Fraud

GET/zones/{zone_id}/fraud_detection/settings

PUT/zones/{zone_id}/fraud_detection/settings

FraudSettings object { authentication_settings, user_profiles, username_expressions }

authentication_settings: optional object { failure_criteria, success_criteria }

Configuration for classifying login authentication outcomes based on the origin response. Requires user_profiles to be enabled.

Success and failure criteria are independently updatable — sending only success_criteria leaves failure codes untouched, and vice versa.
Omit authentication_settings entirely to leave both unchanged.
Status codes must not overlap between success and failure criteria.

failure_criteria: optional object { kind, status_codes }

Criterion for identifying failed login responses.

kind: "status_code"

The type of criterion. Currently only status_code is supported.

status_codes: optional array of number

HTTP status codes to match against the origin response.

success_criteria: optional object { kind, status_codes }

Criterion for identifying successful login responses.

kind: "status_code"

The type of criterion. Currently only status_code is supported.

status_codes: optional array of number

HTTP status codes to match against the origin response.

user_profiles: optional "enabled" or "disabled"

Whether Fraud User Profiles is enabled for the zone.

One of the following:

"enabled"

"disabled"

username_expressions: optional array of string

List of expressions to detect usernames in write HTTP requests.

Maximum of 10 expressions.
Omit or set to null to leave unchanged on update.
Provide an empty array [] to clear all expressions on update.
Invalid expressions will result in a 10400 Bad Request with details in the messages array.