Skip to main content
Orchestration Rules let you define conditional logic that automatically evaluates verification data and triggers actions — approve, decline, escalate, or route sessions — without writing backend code.

How It Works

1

Define conditions

Create rules using conditions that evaluate session data: risk scores, document types, country of origin, AML results, and more.
2

Set actions

Assign actions that fire when conditions are met: approve, decline, flag for review, send a webhook, or trigger a follow-up step.
3

Prioritize rules

Rules are evaluated in priority order. The first matching rule’s action is applied. If no rules match, the default action is used.
4

Monitor outcomes

View rule execution logs in the dashboard to understand which rules fired and why.

Creating a Rule

Create rules via the API or in Dashboard > Orchestration > Rules. 
POST /v1/orchestration/rules
{
  "name": "Block high-risk countries",
  "description": "Decline sessions from sanctioned jurisdictions",
  "priority": 10,
  "enabled": true,
  "conditions": [
    {
      "field": "document.issuing_country",
      "operator": "in",
      "value": ["KP", "IR", "SY", "CU"]
    }
  ],
  "action": {
    "type": "decline",
    "reason": "Sanctioned jurisdiction"
  }
}

Conditions

Each condition evaluates a field against a value using an operator.
FieldTypeDescription
fieldstringThe data field to evaluate (dot notation)
operatorstringComparison operator
valuemixedThe value to compare against

Available Fields

Field PathTypeDescription
risk_scoreintegerOverall session risk score (0-100)
document.typestringDocument type: passport, id_card, drivers_license
document.issuing_countrystringISO 3166-1 alpha-2 country code
aml.statusstringAML result: clear, match, pending
aml.highest_scorenumberHighest AML match score (0-1)
liveness.scorenumberLiveness score (0-100)
device.risk_scoreintegerDevice fingerprint risk score (0-100)
device.fraud_signalsarrayDetected fraud signals
person.ageintegerCalculated age from date of birth
person.nationalitystringNationality ISO code

Operators

OperatorDescriptionExample
eqEquals"operator": "eq", "value": "passport"
neqNot equals"operator": "neq", "value": "clear"
gtGreater than"operator": "gt", "value": 75
gteGreater than or equal"operator": "gte", "value": 18
ltLess than"operator": "lt", "value": 50
lteLess than or equal"operator": "lte", "value": 30
inValue in list"operator": "in", "value": ["US", "GB"]
not_inValue not in list"operator": "not_in", "value": ["KP", "IR"]
containsArray contains value"operator": "contains", "value": "bot"
existsField exists"operator": "exists", "value": true

Combining Conditions

Multiple conditions within a rule are combined with AND logic. All conditions must be true for the rule to match. 
{
  "conditions": [
    { "field": "risk_score", "operator": "gt", "value": 70 },
    { "field": "aml.status", "operator": "eq", "value": "match" }
  ]
}

Actions

Action TypeDescription
approveAutomatically approve the session
declineAutomatically decline the session
reviewFlag the session for manual review
escalateAssign to a specific reviewer or team
webhookSend a custom webhook notification
stepTrigger an additional verification step

Action Examples

Escalate to compliance team
{
  "action": {
    "type": "escalate",
    "assign_to": "compliance-team",
    "reason": "High AML match score requires manual review"
  }
}
Trigger additional step
{
  "action": {
    "type": "step",
    "step": "video_kyc",
    "reason": "Document from high-risk country requires video verification"
  }
}

Rule Templates

Verilock provides built-in templates for common use cases:
TemplateDescription
high_risk_countryDecline or escalate sessions from high-risk jurisdictions
age_restrictionEnforce minimum age requirements
aml_auto_declineAuto-decline sessions with strong AML matches
device_fraudBlock sessions with critical device fraud signals
low_risk_auto_approveAuto-approve low-risk sessions that pass all checks
Apply a template: 
POST /v1/orchestration/rules/from-template
{
  "template": "aml_auto_decline",
  "overrides": {
    "priority": 5,
    "conditions": [
      { "field": "aml.highest_score", "operator": "gt", "value": 0.85 }
    ]
  }
}

Rule Evaluation Flow

Session submitted
    |
    v
Rules evaluated in priority order (lowest number = highest priority)
    |
    +-- Rule 1: conditions met? --> YES --> execute action, stop
    |                           --> NO  --> continue
    +-- Rule 2: conditions met? --> YES --> execute action, stop
    |                           --> NO  --> continue
    +-- ...
    |
    v
No rules matched --> apply default action (manual review)

API Response

GET /v1/orchestration/rules
{
  "data": [
    {
      "id": "rule_a1b2c3d4",
      "name": "Block high-risk countries",
      "priority": 10,
      "enabled": true,
      "conditions": [...],
      "action": { "type": "decline", "reason": "Sanctioned jurisdiction" },
      "executions_total": 142,
      "last_executed_at": "2026-03-18T09:15:00Z",
      "created_at": "2026-03-01T12:00:00Z"
    }
  ]
}
FieldTypeDescription
idstringUnique rule identifier
namestringHuman-readable rule name
priorityintegerEvaluation order (lower = higher priority)
enabledbooleanWhether the rule is active
conditionsarrayList of conditions to evaluate
actionobjectAction to execute when conditions match
executions_totalintegerTotal number of times the rule has fired
last_executed_atstringISO 8601 timestamp of last execution
Start with a few high-priority rules (e.g., sanctioned countries, bot detection) and add more granular rules as you refine your verification workflow.