Skip to main content
The Tracer rules engine lets you build powerful validation logic without writing code. Using CEL (Common Expression Language)—a type-safe expression language developed by Google—you can create sophisticated rules that evaluate in under 1ms, automate complex business decisions, and adapt quickly to new requirements.

Why use the rules engine

  • Flexibility: Create and modify rules without code deploys
  • Performance: Compiled expressions evaluate in under 1ms each
  • Type safety: Expression syntax validated at rule creation
  • Complete evaluation: All active rules evaluated for comprehensive audit trail
  • Scope-based: Apply rules to specific segments, accounts, or transaction types
By the end of this guide, you will:
  • Understand rule engine concepts and evaluation flow
  • Create and test expression-based rules
  • Manage the rule lifecycle (DRAFT, ACTIVE, INACTIVE, DELETED)
  • Apply best practices for rule management

What is the rules engine

The rules engine is the Tracer component responsible for evaluating expressions during transaction validation. It enables fraud analysts and risk managers to configure business logic that executes in real time—without requiring code deployments or engineering support.

How it works

In this flow:
  • Load rules fetches all active rules from cache (or database on cache miss)
  • Evaluate expressions runs all CEL expressions against the transaction context
  • Collect matches gathers all rules that matched and determines the decision

Evaluation pattern

All active rules are evaluated against every transaction. There is no priority ordering or short-circuit evaluation. This ensures:
  • Complete audit trail (all matching rules recorded)
  • No information loss (analysts can see all triggers)
  • Simple logic (no priority conflicts)
Decision precedence:
  • If any DENY rule matches, Tracer returns a DENY decision
  • If only ALLOW rules match, Tracer returns an ALLOW decision
  • If no rules match, Tracer returns the configured default (typically ALLOW for fail-open behavior)
Tracer returns decisions; it does not block transactions directly. Your system receives the decision and is responsible for taking the appropriate action (e.g., blocking, allowing, or queuing for review).

Core concepts

Before creating rules, understand the foundational elements.

Rules

A rule is a unit of business logic composed of:
  • Expression - A type-safe expression that evaluates to true or false
  • Action - What decision to return when the expression is true
  • Scopes - Which transactions the rule applies to
  • Status - The rule’s lifecycle state

Expressions

Expressions are written in CEL (Common Expression Language), a type-safe language that evaluates transaction context and returns a boolean value (true or false). CEL provides compile-time validation, so syntax errors are caught when you create the rule—not when transactions are being processed. Example expressions: 
amount > 10000

account.segmentId == "high-risk-segment" && amount > 5000

merchant.category == "gambling"
Expressions have access to the full validation request context including:
  • amount - Transaction amount in cents (smallest currency unit)
  • transactionType - CARD, WIRE, PIX, CRYPTO
  • subType - Transaction subtype (e.g., debit, credit, international)
  • currency - ISO 4217 currency code
  • transactionTimestamp - When the transaction occurred
  • account - AccountId, segmentId, portfolioId
  • segment - SegmentId and segment metadata
  • portfolio - PortfolioId and portfolio metadata
  • merchant - MerchantId, category, country, riskLevel (optional)
  • metadata - Custom fields passed in the request

Expression examples by use case

Here are practical examples organized by business scenario:

Amount-based rules

// Block transactions above a threshold
amount > 10000

// Block high-value international transfers
transactionType == "WIRE" && subType == "international" && amount > 50000

// Review large cryptocurrency transactions
transactionType == "CRYPTO" && amount > 5000

Merchant-based rules

// Block gambling merchants
merchant.category == "7995"

// Block high-risk merchant categories
merchant.category in ["7995", "5967", "5966"]

// Review transactions from new merchant countries
merchant.country != "BR" && amount > 1000

Account-based rules

// Block suspended accounts
account.status == "suspended"

// Review transactions from newly created accounts
metadata.accountAgeDays < 30 && amount > 500

// Block closed accounts
account.status == "closed"

Combined conditions

// High-value transaction from high-risk segment
account.segmentId == "high-risk-segment-uuid" && amount > 5000

// International PIX above threshold
transactionType == "PIX" && subType == "international" && amount > 10000

// Large card transaction to foreign merchant
transactionType == "CARD" && merchant.country != "BR" && amount > 3000

Using metadata

// Block transactions from untrusted devices
metadata.deviceTrust == "untrusted"

// Review first-time purchases above threshold
metadata.isFirstPurchase == true && amount > 1000

// Block transactions outside business hours (using metadata)
metadata.isBusinessHours == false && amount > 5000

// VIP customers bypass certain restrictions
metadata.customerTier == "vip" && amount < 50000
Metadata fields are provided by your integration. Design your payload to include the context your rules need.

Actions

Actions determine the decision when an expression evaluates to true:
ActionDescription
ALLOWAllow the transaction
DENYDeny the transaction
REVIEWRoute to manual review

Scopes

Scopes define which transactions a rule applies to. A rule only evaluates against transactions that match at least one of its scopes. Scope fields (all optional):
  • segmentId - Match transactions from a specific segment
  • portfolioId - Match transactions from a specific portfolio
  • accountId - Match transactions from a specific account
  • merchantId - Match transactions to a specific merchant
  • transactionType - Match specific transaction types (CARD, WIRE, PIX, CRYPTO)
  • subType - Match specific subtypes (debit, credit, instant, etc.)
If a scope field is not specified, it matches any value for that field.

Rule lifecycle

Rules progress through a defined lifecycle to ensure safe deployment.

States

StateDescription
DRAFTNot evaluated; expression can be modified freely
ACTIVEEvaluated during validations; expression is immutable
INACTIVENot evaluated; preserved for audit trail; can be reactivated
DELETEDPermanently removed; does not appear in listings; cannot be recovered

Transitions

TransitionFromToDescription
activateDRAFT, INACTIVEACTIVEStart evaluation (validates expression)
deactivateACTIVEINACTIVEStop evaluation
deleteDRAFT, INACTIVEDELETEDPermanent removal (cannot delete ACTIVE rules)
Active rules must be deactivated before deletion. This prevents accidental removal of rules that are currently being evaluated.

Create a rule

Create rules using POST /v1/rules. Rules are created in DRAFT status by default. A rule requires:
  • name: A unique, descriptive name
  • expression: A CEL expression that evaluates to true or false
  • action: The decision to return when the expression matches (ALLOW, DENY, or REVIEW)
  • scopes (optional): Limit which transactions the rule applies to
For complete payload structure and field details, see the API reference.

Activate and deactivate rules

After creating a rule, activate it to start evaluation. Deactivate rules to stop evaluation without deleting them.
OperationEndpointDescription
ActivatePOST /v1/rules/{ruleId}/activateStart evaluating this rule
DeactivatePOST /v1/rules/{ruleId}/deactivateStop evaluating (preserves for audit)
Deactivating a rule preserves it for audit purposes. Use delete only when you want to permanently remove a rule.

List and query rules

Query rules for management and auditing using GET /v1/rules.

Query parameters

ParameterTypeDescription
statusstringFilter by status (DRAFT, ACTIVE, INACTIVE)
pageSizeintegerItems per page (default: 100, max: 1000)
pageTokenstringPagination token

Get a specific rule

Use GET /v1/rules/{ruleId} to retrieve the full rule definition including expression and scopes.

Update a rule

Update rules using PATCH /v1/rules/{ruleId}. Rules can be updated in any status, with one important restriction:
The expression field cannot be updated while a rule is ACTIVE. Deactivate the rule first to modify its expression.

Delete a rule

Delete rules that are no longer needed. Only DRAFT and INACTIVE rules can be deleted. ACTIVE rules must be deactivated first. 
DELETE /v1/rules/{ruleId}
X-API-Key: {api_key}
Deletion is permanent. Deleted rules cannot be recovered and do not appear in any listings.

Best practices

Follow these practices for effective, maintainable rules.

Naming

  • Use descriptive names - The name should clearly state what the rule does
  • Include context - Mention the scenario or transaction type
  • Avoid abbreviations - Prefer clarity over brevity
Less clearMore clear
Rule 1Block night transactions above BRL 5,000
Block highDeny high-value weekend transactions
PIX ruleReview PIX transfers to new recipients

Expression design

  • Keep expressions simple - Complex logic is harder to maintain
  • Use scopes for filtering - Don’t repeat scope conditions in expressions
  • Test edge cases - Consider boundary values and null fields

Lifecycle management

  • Start in DRAFT - Test before activating
  • Deactivate before editing - Never edit active rules
  • Archive unused rules - Keep audit trail intact
  • Delete only when certain - Deletion is permanent

Monitoring

  • Review matched rules - Check which rules are triggering
  • Monitor DENY rates - High deny rates may indicate overly aggressive rules
  • Audit regularly - Ensure rules still align with business requirements

Quick reference

Key endpoints, actions, and status information.

Endpoints

OperationMethodEndpoint
Create rulePOST/v1/rules
List rulesGET/v1/rules
Get ruleGET/v1/rules/{id}
Update rulePATCH/v1/rules/{id}
Delete ruleDELETE/v1/rules/{id}
Activate rulePOST/v1/rules/{id}/activate
Deactivate rulePOST/v1/rules/{id}/deactivate

Actions

ActionDescription
ALLOWAllow the transaction
DENYDeny the transaction
REVIEWRoute to manual review

Statuses

StatusEvaluatedEditableCan delete
DRAFTNoYesYes
ACTIVEYesPartial (expression immutable)No (deactivate first)
INACTIVENoYesYes
DELETEDNoNoN/A