About the Risk API

The Risk API extends the capabilities of Payment Risk Platform (PRP) to any financial technology companies and banks that do not use Galileo as their card transaction processor to monitor suspicious card transaction behavior (debit, credit, BNPL, prepaid, etc.). To do so, you send transaction data via the Risk API along with a Risk Service ID (riskServiceID) assigned to you.

For the Risk API you use a different URL, and the status codes have a four-digit prefix (1701).

Base URL

The Risk API is only provided via a tenanted domain in Galileo’s client validation and production environments. During setup with Galileo, you will be provided with a domain unique to you that must be used for all Risk API calls.


The Risk API uses the same IP address whitelisting and credential approach as the Program API. You can choose to use their existing credentials or be issued new credentials for use with the Risk API.

Follow the authentication steps for the Program API.


The Risk API does not have a dedicated connectivity endpoint. Basic credential validation and connectivity can be validated by calling Get Card Transaction Fraud API and returning a successful response.

Endpoint responses

The Risk API requests and responses are conventional and are similar to Program API. Requests are made with form encoded parameters in HTTP posts. Responses are available as JSON messages with snake_case field names.