POST /v1/risk

Score a booking attempt and get back a decision.

Errors

HTTP status codes, error shape, and a fail-open recommendation for checkout.

On this page

allowchallengedenyStore the decision ID