Monitoring Rules

Monitoring rules define the conditions that trigger compliance alerts. When a transaction or customer activity matches a rule's criteria, the engine creates an alert with the enriched context snapshot. Rules are evaluated in priority order (lower number = higher priority).

GETs require read scope. Mutations require write scope.

GET/tenants/{slug}/monitoring-rules

List rules

Returns all monitoring rules for the tenant, ordered by priority.

Query parameters

Name
status
Type
string
Description
Filter by status: active or inactive.
Name
limit
Type
integer
Description
Number of results (1-100, default 50).
Name
offset
Type
integer
Description
Pagination offset (default 0).

Request

GET

/tenants/{slug}/monitoring-rules

curl "https://api.whocomply.com/api/v1/tenants/kuda-mfb/monitoring-rules?status=active" \
  -H "Authorization: Bearer wc_..."

Response

{
  "status": "ok",
  "data": [
    {
      "id": "mr-a1b2c3d4-...",
      "name": "High Value Transaction",
      "priority": 10,
      "status": "active",
      "action": "flag",
      "criteria": { "field": "amount", "operator": "gt", "value": 5000000, "currency": "NGN" },
      "created_at": "2026-04-01T00:00:00Z",
      "updated_at": "2026-04-01T00:00:00Z"
    }
  ]
}

GET/tenants/{slug}/monitoring-rules/{id}

Get rule

Returns a single monitoring rule by ID, including its full criteria object.

Request

GET

/tenants/{slug}/monitoring-rules/{id}

curl "https://api.whocomply.com/api/v1/tenants/kuda-mfb/monitoring-rules/{rule_id}" \
  -H "Authorization: Bearer wc_..."

Response

{
  "status": "ok",
  "data": {
    "id": "mr-a1b2c3d4-...",
    "name": "High Value Transaction",
    "priority": 10,
    "status": "active",
    "action": "flag",
    "criteria": { "field": "amount", "operator": "gt", "value": 5000000, "currency": "NGN" },
    "created_at": "2026-04-01T00:00:00Z",
    "updated_at": "2026-04-01T00:00:00Z"
  }
}

POST/tenants/{slug}/monitoring-rules

Create rule

Create a new monitoring rule. Rules are created in active status by default.

Name
name
Type
string
Description
Human-readable rule name. Shown in alert titles.
Name
priority
Type
integer
Description
Evaluation priority. Lower numbers are evaluated first. Use multiples of 10 to leave room for insertion.
Name
criteria
Type
object
Description
JSON object defining the match conditions. Structure depends on the rule type.
Name
action
Type
string
Description
Action to take when matched. One of: allow, flag, block, escalate.

Action reference

Action	Behavior
`allow`	Permit the transaction and log the match. No alert created.
`flag`	Create an alert with `open` status for analyst review.
`block`	Reject the transaction and create a high-severity alert.
`escalate`	Create an alert and automatically open an investigation case.

Request

POST

/tenants/{slug}/monitoring-rules

curl -X POST "https://api.whocomply.com/api/v1/tenants/kuda-mfb/monitoring-rules" \
  -H "Authorization: Bearer wc_..." \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Structuring Detection",
    "priority": 15,
    "criteria": {
      "field": "deposit_count",
      "operator": "gte",
      "value": 3,
      "window": "48h",
      "amount_range": { "min": 4000000, "max": 4999999 },
      "currency": "NGN"
    },
    "action": "escalate"
  }'

Response (201)

{
  "status": "ok",
  "data": {
    "id": "mr-c3d4e5f6-...",
    "name": "Structuring Detection",
    "priority": 15,
    "status": "active",
    "action": "escalate",
    "created_at": "2026-04-17T09:00:00Z",
    "updated_at": "2026-04-17T09:00:00Z"
  }
}

PUT/tenants/{slug}/monitoring-rules/{id}

Update rule

Update an existing monitoring rule. You can update any combination of fields. Changes take effect immediately for new transactions.

Name
name
Type
string
Description
Updated rule name.
Name
priority
Type
integer
Description
Updated priority.
Name
criteria
Type
object
Description
Updated criteria object. Replaces the entire criteria; partial updates are not supported.
Name
action
Type
string
Description
Updated action: allow, flag, block, or escalate.

Request

PUT

/tenants/{slug}/monitoring-rules/{id}

curl -X PUT "https://api.whocomply.com/api/v1/tenants/kuda-mfb/monitoring-rules/{id}" \
  -H "Authorization: Bearer wc_..." \
  -H "Content-Type: application/json" \
  -d '{ "priority": 5, "action": "block" }'

Response

{
  "status": "ok",
  "data": {
    "id": "mr-c3d4e5f6-...",
    "name": "Structuring Detection",
    "priority": 5,
    "status": "active",
    "action": "block",
    "updated_at": "2026-04-17T10:00:00Z"
  }
}

DELETE/tenants/{slug}/monitoring-rules/{id}

Delete rule

Permanently delete a monitoring rule. Existing alerts created by this rule are not affected. Consider toggling to inactive instead if you may need the rule again.

Request

DELETE

/tenants/{slug}/monitoring-rules/{id}

curl -X DELETE "https://api.whocomply.com/api/v1/tenants/kuda-mfb/monitoring-rules/{id}" \
  -H "Authorization: Bearer wc_..."

Response

{
  "status": "ok",
  "message": "Rule deleted."
}

POST/tenants/{slug}/monitoring-rules/{id}/toggle

Toggle rule

Enable or disable a monitoring rule without deleting it. Inactive rules are skipped during evaluation.

Name
status
Type
string
Description
New status: active or inactive.

Request

POST

/tenants/{slug}/monitoring-rules/{id}/toggle

curl -X POST "https://api.whocomply.com/api/v1/tenants/kuda-mfb/monitoring-rules/{id}/toggle" \
  -H "Authorization: Bearer wc_..." \
  -H "Content-Type: application/json" \
  -d '{ "status": "inactive" }'

Response

{
  "status": "ok",
  "data": {
    "id": "mr-c3d4e5f6-...",
    "name": "Structuring Detection",
    "status": "inactive",
    "updated_at": "2026-04-17T10:30:00Z"
  }
}