This is a guide for an integration to help SaaS businesses combat account takeover, fake accounts, payment abuse, or promotion program abuse.

Sending Data to Sift

Send User Activity
Send Key User Events
User creates an account
  • If users can create accounts, send a $create_account event.
  • If users can update their account information outside of the checkout flow, send an $update_account event.
  • If users can remit money anonymously, follow our tutorial.

Whenever a user attempts to log in to their account, send a record of that to Sift. Send both successful and failed logins. Also, send a logout event whenever a user actively chooses to logout.

NOTE: You must send the Session ID with the login event for ATO to work properly.


In response to a risky login, you’ll likely want to verify whether the user is who they say they are. If your login flow contains a verification step, sending this information to Sift is very useful as it gives additional feedback to our systems.

User buys a service or goods
  • When a user places an order, send a $create_order event. Fill in as many $items fields as you can and send custom fields to capture differences between users and orders such as:
    • 'Is_first_time_buyer' : true (prior to this purchase, the user has reviewed 4 items)
    • 'source_of_order' : 'web'
    • 'location_of_user' : 'US EAST'
    • 'account_age' : '3 days'
    • 'Type_of_subscription' : 'monthly'
You Interact with a Payment Gateway
  • Send a $transaction event for each payment gateway interaction, as well as each other payment method accepted for the order (e.g. gift card).
  • When a payment gateway informs you of a chargeback, send a fraud label.
  • Please include any information sent from your payment gateway within the payment method nested object
Custom Fields

Add custom fields to capture differences between users (think about the form fields users submit, as well data about the user's account and the item, service, or content). The more data points you provide, the better we can differentiate between good and fraudulent users.

Send Business Decisions

Whenever your automated systems or analysts take action, send those actions into Sift as Decision events. Actions range from positive (eg Approve Order), to neutral (Flag Account), to negative (Ban User). The key thing is that you should send all Actions you take to Sift, not just your negative actions.

Set up your Business Decisions

In order to send Decision events you'll first have to create the specific Decisions your business takes in the Sift Console. While we start all accounts out with a few generic Decisions, Decisions are fully customizable so you can create a Decision for every action that your business takes. Some examples of Decisions are:

  • Ban Account (Block Category Decision)
  • Cancel Order (Block Category Decision)
  • Flag for Additional Review (Watch Category Decision)
  • Approve User (Accept Category Decision)

See the Decisions tutorial for more context.

During your integration, you should send the Decisions that your business is currently making through any internal fraud engines or Manual Review processes to the Sift Decisions API. If you currently do not have in-house fraud logic or a manual review process, work with Sift to setup your initial Workflows within Sift's platform.

Get Started with Sift Scores

When you are initially integrating with Sift, your scores will be based on whatever data you’ve sent us. So if it is a brand new integration with no backfilled data, Sift will need a week or two of data to learn your unique fraud patterns. One of the key strengths of the Sift platform is that it consistently learns as you send more and more data to it. You should see a substantial increase in accuracy of your scores during these first weeks as you send more Decisions and User Events.

During this stage, you should be assessing your Sift Scores in the Sift Console and determining which actions you want to take for different score ranges. Since all businesses are different, finding your unique score thresholds that achieve your business goals is key.

To reduce the amount of time required in this initial learning phase, you can send a historical backfill so that Sift can learn about your user's fraud patterns.

Build Your Business Logic With Sift Scores

Now that you sending both user events and business decisions to Sift, you’re ready to start using Sift Scores in your business logic. At this point, you’ll have an understanding how scores correlate to different levels of risk. Based on the user’s risk score, you’ll set up different outcomes within your application (eg users with low score are automatically approved).

To build this logic, you'll want to evaluate a user's Sift Score at the key events where bad users can hurt your business or good users can have a more frictionless experience. You’ll likely be making this check at $create_order.

The two ways to use Sift Scores:

  • Create a Sift Workflow: Sift Workflows give you a powerful way to automate your Decisions without having to write business logic on your side. Workflows let you set up rules that gets evaluated whenever specified events occur. These rules enable you to route users to different outcomes based on Sift Score and other attributes of the user and transaction (eg User is from Canada, Order is greater than $500, and Sift Score is greater than 80). With Sift Workflows, you also get Sift Review Queues for fast, easy investigation so you won’t have to build your own queues. To learn more, see our Workflows documentation.
  • Build application logic in your system: You can synchronously request the Sift score of a user with any event you send to Sift. This score will take into consideration all data you’ve sent to Sift including the event you just sent. Sift Scores should only be requested at the key events where fraud or abuse occurs (eg ask for score when sending a Create Order event) To learn more, see our API documentation

Any questions? We're happy to talk it through.