Getting Started with AccessGate

AccessGate provides continuous authentication and fraud detection for your application. Protect login flows, payments, and sensitive actions with behavioral intelligence that verifies users throughout their session.

Production URL: https://ag.runloci.com
Staging URL: https://ag-staging.runloci.com

---

Quick Start

Get up and running in three steps:

1. Add the SDK to Your Frontend

html

<!-- Production -->
<script src="https://sdk.runloci.com/"></script>

<!-- Staging -->
<script src="https://sdk-staging.runloci.com/"></script>

<script>
  const sdk = new AccessGateSDK({
    enableBehavioralBiometrics: true
  });
</script>

2. Collect Data at Checkpoints

javascript

form.addEventListener('submit', async (e) => {
  e.preventDefault();
  
  // Collect behavioral data
  const accessgateData = await sdk.collect();
  
  // Send to your backend with credentials
  await fetch('/api/login', {
    method: 'POST',
    body: JSON.stringify({
      email: form.email.value,
      password: form.password.value,
      accessgate_data: accessgateData
    })
  });
});

3. Verify with AccessGate API

javascript

// Your backend
app.post('/api/login', async (req, res) => {
  const { email, password, accessgate_data } = req.body;
  
  // Your normal password verification
  const user = await verifyPassword(email, password);
  if (!user) return res.status(401).json({ error: 'Invalid credentials' });
  
  // AccessGate verification
  const response = await fetch('https://ag.runloci.com/v1/check', {
    method: 'POST',
    headers: {
      'Content-Type': 'application/json',
      'x-org-id': process.env.ACCESSGATE_ORG_ID,
      'x-api-key': process.env.ACCESSGATE_API_KEY
    },
    body: JSON.stringify({
      email: email,
      ip: req.ip,
      device: accessgate_data.device,
      behavioral: accessgate_data.behavioral,
      context: { 
        action: 'login', 
        user_id: user.id,
        session_id: req.sessionID
      }
    })
  });
  
  const result = await response.json();
  
  // Handle decision
  switch (result.decision.outcome) {
    case 'allow':
      return res.json({ success: true, token: createSession(user) });
    case 'review':
      return res.json({ requires_2fa: true });
    case 'block':
      return res.status(403).json({ error: 'Access denied' });
  }
});

That's it! You're now protected with behavioral authentication.

---

How It Works

AccessGate uses a three-phase approach that requires no continuous API calls:

Phase 1: Passive Collection The SDK silently observes user interactions in the browser. No data is transmitted until you trigger collection.

Phase 2: Checkpoint Verification At critical moments (login, payment, etc.), you trigger sdk.collect() and send the data to AccessGate.

Phase 3: Instant Decision AccessGate analyzes the behavioral data against the user's established patterns and returns a decision in under 500ms.

Decision Outcomes

Outcome	Description	Recommended Action
`allow`	User behavior matches expected patterns	Proceed normally
`review`	Some signals are unusual	Request additional verification (2FA, email confirm)
`block`	Strong indicators of fraud	Deny access, log for investigation

Key Concepts

Entity ID / User ID

A unique identifier for the user in your system. AccessGate builds behavioral baselines per user.

javascript

context: {
  user_id: user.id,  // Your user ID
  action: 'login'
}

Behavioral Baselines

AccessGate learns each user's normal behavior over time. The first few sessions establish a baseline, then subsequent sessions are compared against it.

Risk Score

A 0-100 score where higher values indicate higher risk. The score is used alongside the decision outcome for more granular control.

javascript

if (result.decision.outcome === 'allow' && result.decision.score > 50) {
  // Low-confidence allow - consider step-up auth
}

Action Types

Action	Priority	Action Type
Signup	High	`signup`
Login	High	`login`
Payment	Critical	`payment`
Password Reset	Critical	`password_reset`
Profile Update	Medium	`profile_update`

Testing with Evaluation Mode

Use the /v1/eval/check endpoint during development to see detailed signal breakdowns:

bash

curl -X POST "https://ag-staging.runloci.com/v1/eval/check" \
  -H "x-org-id: your_org_id" \
  -H "x-api-key: your_api_key" \
  -H "Content-Type: application/json" \
  -d '{
    "email": "[email protected]",
    "ip": "102.88.34.45",
    "context": { "action": "login" }
  }'

The eval endpoint returns a "Glass Box" response with detailed signal analysis:

json

{
  "eval_mode": true,
  "decision": "ALLOW",
  "risk_score": 23,
  "signals": {
    "biometrics": "APPROVED",
    "stability_score": 0.85,
    "entropy_score": 0.72,
    "reasoning": []
  },
  "context": {
    "ip_reputation": "Clean",
    "network": "MTN Nigeria",
    "baseline_sessions": 15
  }
}

The eval endpoint is for debugging and POCs only. Use /v1/check in production.

---

Next Steps

API Reference — Complete endpoint documentation
SDK Integration — Advanced SDK configuration
Webhooks — Real-time event notifications

Support

Email: [email protected]
Status: https://status.runloci.com
Documentation: https://docs.runloci.com/accessgate