Getting Started With AccessGate
AccessGate adds device, session, and checkpoint risk intelligence to customer-facing flows such as login, onboarding, payment, account recovery, and beneficiary changes.
For standard Loci tenants, AccessGate requests go through the same Loci API base URL and organization credentials used for transaction monitoring.
Platform Base URL: https://api.runloci.com
AccessGate Risk Check: POST /accessgate/v1/check
1. Add The SDK To Your Frontend
html
<script src="https://sdk.runloci.com/accessgate-sdk.min.js"></script>
<script>
const sdk = new AccessGateSDK({
enableBehavioralBiometrics: true
});
</script>
The SDK collects device and behavior signals in the browser. Keep API credentials on your server.
2. Collect Data At A Checkpoint
javascript
form.addEventListener('submit', async (event) => {
event.preventDefault();
const accessgateData = await sdk.collect({
includeBehavioral: true
});
await fetch('/api/login', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({
email: form.email.value,
password: form.password.value,
accessgate_data: accessgateData
})
});
});
3. Verify Through The Loci API
javascript
app.post('/api/login', async (req, res) => {
const { email, password, accessgate_data } = req.body;
const user = await verifyPassword(email, password);
if (!user) return res.status(401).json({ error: 'Invalid credentials' });
const response = await fetch('https://api.runloci.com/accessgate/v1/check', {
method: 'POST',
headers: {
'Content-Type': 'application/json',
'x-org-id': process.env.LOCI_ORG_ID,
'x-api-key': process.env.LOCI_API_KEY
},
body: JSON.stringify({
email,
ip: req.ip,
device: accessgate_data.device,
behavior: accessgate_data.behavior,
behavioral: accessgate_data.behavioral,
context: {
action: 'login',
user_id: user.id,
session_id: req.sessionID
}
})
});
const result = await response.json();
switch (result.decision?.outcome) {
case 'allow':
return res.json({ success: true, token: createSession(user) });
case 'review':
return res.json({ requires_step_up: true });
case 'block':
return res.status(403).json({ error: 'Access denied' });
default:
return res.status(502).json({ error: 'Risk check unavailable' });
}
});
Decision Outcomes
| Outcome | Description | Typical Action |
|---|---|---|
| allow | Signals are consistent with expected behavior | Proceed normally |
| review | Some signals need additional assurance | Step up, review, or queue |
| block | Strong risk indicators are present | Deny or hold according to policy |
Evaluation Mode
Use the evaluation endpoint in development and testing when you need diagnostic signal details:
bash
curl -X POST "https://api.runloci.com/accessgate/v1/eval/check" \
-H "x-org-id: your_loci_org_id" \
-H "x-api-key: your_loci_api_key" \
-H "Content-Type: application/json" \
-d '{
"email": "[email protected]",
"ip": "102.88.34.45",
"context": { "action": "login", "user_id": "user_123" }
}'
Use /accessgate/v1/check for production decisions.