> ## Documentation Index
> Fetch the complete documentation index at: https://docs.lerian.studio/llms.txt
> Use this file to discover all available pages before exploring further.

# Create fraud marker

> Persists a minimized fraud marker locally after hashing PII inputs for storage, and submits the corresponding BACEN fraud-marker report synchronously-after-persist, tracked by report_status (PENDING/SENT/FAILED) + request_id.



## OpenAPI

````yaml en/openapi/v3-current/spi-dict.yaml post /api/v1/dict/fraud-markers
openapi: 3.1.0
info:
  contact:
    email: contact@lerian.studio
    name: Lerian Studio
    url: https://lerian.studio
  description: >-
    OpenAPI 3.1 surface for the DICT (Diretório de Identificadores de Contas
    Transacionais) capability of Lerian SPI, the direct integration between the
    institution and the Brazilian Instant Payment System (SPI/Pix). It covers
    the PIX key lifecycle, portability and ownership claims, infraction reports,
    refunds, fraud markers, synchronous DICT reports, and the internal
    reconciliation and provisioning operations that keep the key directory
    consistent.
  license:
    name: Lerian Studio General License
  title: Lerian SPI — DICT API
  version: 1.0.0
servers:
  - url: https://spi.sandbox.lerian.net
security: []
tags:
  - description: 'PIX key lifecycle: register, list, search, lookup, delete, and statistics.'
    name: Keys
  - description: >-
      PIX key portability and ownership claims through their full lifecycle
      (initiate, confirm, reject, cancel, acknowledge, complete).
    name: Claims
  - description: 'DICT infraction reports: create, list, and retrieve.'
    name: Infractions
  - description: 'DICT refund requests: create, list, and retrieve.'
    name: Refunds
  - description: 'PIX fraud markers: create, list, and statistics.'
    name: Fraud Markers
  - description: >-
      Synchronous reports over Lerian SPI's own DICT record: COUNT(*) summaries
      of keys (by type/status) and claims (by type/status + open-past-deadline).
      COUNT-only — DICT holds no money.
    name: Reports
  - description: >-
      Internal DICT operations: reconciliation runs, participant ISPB
      provisioning, claim deadline processing, and orphaned-key cleanup.
    name: Internal
paths:
  /api/v1/dict/fraud-markers:
    post:
      tags:
        - Fraud Markers
      summary: Create fraud marker
      description: >-
        Persists a minimized fraud marker locally after hashing PII inputs for
        storage, and submits the corresponding BACEN fraud-marker report
        synchronously-after-persist, tracked by report_status
        (PENDING/SENT/FAILED) + request_id.
      operationId: createFraudMarker
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/CreateFraudMarkerRequest'
              description: >-
                Fraud marker to persist locally and report to BACEN
                synchronously-after-persist, tracked by report_status
                (PENDING/SENT/FAILED) + request_id; PII inputs (key value, owner
                tax ID) are hashed before storage
        required: true
      responses:
        '201':
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/FraudMarkerResponse'
                description: Persisted minimized fraud marker (PII stored only as hashes)
          description: Created
        default:
          content:
            application/problem+json:
              schema:
                $ref: '#/components/schemas/Detail'
          description: Error
      security:
        - BearerAuth: []
components:
  schemas:
    CreateFraudMarkerRequest:
      additionalProperties: false
      properties:
        keyValue:
          description: >-
            Plaintext PIX key value to mark; stored only as an HMAC hash, never
            in the clear
          examples:
            - usuario@example.com
          type: string
        ownerTaxId:
          description: >-
            Optional plaintext owner tax ID (CPF/CNPJ); stored only as an HMAC
            hash, never in the clear
          examples:
            - '12345678901'
          type: string
        participantISPB:
          description: ISPB (8 numeric digits) of the participant raising the fraud marker
          examples:
            - '12345678'
          type: string
        reason:
          description: Free-text justification for the fraud marker
          type: string
      required:
        - keyValue
        - ownerTaxId
        - participantISPB
        - reason
      type: object
    FraudMarkerResponse:
      additionalProperties: false
      properties:
        createdAt:
          description: Record creation timestamp (RFC 3339, UTC)
          examples:
            - '2026-06-14T12:00:00Z'
          type: string
        id:
          description: Server-assigned fraud-marker record UUID
          examples:
            - 550e8400-e29b-41d4-a716-446655440002
          type: string
        keyValueHash:
          description: >-
            HMAC hash of the marked PIX key value (hex); the plaintext key is
            never returned
          examples:
            - e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
          type: string
        ownerTaxIdHash:
          description: >-
            HMAC hash of the owner tax ID (hex); omitted when no tax ID was
            supplied
          examples:
            - e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
          type: string
        participantISPB:
          description: >-
            ISPB (8 numeric digits) of the participant that raised the fraud
            marker
          examples:
            - '12345678'
          type: string
        reason:
          description: Free-text justification for the fraud marker
          type: string
        reportStatus:
          description: >-
            BACEN report delivery state: PENDING, SENT, or FAILED (FAILED is
            retryable; the local record stands)
          examples:
            - SENT
          type: string
        status:
          description: >-
            Local fraud-marker state: ACTIVE (counts toward fraud stats) or
            INACTIVE (retained for audit only)
          examples:
            - ACTIVE
          type: string
        updatedAt:
          description: Last update timestamp (RFC 3339, UTC)
          examples:
            - '2026-06-14T12:00:00Z'
          type: string
      required:
        - id
        - keyValueHash
        - participantISPB
        - reason
        - status
        - reportStatus
        - createdAt
        - updatedAt
      type: object
    Detail:
      additionalProperties: false
      properties:
        code:
          description: >-
            Stable, machine-readable domain error code scoped to the emitting
            service (format: <SERVICE>-NNNN).
          examples:
            - ERR-0001
          type: string
        detail:
          description: >-
            A human-readable explanation specific to this occurrence of the
            problem.
          examples:
            - Property foo is required but is missing.
          type: string
        errors:
          description: Optional list of individual error details
          items:
            $ref: '#/components/schemas/ErrorDetail'
          type:
            - array
            - 'null'
        instance:
          description: >-
            A URI reference that identifies the specific occurrence of the
            problem.
          examples:
            - https://example.com/error-log/abc123
          format: uri
          type: string
        status:
          description: HTTP status code
          examples:
            - 400
          format: int64
          type: integer
        title:
          description: >-
            A short, human-readable summary of the problem type. This value
            should not change between occurrences of the error.
          examples:
            - Bad Request
          type: string
        type:
          default: about:blank
          description: A URI reference to human-readable documentation for the error.
          examples:
            - https://example.com/errors/example
          format: uri
          type: string
      type: object
    ErrorDetail:
      additionalProperties: false
      properties:
        location:
          description: >-
            Where the error occurred, e.g. 'body.items[3].tags' or
            'path.thing-id'
          type: string
        message:
          description: Error message text
          type: string
        value:
          description: The value at the given location
      type: object
  securitySchemes:
    BearerAuth:
      bearerFormat: JWT
      description: JWT bearer token issued by the identity provider.
      scheme: bearer
      type: http

````