Response rules object
The rules object contains an array of rules that the event matched. It's always available in the result, but empty if there are no matches.
Each item within rules describes a rule that the event matched. The type is either smart (smart rule), custom (custom rule), or allowlist (IP or email found on allowlist).
You can use the ID to check for a particular rule match in your application. The IDs for custom rules are shown in the UI, and you'll find the IDs for smart rules in our guide.
Examples
No rule matches:
{
...,
"rules": [],
...
}
With matches:
{
...,
"rules": [
{
"id": "anonymous",
"type": "smart",
"name": "Anonymous browsing",
"action": "block"
},
{
"id": "pMn1a74bhu2OpMn1d4be9",
"type": "custom",
"name": "Problem email domain",
"action": "block"
},
...
],
...
}
Properties
| Property | Description | Type |
|---|---|---|
| id | The ID for the rule. You'll find the ID for custom rules in the UI, and IDs for smart rules in the smart rules guide. Allowlist rules always have the ID allowlist. | string |
| type | Either smart for smart rule, custom for a custom rule, or allowlist for an allowlist match. | string |
| name | A human-readable description of the rule. For custom rules, this is the name provided when setting up the rule. | string |
| action | The action for the rule. Either allow, allow_review, block, block_review, or review. | string |
note
The id is fixed and won't change over time, but the name is not. If you are programmatically filtering through the risks array, use the id property and not the name.