Skip to main content
This guide explains how to integrate external systems with Tracer, including the payload requirements, integration flow, and best practices for achieving optimal performance.

Integration overview

Tracer is designed to be called by authorization systems (payment gateways, workflow orchestrators, or transaction processors) that need real-time validation decisions. The integration follows a simple request-response pattern:
Key principle: Tracer does not fetch external data during validation. Your system is responsible for providing all context needed for rule evaluation.

Payload-Complete Pattern

Tracer uses the Payload-Complete Pattern, which means all context required for validation must be included in the request. This design ensures:
BenefitDescription
Predictable latencyNo external calls during validation; response time stays under 80ms
SimplicitySingle request contains everything needed for decision
ReliabilityNo dependency on external services during validation
FlexibilityYour system controls data freshness and enrichment logic

Your responsibilities

As the integrating system, you are responsible for:
  1. Enriching the payload with account, segment, portfolio, and merchant data before calling Tracer
  2. Providing accurate context for rule and limit evaluation—Tracer cannot fetch missing data
  3. Handling the decision (ALLOW, DENY, or REVIEW) appropriately in your workflow
  4. Implementing retry logic if Tracer is temporarily unavailable
  5. Managing review workflows when Tracer returns REVIEW—Tracer does not include case management
Tracer validates what you send. If your payload is missing context (e.g., account status, segment membership), rules that depend on that data cannot evaluate correctly. Always ensure payloads are complete before submission.

Tracer’s responsibilities

Tracer is responsible for:
  1. Evaluating rules against the provided context
  2. Checking limits against current usage
  3. Recording audit trail for compliance
  4. Returning decision with detailed information

Integration flow

Follow these steps to integrate your system with Tracer.

Step 1: Prepare the transaction context

Before calling Tracer, gather all relevant data from your systems:

Step 2: Call Tracer API

Send a POST request to /v1/validations with the complete transaction context including:
  • Transaction details (type, subType, amount, currency, timestamp)
  • Account information (required)
  • Optional: segment, portfolio, merchant, and custom metadata
For complete payload structure and field details, see the API reference.

Step 3: Handle the response

Process the decision returned by Tracer:
DecisionAction
ALLOWProceed with the transaction
DENYReject the transaction; show reason to user if appropriate
REVIEWQueue for manual review in your review system
The response includes the validationId for audit trail correlation, details about which rules matched, and current limit usage information.

Using metadata

Metadata allows you to pass custom fields that your rules can evaluate. Use this for context like channel, device information, customer tier, or any business-specific attributes.
Metadata keys must be alphanumeric with underscores only, maximum 64 characters. Maximum 50 entries per request.

Performance considerations

Optimize your integration for low latency and high reliability.

Timeout budget

Tracer is designed to respond in under 80ms (p99). Configure your client timeout accordingly:
ConfigurationRecommended value
Client timeout100ms
Connection timeout50ms
Read timeout100ms

Retry strategy

Implement retry logic for transient failures: 
On 5xx error or timeout:
  - Wait 10ms
  - Retry once
  - If still failing, apply fallback policy
Do not retry on 4xx errors—these indicate invalid requests that will fail again.

Fallback behavior

Decide what happens when Tracer is unavailable:
StrategyWhen to use
Fail-openAllow transaction if Tracer is down (prioritize availability)
Fail-closedDeny transaction if Tracer is down (prioritize security)
Queue for reviewQueue transaction for manual review
Your choice depends on your risk tolerance and business requirements.

Data freshness

Since you control the payload enrichment, data freshness is your responsibility. Tracer trusts the data you provide and cannot detect stale information.
Data typeFreshness recommendationRisk if stale
Account statusReal-time or near real-timeTransactions on suspended accounts may be allowed
Segment membershipCan be cached (changes infrequently)Wrong limits or rules may apply
Portfolio assignmentCan be cached (changes infrequently)Incorrect scope matching
Merchant dataCan be cached with periodic refreshRisk rules may not trigger correctly
Stale data leads to incorrect decisions. If an account was suspended but your cache shows it as active, Tracer will allow transactions that should be denied. Your enrichment layer is the source of truth for Tracer.

Date and time format

All datetime fields must use RFC3339 format with mandatory timezone: Valid formats: 
2026-01-30T10:30:00Z           (UTC)
2026-01-30T10:30:00-03:00      (São Paulo timezone)
2026-01-30T00:00:00+00:00      (UTC explicit)
Invalid formats: 
2026-01-30                     (date only - rejected)
2026-01-30T10:30:00            (missing timezone - rejected)

Integration checklist

Before going to production, verify:
  • API Key is configured and secured
  • Client timeout is set to 100ms
  • Retry logic is implemented for 5xx errors
  • Fallback behavior is defined
  • All required fields are populated
  • Timestamps use RFC3339 format with timezone
  • Currency codes are uppercase ISO 4217
  • Decision handling is implemented (ALLOW/DENY/REVIEW)
  • Validation IDs are logged for audit trail correlation

Example integration (pseudocode)

def validate_transaction(transaction):
    # Step 1: Enrich payload
    payload = {
        "requestId": generate_uuid(),
        "transactionType": transaction.type,
        "amount": transaction.amount,
        "currency": transaction.currency.upper(),
        "timestamp": now_rfc3339(),
        "account": get_account_context(transaction.account_id),
        "segment": get_segment_context(transaction.segment_id),
        "merchant": get_merchant_context(transaction.merchant_id),
        "metadata": transaction.custom_fields
    }

    # Step 2: Call Tracer
    try:
        response = http_post(
            url="https://tracer.example.com/v1/validations",
            headers={"X-API-Key": API_KEY},
            json=payload,
            timeout_ms=100
        )
    except Timeout:
        return apply_fallback_policy()
    except ServerError:
        return retry_once_or_fallback()

    # Step 3: Handle decision
    if response.decision == "ALLOW":
        return proceed_with_transaction()
    elif response.decision == "DENY":
        return reject_transaction(response.reason)
    elif response.decision == "REVIEW":
        return queue_for_manual_review(response.validationId)

Next steps