Introduction

    Welcome to Frogo. Defend Your Data with Cutting-Edge Anti-Fraud Technology. This portal serves as the central API documentation and integration hub with Frogo’s anti-fraud platform. It provides developers and partners the source of schemas, integration events and other relative technical explanations.

    Terminology

    Term Description
    Digital Customer Platform A client application that is integrated with Frogo solution.
    Frogo Complex solution landscape that is responsible for detecting and fraud management.
    Frogo Admin Panel Web-based management system for creating and managing anti-fraud policies and analyzing received preconfigured events.
    Frogo User A user with credentials inside the Frogo Admin Panel.
    Private List This feature enables an organization to securely create and manage a private list with transferred data originating from the Digital Customer Platform. Data transferring is executed via the REST API into the Frogo Admin Panel, where it becomes available for configuration and use for the future scoring transactions.
    Scoring (Frogo Scoring Engine) The core service within the Frogo application responsible for evaluating any type of business transaction to determine whether it is fraudulent or potentially fraudulent.
    Scoring Event An event that should be scored to detect potential fraud activities.
    Example:
    – Initial registration
    – Initial deposit
    – Initial withdrawal

    Integration Schema

    The integration schema defines the structure, data flow, and interaction logic between Frogo’s Anti-Fraud API and external partner systems.

    Our comprehensive API is designed to seamlessly integrate digital platforms with Frogo, providing robust anti-fraud solutions that protect your business and customers in real time.

    The integration process with Frogo consists of two sub-processes (described below):

    1. Device Fingerprint Integration
    2. Service-to-Service Integration

    The general end-to-end integration schema is presented below.

    Image

    Integration Steps

    Step Mandatory Description
    Step 1 Frogo creates a stand-alone organization inside the system with all entities and user role assignment.
    Step 2 A ready-based script should be placed in HTML.
    Step 3 Frogo generates an API key as a mandatory parameter that must be provided to the Digital Customer Platform to complete the authentication process.

    Note:
    All event types and associated data must be predefined and mutually agreed upon from a business perspective between the Partner and Frogoprior to integration.
    Step 4 The Digital Customer Platform sends Initial Scoring Event transactions using the POST method to receive scoring results based on the agreed event types and predefined data structures for each event.

    Examples of initial events include:
    - Initial registration
    - Initial deposit
    - Initial withdrawal
    Step 5 In case of any updates to a transaction previously sent to Frogo, the Digital Customer Platform may issue a PATCH request to the Frogo Scoring Engine to notify Frogo about the changes.

    Note:
    The value of event_id must be identical to the event_id used in the original POST scoring transaction.
    Step 6 In case of updates to the customer's final review status, the digital platform should notify Frogo using the provided PUT method in order to store the customer's current state for use in future scoring.

    Note:
    “event_id” should be equal to the event_id sent on the previous POST scoring transaction.
    Step 7 The entire setup of the organization’s policy or set of policies, along with related triggers and variables, may be provided by Frogo experts or configured by the Partner through the Frogo Admin Panel.
    Step 8 Before sending production transactions, Frogo recommends testing transaction events for the agreed trial period.
    1. Review

    Frogo provides customized “Frogo Technical Integration Documentation” that is generated for a Digital Customer Platform dedicated URLs, credentials. Before the integration process, we recommend investigating the technical specification.

    2. Create

    Frogo creates stand-alone Sandbox and Prod organisations

    • Client receives Frogo Admin Backoffice URL
    • Client receives Root login and password for Sandbox and Prod organisations.
    3.1. Provide Fingerprint Integration parameters

    The ready-based JavaScript script must be placed within the <head> … </head> section of the HTML on each page where a user initiates a scoring event. Within the script, only the following three parameters must be replaced with client-specific values:

    • FP JS URL (in Base64 encoded)
    • Backend URL (in Base64 encoded)
    • API Key (Sandbox and Prod)

    Note: Already based scripts (Sandbox and Prod) are located in the “Dedicated Parameters”.

    3.2. Provide Scoring Integration parameters

    Authentication and API Access
    Frogo generates two API Keys as mandatory authentication parameters for each organisation:

    • Sandbox
    • Prod

    These API keys are required to successfully pass the authentication process.
    The Frogo Scoring Engine is exposed via a single, universal API endpoint with multiple methods available within it.
    Note: The API Keys used for Fingerprint and Scoring Integration are the same.

    3.3. Map data with the Scoring Structure

    A Frogo specialist assists the client in identifying potential fraudulent events and agreeing on the operational data that can be transferred within a scoring transaction to detect potential fraud.
    Note: The output of this process is an agreed, mapped data file with a defined data structure. Link to the file located in the “Dedicated Parameters” .

    4. Integration test

    A Client tests Fingerprint and Scoring transactions using a Sandbox API Key.

    • A Client receives a Scoring Event response from Frogo (see Swagger).
    • Data received from the Client’s Digital Platform is displayed in the Frogo Admin Panel, in the “Overall” section.
    4. Go-Live in production organisation

    All transactions in the Production environment must be sent using the Production API Key.

    Dedicated Parameters

    The parameters listed below are client-specific and will be provided by Frogo as part of the “Frogo Technical Integration Documentation”.These values are required to properly configure the integration and ensure secure communication between the client’s Digital Platform and Frogo services. All parameters are provisioned individually and must be used exactly as supplied.

    Parameter Scope
    FP JS URL N/A
    FP JS URL (base64) Fingerprint
    Backend URL N/A
    Backend URL (base64) Fingerprint
    Scoring URL Scoring
    Api Key Sandbox Fingerprint/Scoring
    Api Key Prod Fingerprint/Scoring
    BackOffice URL Backoffice
    Backoffice Sandbox login Backoffice
    Backoffice Sandbox password Backoffice
    Backoffice Prod login Backoffice
    Backoffice Prod password Backoffice
    Scoring Event Data File Scoring/Backoffice

    Device Fingerprint Integration

    Device Fingerprinting is a cutting-edge technology used to uniquely identify and track devices accessing your services. Unlike traditional tracking methods that rely solely on cookies, device fingerprinting collects various hardware and software attributes of the user’s device to generate a distinctive “device fingerprint.” These attributes include the operating system, browser type, language settings, screen resolution, and more.

    During the integration phase, Frogo provides a JavaScript snippet that must be placed inside the <head> {code.js} </head> section of each relevant HTML page on your digital platform

    1. The fingerprint data collected from these web elements is transmitted to an internal service for further processing and analysis.
    2. All scoring transactions executed via the service-to-service integration approach that are triggered from a front-end element on a digital platform are mapped to the fingerprintSessionId, which is required by the Scoring API to ensure consistency and traceability across sessions.
      If a scoring transaction is not associated with a front-end (web) customer interaction, the fingerprintSessionId may be omitted.
    3. To obtain the session ID, use the following function call: 
      fpSessionID = await aftSID();

      The variable fpSessionID will contain the string value of the current session ID.

    4. For checking on success java script sending you should use one of the following method: 
      window.aft.send();  // send profiling (device fingerprint)
//or
await window.aft.send(); // response waiting for sent data
//or
window.aft.send().then(() => {}).catch(() => {}); 
// callback function then() for success, catch() in case of failure
      • Success response example: {“ok”: true}
      • Failure response example: {“ok”: false, “error”:”message”}
      • Code 401 Unauthorized (invalid API key) Invalid or expired API Key.
      • Code 404 Not Found (script not loaded, script URL is incorrect).

    Service-to-Service Integration

    curl --location --request {Method} 'https://s.frogo-aft.com/?api_key=...' \
--header 'ak: org_api_key' \
--header 'Content-Type: application/json' \
--data-raw '{ ... }'
    Methods list

    Initial Scoring any events

    POST https://{customer_domain}

    Response example 
    200 Success response
{
  "error": "string",
  "event_id": "string",
  "reason_scores": {
    "additionalProp1":0,
    "additionalProp2":0,
    "additionalProp3":0
  },
  "reasons": [
    "string"
  ],
  "request_id": "string",
  "review_code": 0,
  "review_status": "string",
  "score": 0,
  "variables": {
    "additionalProp1":{}
  }
}

    Update previously received scoring event

    PATCH https://{customer_domain}

    Response example 
    200 Success response
{
  "data": "string",
  "error": {
    "code": 0,
    "message": "string"
  },
  "ok": true,
  "pagination": {
    "page": 0,
    "pages": 0,
    "per_page": 0,
    "total": 0
  }
}

    Set final review customer status on Frogo system

    PUT https://{customer_domain}/final-status

    200 Success response

    Create a new list, adding/removing attributes from the previous created list

    POST https://{customer_domain}/v1/lists

    200 Success response

    Check value in a list

    GET https://{customer_domain}/v1/lists/exist/{id}/{value}

    Response example 
    200 Success response
{
  "data": {
    "exist": true
  },
  "error": {
    "code": 0,
    "message": "string"
  },
  "ok": true,
  "pagination": {
    "page": 0,
    "pages": 0,
    "per_page": 0,
    "total": 0
  }
}

    Lists statistics

    GET https://{customer_domain}/v1/statistics

    Response example 
    200 Success response
{
  "data": {
    "lists_data": [
      {
        "added_values_count": 0,
        "available_values_to_add": 0,
        "list_id": "string"
      }
    ],
    "max_lists_count": 0,
    "max_values_per_list": 0
  },
  "error": {
    "code": 0,
    "message": "string"
  },
  "ok": true,
  "pagination": {
    "page": 0,
    "pages": 0,
    "per_page": 0,
    "total": 0
  }
}

    Deletion of a private list

    DELETE https://{customer_domain}/v1/lists/{id}

    Response example 
    200 Success response
{
  "data": {
    "exist": true
  },
  "error": {
    "code": 0,
    "message": "string"
  },
  "ok": true,
  "pagination": {
    "page": 0,
    "pages": 0,
    "per_page": 0,
    "total": 0
  }
}

    Error codes

    This section describes the most common error responses that can be returned by the API. Each error code indicates a specific type of issue encountered while processing a request, helping clients quickly identify and resolve problems during integration.

    • 400 Bad Request
      The request is malformed or contains invalid parameters. Please verify the request syntax and required fields.
    • 401 Authorization Error
      Authentication failed or is missing. Ensure that valid authorization credentials are provided.
    • 404 Event Not Found
      The requested event does not exist or cannot be found. Verify the event identifier and request endpoint.
    • 422 Validation or System Error
      The request was well-formed but could not be processed due to validation errors or internal processing issues.
    • 500 Server Error
      An unexpected error occurred on the server while processing the request. Retry the request later or contact support if the issue persists.
    400 Bad request error 
    {
  "data": "string",
  "error": {
    "code": 0,
    "message": "string"
  },
  "ok": true,
  "pagination": {
    "page": 0,
    "pages": 0,
    "per_page": 0,
    "total": 0
  }
}
    401 Authorization error 
    {
  "data": "string",
  "error": {
    "code": 0,
    "message": "string"
  },
  "ok": true,
  "pagination": {
    "page": 0,
    "pages": 0,
    "per_page": 0,
    "total": 0
  }
}
    404 Event not found error 
    {
  "data": "string",
  "error": {
    "code": 0,
    "message": "string"
  },
  "ok": true,
  "pagination": {
    "page": 0,
    "pages": 0,
    "per_page": 0,
    "total": 0
  }
}
    422 Validation or system error 
    {
  "data": "string",
  "error": {
    "code": 0,
    "message": "string"
  },
  "ok": true,
  "pagination": {
    "page": 0,
    "pages": 0,
    "per_page": 0,
    "total": 0
  }
}
    500 Server error 
    {
  "data": "string",
  "error": {
    "code": 0,
    "message": "string"
  },
  "ok": true,
  "pagination": {
    "page": 0,
    "pages": 0,
    "per_page": 0,
    "total": 0
  }
}

    General Scoring Execution Configuration

    The purpose of this section is to provide an overview of how external Digital Customer Platforms interact with the Frogo Scoring Engine when executing scoring requests. It defines the general configuration principles, request structure.

    This section serves as a foundation for:

    • Identifying the request parameters.
    • Providing a reference for developers and integrators before exploring specific endpoints and examples in Swagger documentation.

    POST https://{customer_domain}

    Requested parameters:

    Field Name Data Type Field Description Example
    JSON Request Structure
    [RFC3339] date and time of event.Note!!!
    1. If 6 months <= event_time <= system dateTime, then Frogo stores received event_time (applied for historical data).
    2. If event_time < 6 months, then Frogo stores transactions with the current system dateTime.
    3. If event_time > system dateTime, Frogo returns an error message."    		 "0001-01-01T00:00:00Z"
    standard object
    type of event for scoring Registration, deposit, withdrawal, login, sms, promocode, password_reset
    Name of policy inside Frogo system that should be used for event scoring. Default, registration, cashdesk, sms, promocode, password_reset
    unique request ID 4218XXXX
    organization segment Brand1, brand2
    session object
    unique Device Fingerprint ID fetched from UI (FE) event 88d3b405-3faa-44ee-b991-c3a12f10720d
    account object
    Unique user ID.
    If account.login is not defined, then the value should be NULL    		 42187883
    test@test.com
    +990000000000
    account hashed password PQtXS3nY_AOk5SwmMBZ2wjFfxuB14N6BkPOe4yk-XXX
    [RFC3339] date of birth 1985-04-12T00:00:00.00Z
    Maxwel
    Mixwel
    Crid
    male
    ISO alpha-2 code. UK
    account country residence. ISO alpha-2 code. BR
    account city residence Santa Maria
    account street residence Santa square
    75240000
    RUT
    11111XXXX
    account currency EUR
    ISO alpha-2 code. EN
    the project where transaction occurred casino, sport
    affiliate label for account determination 17v99ba9
    partnerParams.SubId1
    partnerParams.SubId2
    partnerParams.SubId3
    partnerParams.SubId4
    partnerParams.SubId5
    chose bonus on the first transaction bonus1
    tax number for Brazil. Mandatory for Brazil registration 3791797093
    ISO alpha-2 code. UK
    UK
    https://test.test.com/
    BR
    account_num object
    [RFC3339] the number of full days that have passed since the customer registered for the product "2006-01-02T15:04:05Z07:00"
    payment object
    the currency in which the payment was made eur
    Internal payment identifier on cashdesk 694749986
    external transaction identifier from payment aggregators 100003455525
    payment channel for the transaction channel1
    Alan Smith
    440000******1111
    hashed payment number d33fd8ba99247b9f5f21d66ff6bb3cf496ce0c3d55710a28ca0c60648d7a6662
    [RFC3339] time date of payment initialization "2006-01-02T15:04:05Z07:00"
    [RFC3339] time date of payment update "2006-01-02T15:04:05Z07:00"
    [RFC3339] time date of payment approval "2006-01-02T15:04:05Z07:00"
    a message accompanying the payment with a detailed description of the current status Payment was successful
    344617396
    d33fd8ba99247b9f5f21d66ff6bb3cf496ce0c3d55710a28ca0c60648d7a6662
    display chargeback regarding transaction
    project where success deposits occur (casino/sport) casino
    payment status Success
    withdrawal type (manual, auto) auto
    card
    payment_num object
    internal payment identifier on payment system
    amount of all success account deposits for all the time
    amount of all success withdrawal deposits for all the time
    payment_bool object
    was there a refund along the way
    checkout object
    +990000000000
    input_ip object
    IP address of account requests on client app
    card object
    card bin. The first six digits 440000
    hashed unique id of payment card
    hashed account of full card number
    Custom_int (1-50) object
    Custom_str (1-50) object
    Custom_float (1-50) object

    Response parameters:

    Field Name Data Type Field Description Example
    JSON Request Structure
    Unique identifier of the alert generated by the system. "a1b2c3d4"
    Error message returned when the request fails. "Invalid payload format"
    Identifier of the event being processed by the scoring system. "9bac6617ec5e630d6…”
    Textual explanations describing why a certain decision or score was produced. "customer_younger_18",
    "test trigger Hanna 14.08",
    "2 deposits zero bets",
    Unique identifier of the client request.
    Numeric review decision code 0
    Review decision status (e.g., "pass", "review", "reject"). “pass”
    Final scoring result, depending on the model’s scoring scale. 38
    List of activated signals.
    List business/logic rules ( triggered).
    Additional variables used during scoring; values may contain nested structures. "phones_per_account": 0,
    "devices_per_email": 0,

    Specific Integration Events

    To effectively mitigate fraud risks, it is essential to adapt your anti-fraud scoring strategies to each specific transaction type.

    This section outlines best practices for capturing and analyzing key data fields across major interactions, including registration, login, transactions, password resets, SMS verifications, and promo code usage. The Frogo team can also configure custom events tailored to your operational business processes — simply contact our support team for assistance.

    Registration

    Before making a final decision about whether to register a new user, the Digital Customer Platform can send a Scoring Request to the Frogo Scoring Engine to verify if the user demonstrates any suspicious or high-risk behavior within the Frogo Solution.

    POST https://{customer_domain}

    Field Name Data Type Field Description Example
    name of policy inside Frogo system registration
    [RFC3339] date and time of event. "2006-01-02T15:04:05Z07:00"
    type of event for scoring registration
    unique request ID 4218XXXX
    account city residence Santa Maria
    account country residence BR
    account Post code 75240000
    account street residence Santa square
    chose bonus on the first deposit bonus_casino
    tax number for Brazil. Mandatory for Brazil registration 3791797093
    account currency EUR
    [RFC3339] date of birth 1985-04-12T00:00:00.00Z
    number of the document for the registration 25321XXXX
    document type RUT
    account email test@test.com
    account first name Maxwel
    account gender male
    country, ISO, ex. UA UK
    county of account ip detection UK
    account language EN
    account last name M
    If account. login is not defined, then the value should be NULL 42183439
    account middle name Mixwel
    the project where deposit occured casino, sport, etc
    registration domain https://test.ua/
    affiliate label for account determination 17v99ba9
    partnerParams.SubId1
    partnerParams.SubId2
    partnerParams.SubId3
    partnerParams.SubId4
    partnerParams.SubId5
    account telephone +990000000000
    client test label on the account, that lead account to the app FALSE
    registration type of social network/email TRUE
    [RFC3339] the number of full days that have passed since the customer registered "2006-01-02T15:04:05Z07:00"
    ip address that is visible inside client requests on the partner app 185.00.00.00
    unique Device Fingerprint ID fetched from UI (FE) 88d3b405-3faa-44ee-b991-c3a12f10720d
    high level business segment attribute Brand1

    Log-in

    Before granting access to an existing account, the Digital Customer Platform can initiate a Scoring Request to the Frogo Scoring Engine to evaluate whether the login attempt exhibits any anomalous or suspicious behavior.

    POST https://{customer_domain}

    Field Name Data Type Field Description Example
    name of policy inside Frogo system login
    [RFC3339] date and time of event. "2006-01-02T15:04:05Z07:00"
    type of event for scoring login
    unique request ID 4218XXXX
    account email test@test.com
    country, ISO, ex. UA KZ
    If account. login is not defined, then the value should be NULL 42183439
    hashed client's password in case of success reset 498143cb989f2ac5f2ff120556661e83eeXXXXXX
    account telephone +990000000000
    client test label on the account, that lead account to the app FALSE
    status
    errResponse
    ip address that is visible inside client requests on the partner app 185.00.00.00
    unique Device Fingerprint ID fetched from UI (FE) 88d3b405-3faa-44ee-b991-c3a12f10720d
    high level business segment attribute Brand1

    Transaction

    Before approving or processing a financial transaction, the Digital Customer Platform can send a Scoring Request to the Frogo Scoring Engine to determine whether the transaction shows signs of potential fraud or abnormal activity.

    POST https://{customer_domain}

    Field Name Data Type Field Description Example
    name of policy inside Frogo system cashdesk
    [RFC3339] date and time of event. "2006-01-02T15:04:05Z07:00"
    type of event for scoring Deposit / withdrawal
    unique request ID 4218XXXX
    account city residence Santa Maria
    account country residence BR
    account Post code 75240000
    account street residence Santa square
    tax number for Brazil. Mandatory for Brazil registration 3791797093
    account currency EUR
    [RFC3339] date of birth 1985-04-12T00:00:00.00Z
    account email test@test.com
    account first name Maxwel
    account gender male
    country, ISO, ex. UA UK
    account last name M
    If account. login is not defined, then the value should be NULL 42183439
    account middle name Mixwel
    account region UK
    affiliate label for account determination 17v99ba9
    partnerParams.SubId1
    partnerParams.SubId2
    partnerParams.SubId3
    partnerParams.SubId4
    partnerParams.SubId5
    account telephone +990000000000
    is the account certified TRUE
    status of email verification TRUE
    client test label on the account, that lead account to the app FALSE
    status of account verification TRUE
    status of phone verification TRUE
    [RFC3339] the number of full days that have passed since the customer registered for the product (YYYY.MM.DD) "2006-01-02T15:04:05Z07:00"
    card bin. The first six digits 440000
    hashed account of full card number
    phone number defined by an account inside deposit +990000000000
    Custom float fields
    Custom integer fields
    Custom string fields "2006-01-02T15:04:05Z07:00"
    ip address that is visible inside client requests on the partner app 185.81.81.199
    card owner
    chargeback
    [RFC3339] Payment created datetime "2006-01-02T15:04:05Z07:00"
    domain https://www.test.com
    external transaction identifier from payment aggregators 100003455525
    id tnx 344617396
    Internal payment identifier on cashdesk 694749986
    a message accompanying the payment with a detailed description of the current status Payment was successful
    payment method
    payment number 440000******1111
    hashed payment number d33fd8ba99247b9f5f21d66ff6bb3cf496ce0c3d55710a28ca0c60648d7a6662
    payment channel for the transaction channel1
    project where success deposits occur (casino/sport) casino
    payment status Success
    hashed value of the card, generated on TNX HUB, deposit only d33fd8ba99247b9f5f21d66ff6bb3cf496ce0c3d55710a28ca0c60648d7a6662
    The currency in which the payment was made eur
    [RFC3339] last update/finalization time of payment "2006-01-02T15:04:05Z07:00"
    transaction sum
    transaction sum in euro 323.48
    internal payment identifier on cashdesk
    amount of all success account deposits for all the time
    amount of all success withdrawal deposits for all the time
    unique Device Fingerprint ID fetched from UI (FE) 88d3b405-3faa-44ee-b991-c3a12f10720d
    high level business segment attribute Brand1

    Password reset

    Before allowing a user to reset their password, the Digital Customer Platform can send a Scoring Request to the Frogo Scoring Engine to determine whether the password reset attempt is legitimate or potentially fraudulent.

    POST https://{customer_domain}

    Field Name Data type Field Description Example
    name of policy inside Frogo system password_reset
    [RFC3339] date and time of event. "2006-01-02T15:04:05Z07:00"
    type of event for scoring password_reset
    unique request ID 4218XXXX
    account email test@test.com
    country, ISO, ex. UA UK
    If account. login is not defined, then the value should be NULL 42183439
    hashed client's password in case of success reset 498143cb989f2ac5f2ff120556661e83eeXXXXXX
    account telephone +990000000000
    client test label on the account, that lead account to the app FALSE
    ip address that is visible inside client requests on the partner app 185.00.00.00
    unique Device Fingerprint ID fetched from UI (FE) 88d3b405-3faa-44ee-b991-c3a12f10720d
    high level business segment attribute Brand1

    SMS

    Before confirming the delivery or validation of an SMS code, the Digital Customer Platform can send a Scoring Request to the Frogo Scoring Engine to assess whether the SMS interaction is part of any suspicious or automated activity.

    POST https://{customer_domain}

    Field Name Data type Field Description Example
    name of policy inside Frogo system sms
    [RFC3339] date and time of event. "2006-01-02T15:04:05Z07:00"
    type of event for scoring sms
    unique request ID 4218XXXX
    country, ISO, ex. UA UK
    account language EN
    If account. login is not defined, then the value should be NULL 42183439
    affiliate label for account determination 17v99ba9
    partnerParams.SubId1
    partnerParams.SubId2
    partnerParams.SubId3
    partnerParams.SubId4
    partnerParams.SubId5
    account telephone +990000000000
    client test label on the account, that lead account to the app FALSE
    status of account verification TRUE
    status of phone verification TRUE
    [RFC3339] the number of full days that have passed since the customer registered for the product (YYYY.MM.DD) "2006-01-02T15:04:05Z07:00"
    [RFC3339] date "2006-01-02T15:04:05Z07:00"
    id
    action
    recipient
    operator
    status
    riskResult / finResult Approved / Declined
    ip address that is visible inside client requests on the partner app 185.00.00.00
    unique Device Fingerprint ID fetched from UI (FE) 88d3b405-3faa-44ee-b991-c3a12f10720d
    high level business segment attribute Brand1

    Promocode

    Before applying or activating a promocode, the Digital Customer Platform can send a Scoring Request to the Frogo Scoring Engine to evaluate whether the promocode usage appears legitimate or potentially abusive.

    POST https://{customer_domain}

    Field Name Data type Field Description Example
    name of policy inside Frogo system promocode
    [RFC3339] date and time of event. "2006-01-02T15:04:05Z07:00"
    type of event for scoring promocode
    unique request ID 4218XXXX
    country, ISO, ex. UA UK
    If account. login is not defined, then the value should be NULL 42183439
    affiliate label for account determination 17v99ba9
    partnerParams.SubId1
    partnerParams.SubId2
    partnerParams.SubId3
    partnerParams.SubId4
    partnerParams.SubId5
    client test label on the account, that lead account to the app FALSE
    promocodeName
    promocodeID
    PromocodeActivatedType
    ip address that is visible inside client requests on the partner app 185.00.00.00
    unique Device Fingerprint ID fetched from UI (FE) 88d3b405-3faa-44ee-b991-c3a12f10720d
    high level business segment attribute Brand1

    Updating Scoring Transaction

    This functionality allows partners to append new data or revise attributes of a scoring event without initiating a completely new transaction. It ensures that the scoring record remains accurate, complete, and synchronized with the latest user or system information collected during the ongoing process.

    PATCH https://{customer_domain}

    Field Name Data Type Field Description
    Unique event id that was sent in Scoring Response to a digital platform
    [RFC3339] Time update
    update object
    a message accompanying the payment with a detailed description of the current status
    payment method
    payment number
    payment status
    update_bool object
    isChargeback
    isRefund
    update_num object
    transaction sum
    transaction sum in euro

    Setting Final Review Status

    This operation allows partners to record the final outcome of a transaction after a manual or automated review has been completed. It ensures that Frogo maintains a full audit trail between the system-generated scoring decision and the partner’s ultimate operational decision.

    PUT https://{customer_domain}/final-status/

    Field Name Data type Field Description
    “auto” OR “user_name”
    Review code
    Unique event id that was sent in Scoring Response to a digital platform
    Evidence of update: VIP, multiaccount,
    final review status
    [RFC 3339] date of status filled in

    Private Lists

    This feature enables an organization to securely create and manage a private list containing data transferred from a Digital Customer Platform. The transfer is executed via the REST API into the Frogo Solution, where the data becomes available for configuration and use in future scoring transactions.

    Key Capabilities

    • Private Data Repository. All transferred data is stored in a dedicated private list, accessible only within the organization’s Frogo environment. This ensures data confidentiality and prevents unauthorized access.
    • Integration with Policies. Attributes from the list can be directly referenced within policy definitions.These attributes can be used in triggers and variables, enabling automated reactions to predefined conditions (e.g., overall, alerts, notifications).

    REST API Connectivity

    The feature leverages standardized REST API endpoints, ensuring seamless integration between the Digital Platform and the Frogo Admin Panel without requiring manual data uploads.

    Usage Example

    Attributes from the list can be used inside triggers and variables with the following syntax:

    $fn:private_list("stream", $var:account.stream_id$)$

    where “stream” is a listID, and account.stream_id is a value

    Creating and Updating a private list

    This method is used to create a new private list or to add or remove attributes from an existing list previously created within the Frogo Admin Panel. For more details please use Swagger

    POST https://{customer_domain}/v1/lists/

    Request/ Response Parameter Data Type Description
    Request List id
    Request Value
    Response N/A N/A N/A

    Note!

    • A maximum of three list IDs is allowed per organization within the Frogo Admin Panel.
    • Each list can contain up to 1,000,000 attribute records.
    • The list_id must be 64 characters or fewer and may include the following characters: a–z, A–Z, 0–9.
    • To update an existing list, this method must be used with the previously created list_id that requires modification.
    Request example 
    {
  "list_id": "abc123AS",
  "operations": [
    {
      "action": "add",  
      "value": "4lrL4slL" //streamID
    },
    …
    {
      "action": "rem", 
      "value": "5Sr4DSs"//streamID
    }
  ]
}

//Use: 
// "action": "add"  to add a new //value
// "action": "rem"  to remove //value
    200 Success response

    Checking a value in the list

    This method is used to verify whether a specific value exists within a previously created private list.

    It allows the Digital Customer Platform to perform quick lookups and validate data against stored attributes without retrieving the entire list. For more details please use Swagger

    GET https://{customer_domain}/v1/lists/exist/{id}/{value}

    Request/ Response Parameter Data Type Description
    Request List id.
    Path parameter
    Request Value.
    Path parameter
    Response N/A N/A N/A
    Response example 
    200 Success response
{
  "data": {
    "exist": true
  },
  "error": {
    "code": 0,
    "message": "string"
  },
  "ok": true,
  "pagination": {
    "page": 0,
    "pages": 0,
    "per_page": 0,
    "total": 0
  }
}

    Getting a list statistics

    This method is used to retrieve statistical data about all private lists created within the Frogo Solution for a specific organization. For more details please use Swagger.

    GET https://{customer_domain}/v1/lists/statistics

    Request/Response Parameter Data Type Description
    Request N/A N/A N/A
    Response Statistics array of objects. Might contain multiple objects (up to three lists per organization).
    Response Number of added values in the list
    Response (1000000-added_values_count) number of values that might be added
    Response example 
    200 Success response
{
  "data": {
    "lists_data": [
      {
        "added_values_count": 500000,
        "available_values_to_add":500000,
        "list_id": "abc123AS"
      }
    ],
    "max_lists_count": 0,
    "max_values_per_list": 0
  },
  "error": {
    "code": 0,
    "message": "string"
  },
  "ok": true,
  "pagination": {
    "page": 0,
    "pages": 0,
    "per_page": 0,
    "total": 0
  }
}

    Deleting of a private list

    This method is used to permanently delete a private list from the Frogo Solution using its unique list id. For more details please use Swagger.

    DELETE https://{customer_domain}/v1/lists/{id}

    Request/Response Parameter Data Type Description
    Request List ID.
    Path parameter
    Response N/A N/A N/A
    Response example 
    200 Success response
{
  "data": {
    "exist": true
  },
  "error": {
    "code": 0,
    "message": "string"
  },
  "ok": true,
  "pagination": {
    "page": 0,
    "pages": 0,
    "per_page": 0,
    "total": 0
  }
}

    Frogo Tokenizer

    Frogo Tokenizer is a PCI DSS ver 4.0.1–compliant security service designed to protect sensitive payment card data by converting raw Primary Account Numbers (PAN) into secure, non-reversible cryptographic tokens.

    When a card number is received, Frogo Tokenizer applies a keyed cryptographic hashing mechanism (HMAC-SHA-256), where a secret cryptographic key is used as part of the transformation process. This ensures that:

    • the resulting token cannot be reversed back to the original PAN,
    • the token cannot be brute-forced or reconstructed using rainbow tables or dictionary attacks,
    • and the original card number is never stored, logged, or transmitted outside of the secure tokenization boundary.

    The use of HMAC-SHA-256, rather than plain hashing, guarantees that even if the hashing algorithm is known, the absence of the secret key makes it computationally infeasible to derive or guess the original card number. This design fully satisfies PCI DSS requirements for rendering PAN unreadable and allows Frogo to process payment-related events without exposing regulated cardholder data.
    For more details please use Swagger.

    POST ct.frogo.info/hash/?ak={token}

    Request/Response Parameter Data Type Description
    Request Original PAN
    Response PAN hashed value
    Request example 
    {
  "card_number": "5555555555554444"
}
    Response example 
    200 Success response
{
  "data": {
    "token": "string"
  },
  "error": {
    "code": 0,
    "message": "string"
  },
  "ok": true
}
    Privacy Policy