WatchTower/API Reference
API Reference
Public-safe REST endpoints for integrating Remllo WatchTower into your application. Use the API to ingest transactions, manage organization settings, review alerts and cases, run CSV imports, configure notification routing, and export reports.
Auth Model
WatchTower uses secure session authentication for console workflows and organization API keys for server-side ingestion.
Core Entry Point
Most external integrations start with POST /api/v1/transactions.
Operational Workflows
CSV import, alert review, case notes, attachments, exports, and notification delivery routes are documented here.
Examples use placeholder credentials and sample data only. Keep live API keys server-side, never paste secrets into client code, and request partner-specific contracts through the Remllo team when a private adapter is required.
Developer Reference
Remllo WatchTower API
Customer-facing reference for the Remllo WatchTower API. Use this API to authenticate users, ingest transactions, retrieve risk decisions, manage alerts and cases, configure notification routing, run CSV import workflows, and export investigation data. Public examples use placeholders only; do not send secrets in URLs, tickets, or client-side code.
Resource
Authentication
Session login, onboarding, invitations, MFA, and password lifecycle.
POST
/api/v1/auth/registerCreate an organization and initial admin
Creates a new organization, provisions the first admin account, and returns a one-time ingestion API key for connecting external transaction sources.
Request Body
application/jsonobjectRequired
organizationNamestringRequired
firstNamestringRequired
lastNamestringRequired
emailstringRequired
passwordstringRequired
1curl -X POST "https://api.remllo.com/api/v1/auth/register" \2 -H "Content-Type: application/json" \3 \4 -d '{5 "organizationName": "...",6 "firstName": "...",7 "lastName": "...",8 "email": "ops@example.com",9 "password": "..."10}'Example Response
200 OK{
"message": {
"type": "string"
},
"apiKey": {
"type": "string",
"description": "Only returned once. Store securely."
},
"organization": {
"type": "object",
"properties": {
"id": {
"type": "string",
"format": "uuid"
},
"name": {
"type": "string"
}
}
},
"user": {
"type": "object",
"properties": {
"id": {
"type": "string",
"format": "uuid"
},
"email": {
"type": "string",
"format": "email"
},
"firstName": {
"type": "string"
},
"lastName": {
"type": "string"
}
}
}
}POST
/api/v1/auth/loginCreate an authenticated session
Requires an authenticated WatchTower console session. Session is issued as an HttpOnly cookie after login. If MFA is enabled, this endpoint returns a challenge token instead of a completed session.
Request Body
application/jsonobjectRequired
emailstringRequired
passwordstringRequired
1curl -X POST "https://api.remllo.com/api/v1/auth/login" \2 -H "Content-Type: application/json" \3 \4 -d '{5 "email": "ops@example.com",6 "password": "..."7}'Example Response
200 OK{
"message": {
"type": "string"
},
"requiresMfa": {
"type": "boolean"
},
"challengeToken": {
"type": "string"
},
"user": {
"type": "object",
"properties": {
"id": {
"type": "string",
"format": "uuid"
},
"email": {
"type": "string",
"format": "email"
},
"firstName": {
"type": "string"
},
"lastName": {
"type": "string"
}
}
},
"organization": {
"type": "object",
"properties": {
"id": {
"type": "string",
"format": "uuid"
},
"name": {
"type": "string"
},
"role": {
"type": "string"
}
}
}
}POST
/api/v1/auth/mfa/verify-loginComplete an MFA challenge
Verifies a TOTP code or backup code after password authentication and completes the session login.
Request Body
application/jsonobjectRequired
challengeTokenstringRequired
codestringRequired
1curl -X POST "https://api.remllo.com/api/v1/auth/mfa/verify-login" \2 -H "Content-Type: application/json" \3 \4 -d '{5 "challengeToken": "...",6 "code": "..."7}'Example Response
200 OK{
"message": {
"type": "string"
},
"user": {
"type": "object",
"properties": {
"id": {
"type": "string",
"format": "uuid"
},
"email": {
"type": "string",
"format": "email"
}
}
},
"organization": {
"type": "object",
"properties": {
"id": {
"type": "string",
"format": "uuid"
},
"name": {
"type": "string"
},
"role": {
"type": "string"
}
}
}
}GET
/api/v1/auth/invitations/{token}Resolve an invitation token
Returns invitation details so the invited user can review the organization and complete password setup.
Parameters
tokenstringRequired
1curl -X GET "https://api.remllo.com/api/v1/auth/invitations/{token}" \2 -H "Content-Type: application/json"Example Response
200 OK{
"email": {
"type": "string",
"format": "email"
},
"firstName": {
"type": "string",
"nullable": true
},
"lastName": {
"type": "string",
"nullable": true
},
"role": {
"type": "string"
},
"invitationPending": {
"type": "boolean"
},
"organization": {
"type": "object",
"properties": {
"id": {
"type": "string",
"format": "uuid"
},
"name": {
"type": "string"
}
}
}
}POST
/api/v1/auth/invitations/acceptAccept an organization invitation
Sets the invited user password, clears the invitation token, signs the user in, and joins the target organization.
Request Body
application/jsonobjectRequired
tokenstringRequired
passwordstringRequired
firstNamestring
lastNamestring
1curl -X POST "https://api.remllo.com/api/v1/auth/invitations/accept" \2 -H "Content-Type: application/json" \3 \4 -d '{5 "token": "...",6 "password": "...",7 "firstName": "...",8 "lastName": "..."9}'Example Response
200 OK{
"message": {
"type": "string"
},
"user": {
"type": "object",
"properties": {
"id": {
"type": "string",
"format": "uuid"
},
"email": {
"type": "string",
"format": "email"
},
"firstName": {
"type": "string"
},
"lastName": {
"type": "string"
}
}
},
"organization": {
"type": "object",
"properties": {
"id": {
"type": "string",
"format": "uuid"
},
"name": {
"type": "string"
},
"role": {
"type": "string"
}
}
}
}POST
/api/v1/auth/password-reset/requestRequest a password reset link
Creates a one-time password reset token and returns a reset link for manual delivery or future email delivery.
Request Body
application/jsonobjectRequired
emailstringRequired
1curl -X POST "https://api.remllo.com/api/v1/auth/password-reset/request" \2 -H "Content-Type: application/json" \3 \4 -d '{5 "email": "ops@example.com"6}'Example Response
200 OK{
"success": {
"type": "boolean"
},
"resetUrl": {
"type": "string",
"format": "uri",
"nullable": true
}
}GET
/api/v1/auth/password-reset/{token}Validate a password reset token
Checks whether a reset token is still valid and returns the associated email address.
Parameters
tokenstringRequired
1curl -X GET "https://api.remllo.com/api/v1/auth/password-reset/{token}" \2 -H "Content-Type: application/json"Example Response
200 OK{
"email": {
"type": "string",
"format": "email"
}
}POST
/api/v1/auth/password-reset/completeComplete a password reset
Sets a new password using a valid reset token.
Request Body
application/jsonobjectRequired
tokenstringRequired
passwordstringRequired
1curl -X POST "https://api.remllo.com/api/v1/auth/password-reset/complete" \2 -H "Content-Type: application/json" \3 \4 -d '{5 "token": "...",6 "password": "..."7}'Example Response
200 OK{
"message": {
"type": "string"
}
}POST
/api/v1/auth/change-passwordChange the current user password
Requires an authenticated WatchTower console session. Session is issued as an HttpOnly cookie after login.
Authentication
sessionCookie
Request Body
application/jsonobjectRequired
currentPasswordstringRequired
newPasswordstringRequired
1curl -X POST "https://api.remllo.com/api/v1/auth/change-password" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie" \4 \5 -d '{6 "currentPassword": "...",7 "newPassword": "..."8}'Example Response
200 OK{
"message": {
"type": "string"
}
}GET
/api/v1/auth/meGet the current authenticated session
Returns the signed-in user and active organization membership.
Authentication
sessionCookie
1curl -X GET "https://api.remllo.com/api/v1/auth/me" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie"Example Response
200 OK{
"user": {
"type": "object",
"properties": {
"id": {
"type": "string",
"format": "uuid"
},
"email": {
"type": "string",
"format": "email"
},
"firstName": {
"type": "string"
},
"lastName": {
"type": "string"
},
"mfaEnabled": {
"type": "boolean"
}
}
},
"organization": {
"type": "object",
"properties": {
"id": {
"type": "string",
"format": "uuid"
},
"name": {
"type": "string"
},
"role": {
"type": "string"
},
"slaConfig": {
"type": "object",
"required": [
"critical",
"high",
"medium",
"low"
],
"properties": {
"critical": {
"type": "object",
"required": [
"triageMinutes",
"investigationMinutes",
"escalationMinutes"
],
"properties": {
"triageMinutes": {
"type": "integer"
},
"investigationMinutes": {
"type": "integer"
},
"escalationMinutes": {
"type": "integer"
}
}
},
"high": {
"type": "object",
"required": [
"triageMinutes",
"investigationMinutes",
"escalationMinutes"
],
"properties": {
"triageMinutes": {
"type": "integer"
},
"investigationMinutes": {
"type": "integer"
},
"escalationMinutes": {
"type": "integer"
}
}
},
"medium": {
"type": "object",
"required": [
"triageMinutes",
"investigationMinutes",
"escalationMinutes"
],
"properties": {
"triageMinutes": {
"type": "integer"
},
"investigationMinutes": {
"type": "integer"
},
"escalationMinutes": {
"type": "integer"
}
}
},
"low": {
"type": "object",
"required": [
"triageMinutes",
"investigationMinutes",
"escalationMinutes"
],
"properties": {
"triageMinutes": {
"type": "integer"
},
"investigationMinutes": {
"type": "integer"
},
"escalationMinutes": {
"type": "integer"
}
}
}
}
}
}
}
}POST
/api/v1/auth/mfa/setupStart MFA enrollment
Generates a TOTP secret, otpauth URL, and backup codes for the current user. Final activation requires `POST /mfa/verify-setup`.
Authentication
sessionCookie
1curl -X POST "https://api.remllo.com/api/v1/auth/mfa/setup" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie"Example Response
200 OK{
"secret": {
"type": "string"
},
"otpauthUrl": {
"type": "string"
},
"backupCodes": {
"type": "array",
"items": {
"type": "string"
}
}
}POST
/api/v1/auth/mfa/verify-setupComplete MFA enrollment
Validates the initial TOTP code and enables MFA on the account.
Authentication
sessionCookie
Request Body
application/jsonobjectRequired
codestringRequired
1curl -X POST "https://api.remllo.com/api/v1/auth/mfa/verify-setup" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie" \4 \5 -d '{6 "code": "..."7}'Example Response
200 OK{
"message": {
"type": "string"
},
"mfaEnabled": {
"type": "boolean"
}
}POST
/api/v1/auth/mfa/disableDisable MFA
Disables MFA using the current password and a valid TOTP or backup code.
Authentication
sessionCookie
Request Body
application/jsonobjectRequired
passwordstringRequired
codestringRequired
1curl -X POST "https://api.remllo.com/api/v1/auth/mfa/disable" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie" \4 \5 -d '{6 "password": "...",7 "code": "..."8}'Example Response
200 OK{
"message": {
"type": "string"
},
"mfaEnabled": {
"type": "boolean"
}
}Resource
Organizations
Organization profile, webhook settings, case policy, thresholds, SLA, members, audit logs, and API key lifecycle.
GET
/api/v1/orgs/meGet the active organization profile
Returns organization configuration, SLA, thresholds, membership roster, and API key status for the signed-in organization.
Authentication
sessionCookie
1curl -X GET "https://api.remllo.com/api/v1/orgs/me" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie"Example Response
200 OK{
"id": {
"type": "string",
"format": "uuid"
},
"name": {
"type": "string"
},
"hasApiKey": {
"type": "boolean"
},
"webhookUrl": {
"type": "string",
"format": "uri",
"nullable": true
},
"allowedMemberEmailDomains": {
"type": "array",
"items": {
"type": "string"
},
"description": "Organization-scoped email domains allowed for team member invites."
},
"highValueTransactionThreshold": {
"type": "number"
},
"riskThresholdLow": {
"type": "number"
},
"riskThresholdMedium": {
"type": "number"
},
"riskThresholdHigh": {
"type": "number"
},
"slaConfig": {
"type": "object",
"required": [
"critical",
"high",
"medium",
"low"
],
"properties": {
"critical": {
"type": "object",
"required": [
"triageMinutes",
"investigationMinutes",
"escalationMinutes"
],
"properties": {
"triageMinutes": {
"type": "integer"
},
"investigationMinutes": {
"type": "integer"
},
"escalationMinutes": {
"type": "integer"
}
}
},
"high": {
"type": "object",
"required": [
"triageMinutes",
"investigationMinutes",
"escalationMinutes"
],
"properties": {
"triageMinutes": {
"type": "integer"
},
"investigationMinutes": {
"type": "integer"
},
"escalationMinutes": {
"type": "integer"
}
}
},
"medium": {
"type": "object",
"required": [
"triageMinutes",
"investigationMinutes",
"escalationMinutes"
],
"properties": {
"triageMinutes": {
"type": "integer"
},
"investigationMinutes": {
"type": "integer"
},
"escalationMinutes": {
"type": "integer"
}
}
},
"low": {
"type": "object",
"required": [
"triageMinutes",
"investigationMinutes",
"escalationMinutes"
],
"properties": {
"triageMinutes": {
"type": "integer"
},
"investigationMinutes": {
"type": "integer"
},
"escalationMinutes": {
"type": "integer"
}
}
}
}
},
"createdAt": {
"type": "string",
"format": "date-time"
},
"memberships": {
"type": "array",
"items": {
"type": "object",
"properties": {
"id": {
"type": "string",
"format": "uuid"
},
"role": {
"type": "string",
"enum": [
"ADMIN",
"RISK_LEAD",
"ANALYST",
"VIEWER"
]
},
"userId": {
"type": "string",
"format": "uuid"
},
"organizationId": {
"type": "string",
"format": "uuid"
},
"createdAt": {
"type": "string",
"format": "date-time"
},
"updatedAt": {
"type": "string",
"format": "date-time"
},
"user": {
"type": "object",
"properties": {
"id": {
"type": "string",
"format": "uuid"
},
"email": {
"type": "string",
"format": "email"
},
"firstName": {
"type": "string",
"nullable": true
},
"lastName": {
"type": "string",
"nullable": true
},
"invitationPending": {
"type": "boolean"
}
}
}
}
}
}
}PATCH
/api/v1/orgs/webhookUpdate the organization webhook URL
Sets or clears the outbound webhook destination used for WatchTower notifications and events.
Authentication
sessionCookie
ADMINRISK_LEAD
Request Body
application/jsonobjectRequired
webhookUrlstringRequired
1curl -X PATCH "https://api.remllo.com/api/v1/orgs/webhook" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie" \4 \5 -d '{6 "webhookUrl": "..."7}'Example Response
200 OK{
"message": {
"type": "string"
},
"webhookUrl": {
"type": "string",
"nullable": true
}
}PATCH
/api/v1/orgs/thresholdsUpdate risk thresholds
Updates organization-level high-value and risk bucket thresholds used by the rule engine and dashboards.
Authentication
sessionCookie
ADMINRISK_LEAD
Request Body
application/jsonobjectRequired
highValueTransactionThresholdnumber
riskThresholdLownumberRequired
riskThresholdMediumnumberRequired
riskThresholdHighnumberRequired
1curl -X PATCH "https://api.remllo.com/api/v1/orgs/thresholds" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie" \4 \5 -d '{6 "highValueTransactionThreshold": 0,7 "riskThresholdLow": 0,8 "riskThresholdMedium": 0,9 "riskThresholdHigh": 010}'Example Response
200 OK{
"message": {
"type": "string"
},
"data": {
"type": "object",
"additionalProperties": true
}
}PATCH
/api/v1/orgs/slaUpdate organization SLA policy
Updates SLA targets for each priority band. Admin-only.
Authentication
sessionCookie
ADMIN
Request Body
application/jsonobjectRequired
criticalobjectRequired
triageMinutesintegerRequired
investigationMinutesintegerRequired
escalationMinutesintegerRequired
highobjectRequired
triageMinutesintegerRequired
investigationMinutesintegerRequired
escalationMinutesintegerRequired
mediumobjectRequired
triageMinutesintegerRequired
investigationMinutesintegerRequired
escalationMinutesintegerRequired
lowobjectRequired
triageMinutesintegerRequired
investigationMinutesintegerRequired
escalationMinutesintegerRequired
1curl -X PATCH "https://api.remllo.com/api/v1/orgs/sla" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie" \4 \5 -d '{6 "critical": {7 "triageMinutes": 0,8 "investigationMinutes": 0,9 "escalationMinutes": 010 },11 "high": {12 "triageMinutes": 0,13 "investigationMinutes": 0,14 "escalationMinutes": 015 },16 "medium": {17 "triageMinutes": 0,18 "investigationMinutes": 0,19 "escalationMinutes": 020 },21 "low": {22 "triageMinutes": 0,23 "investigationMinutes": 0,24 "escalationMinutes": 025 }26}'Example Response
200 OK{
"message": {
"type": "string"
},
"slaConfig": {
"type": "object",
"required": [
"critical",
"high",
"medium",
"low"
],
"properties": {
"critical": {
"type": "object",
"required": [
"triageMinutes",
"investigationMinutes",
"escalationMinutes"
],
"properties": {
"triageMinutes": {
"type": "integer"
},
"investigationMinutes": {
"type": "integer"
},
"escalationMinutes": {
"type": "integer"
}
}
},
"high": {
"type": "object",
"required": [
"triageMinutes",
"investigationMinutes",
"escalationMinutes"
],
"properties": {
"triageMinutes": {
"type": "integer"
},
"investigationMinutes": {
"type": "integer"
},
"escalationMinutes": {
"type": "integer"
}
}
},
"medium": {
"type": "object",
"required": [
"triageMinutes",
"investigationMinutes",
"escalationMinutes"
],
"properties": {
"triageMinutes": {
"type": "integer"
},
"investigationMinutes": {
"type": "integer"
},
"escalationMinutes": {
"type": "integer"
}
}
},
"low": {
"type": "object",
"required": [
"triageMinutes",
"investigationMinutes",
"escalationMinutes"
],
"properties": {
"triageMinutes": {
"type": "integer"
},
"investigationMinutes": {
"type": "integer"
},
"escalationMinutes": {
"type": "integer"
}
}
}
}
}
}POST
/api/v1/orgs/membersInvite an organization member
Creates or links a user to the organization, generates an invite link if the user has not set a password yet, and assigns a role. For organizations with an email-domain policy, invited users must match the workspace domain unless a platform-admin support exception applies.
Authentication
sessionCookie
ADMIN
Request Body
application/jsonobjectRequired
firstNamestring
lastNamestring
emailstringRequired
rolestringRequired
ADMINRISK_LEADANALYSTVIEWER
1curl -X POST "https://api.remllo.com/api/v1/orgs/members" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie" \4 \5 -d '{6 "firstName": "...",7 "lastName": "...",8 "email": "ops@example.com",9 "role": "ADMIN"10}'Example Response
200 OK{
"message": {
"type": "string"
},
"membership": {
"type": "object",
"properties": {
"id": {
"type": "string",
"format": "uuid"
},
"role": {
"type": "string",
"enum": [
"ADMIN",
"RISK_LEAD",
"ANALYST",
"VIEWER"
]
},
"userId": {
"type": "string",
"format": "uuid"
},
"organizationId": {
"type": "string",
"format": "uuid"
},
"createdAt": {
"type": "string",
"format": "date-time"
},
"updatedAt": {
"type": "string",
"format": "date-time"
},
"user": {
"type": "object",
"properties": {
"id": {
"type": "string",
"format": "uuid"
},
"email": {
"type": "string",
"format": "email"
},
"firstName": {
"type": "string",
"nullable": true
},
"lastName": {
"type": "string",
"nullable": true
},
"invitationPending": {
"type": "boolean"
}
}
}
}
},
"inviteUrl": {
"type": "string",
"format": "uri",
"nullable": true
}
}PATCH
/api/v1/orgs/members/{membershipId}Update a member role
Changes the role for an existing organization membership. Admin-only.
Authentication
sessionCookie
ADMIN
Parameters
membershipIdstringRequired
Request Body
application/jsonobjectRequired
rolestringRequired
ADMINRISK_LEADANALYSTVIEWER
1curl -X PATCH "https://api.remllo.com/api/v1/orgs/members/{membershipId}" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie" \4 \5 -d '{6 "role": "ADMIN"7}'Example Response
200 OK{
"message": {
"type": "string"
},
"membership": {
"type": "object",
"properties": {
"id": {
"type": "string",
"format": "uuid"
},
"role": {
"type": "string",
"enum": [
"ADMIN",
"RISK_LEAD",
"ANALYST",
"VIEWER"
]
},
"userId": {
"type": "string",
"format": "uuid"
},
"organizationId": {
"type": "string",
"format": "uuid"
},
"createdAt": {
"type": "string",
"format": "date-time"
},
"updatedAt": {
"type": "string",
"format": "date-time"
},
"user": {
"type": "object",
"properties": {
"id": {
"type": "string",
"format": "uuid"
},
"email": {
"type": "string",
"format": "email"
},
"firstName": {
"type": "string",
"nullable": true
},
"lastName": {
"type": "string",
"nullable": true
},
"invitationPending": {
"type": "boolean"
}
}
}
}
}
}DELETE
/api/v1/orgs/members/{membershipId}Remove an organization member
Removes organization access for a member while preserving historical records and audit references.
Authentication
sessionCookie
ADMIN
Parameters
membershipIdstringRequired
1curl -X DELETE "https://api.remllo.com/api/v1/orgs/members/{membershipId}" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie"Example Response
200 OK{
"message": {
"type": "string"
}
}GET
/api/v1/orgs/audit-logsList organization audit logs
Returns recent audit events for organization configuration, member management, and monitoring actions.
Authentication
sessionCookie
1curl -X GET "https://api.remllo.com/api/v1/orgs/audit-logs" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie"Example Response
200 OK{
"data": {
"type": "array",
"items": {
"type": "object",
"additionalProperties": true
}
}
}POST
/api/v1/orgs/api-key/generateGenerate an ingestion API key
Creates the first organization ingestion API key and returns the raw value once.
Authentication
sessionCookie
ADMIN
1curl -X POST "https://api.remllo.com/api/v1/orgs/api-key/generate" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie"Example Response
200 OK{
"apiKey": {
"type": "string"
},
"message": {
"type": "string"
}
}POST
/api/v1/orgs/api-key/rotateRotate the ingestion API key
Replaces the current organization API key and returns the new raw value once.
Authentication
sessionCookie
ADMIN
1curl -X POST "https://api.remllo.com/api/v1/orgs/api-key/rotate" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie"Example Response
200 OK{
"apiKey": {
"type": "string"
},
"message": {
"type": "string"
}
}DELETE
/api/v1/orgs/api-keyRevoke the ingestion API key
Deletes the current organization ingestion API key.
Authentication
sessionCookie
ADMIN
1curl -X DELETE "https://api.remllo.com/api/v1/orgs/api-key" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie"Example Response
200 OK{
"message": {
"type": "string"
}
}PATCH
/api/v1/orgs/allowed-ipsSet API key IP allowlist
Defines the IP addresses allowed to use the organization API key for transaction ingestion.
Authentication
sessionCookie
ADMIN
Request Body
application/jsonobjectRequired
allowedIpsarrayRequired
itemsstring
1curl -X PATCH "https://api.remllo.com/api/v1/orgs/allowed-ips" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie" \4 \5 -d '{6 "allowedIps": [7 "..."8 ]9}'Example Response
200 OK{
"message": {
"type": "string"
},
"allowedIps": {
"type": "array",
"items": {
"type": "string"
}
}
}POST
/api/v1/orgs/webhook/rotate-secretRotate organization webhook secret
Rotates the signing secret used for outbound organization webhooks. Store the new secret securely; it is returned once.
Authentication
sessionCookie
ADMIN
1curl -X POST "https://api.remllo.com/api/v1/orgs/webhook/rotate-secret" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie"Example Response
200 OK{
"success": {
"type": "boolean"
},
"webhookSecret": {
"type": "string",
"description": "Returned once. Store securely."
}
}PATCH
/api/v1/orgs/case-creation-policyUpdate case creation policy
Configures when WatchTower should automatically create cases from alerts.
Authentication
sessionCookie
ADMINRISK_LEAD
Request Body
application/jsonobjectRequired
autoCreateCasesboolean
minimumSeverityinteger
1curl -X PATCH "https://api.remllo.com/api/v1/orgs/case-creation-policy" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie" \4 \5 -d '{6 "autoCreateCases": true,7 "minimumSeverity": 08}'Example Response
200 OK{
"success": {
"type": "boolean"
},
"data": {
"type": "object",
"additionalProperties": true
}
}POST
/api/v1/orgs/members/{membershipId}/resend-inviteResend member invite
Sends a new invitation email to a pending organization member.
Authentication
sessionCookie
ADMIN
Parameters
membershipIdstringRequired
1curl -X POST "https://api.remllo.com/api/v1/orgs/members/{membershipId}/resend-invite" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie"Example Response
200 OK{
"success": {
"type": "boolean"
},
"inviteUrl": {
"type": "string",
"format": "uri",
"description": "Returned for admin fallback only; email delivery is the primary flow."
}
}Resource
Transactions
Transaction ingestion and transaction monitoring retrieval APIs.
GET
/api/v1/transactions/adaptersList available ingestion adapters
Returns the supported source-specific transaction adapters and example payload contracts used to normalize institution payloads into the WatchTower canonical transaction model.
Authentication
sessionCookie
1curl -X GET "https://api.remllo.com/api/v1/transactions/adapters" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie"Example Response
200 OK{
"success": {
"type": "boolean"
},
"data": {
"type": "array",
"items": {
"type": "object",
"properties": {
"key": {
"type": "string"
},
"aliases": {
"type": "array",
"items": {
"type": "string"
}
},
"summary": {
"type": "string"
},
"description": {
"type": "string"
},
"supportedCategories": {
"type": "array",
"items": {
"type": "string"
}
},
"examplePayload": {
"type": "object",
"additionalProperties": true
}
}
}
}
}POST
/api/v1/transactionsIngest and screen a transaction
Accepts a canonical transaction payload, evaluates it against active WatchTower controls, and returns the risk decision immediately. Use `x-api-key` for organization-scoped authentication and `idempotency-key` for safe retries.
Authentication
apiKey
Parameters
x-api-keystringRequired
idempotency-keystringRequired
Request Body
application/jsonobjectRequired
idstringRequired
amountnumberRequired
currencystringRequired
channelstringRequired
USSDPOSWEBMOBILETRANSFERATMCARDbank_transfercardussdmobile_money
transactionTypestring
DEBITCREDIT
transactionCategorystring
TRANSFERBILL_PAYMENTAIRTIMEMERCHANT_PAYMENTWALLET_TRANSFERCARD_PAYMENTCASH_INCASH_OUTOTHER
timestampstringRequired
paymentReferencestring
sessionIdstring
senderobjectRequired
namestringRequired
accountNumberstringRequired
bankCodestring
bankNamestring
phoneNumberstring
walletIdstring
bvnstring
ninstring
partyTypestring
BANK_ACCOUNTWALLETMERCHANTBILLERMOBILE_NUMBEROTHER
receiverobjectRequired
namestringRequired
accountNumberstringRequired
bankCodestring
bankNamestring
merchantIdstring
terminalIdstring
partyTypestring
BANK_ACCOUNTWALLETMERCHANTBILLERMOBILE_NUMBEROTHER
deviceobject
deviceIdstring
ipAddressstring
deviceTypestring
mobilewebpos
operatingSystemstring
networkProviderstring
locationstring
userAgentstring
behaviorobject
transactionsLast1Minnumber
transactionsLast5Minnumber
velocityScorenumber
newDeviceDetectedboolean
newIpDetectedboolean
accountAgeDaysnumber
metadataobject
senderIdstring
receiverIdstring
1curl -X POST "https://api.remllo.com/api/v1/transactions" \2 -H "x-api-key: wt_your_org_key" \3 -H "idempotency-key: 8d80a7b3-2e52-4d74-9f7f-f59f14b97f86" \4 -H "Content-Type: application/json" \5 \6 -d '{7 "id": "6ef1b19e-245a-42f7-bbf2-c91f0cbdde27",8 "amount": 0,9 "currency": "NGN",10 "channel": "USSD",11 "transactionType": "DEBIT",12 "transactionCategory": "TRANSFER",13 "timestamp": "2026-03-20T10:15:00.000Z",14 "paymentReference": "...",15 "sessionId": "...",16 "sender": {17 "name": "...",18 "accountNumber": "...",19 "bankCode": "...",20 "bankName": "...",21 "phoneNumber": "...",22 "walletId": "...",23 "bvn": "...",24 "nin": "...",25 "partyType": "BANK_ACCOUNT"26 },27 "receiver": {28 "name": "...",29 "accountNumber": "...",30 "bankCode": "...",31 "bankName": "...",32 "merchantId": "...",33 "terminalId": "...",34 "partyType": "BANK_ACCOUNT"35 },36 "device": {37 "deviceId": "...",38 "ipAddress": "...",39 "deviceType": "mobile",40 "operatingSystem": "...",41 "networkProvider": "...",42 "location": "...",43 "userAgent": "..."44 },45 "behavior": {46 "transactionsLast1Min": 0,47 "transactionsLast5Min": 0,48 "velocityScore": 0,49 "newDeviceDetected": true,50 "newIpDetected": true,51 "accountAgeDays": 052 },53 "metadata": {},54 "senderId": "...",55 "receiverId": "..."56}'Example Response
200 OK{
"transactionId": {
"type": "string",
"format": "uuid"
},
"decision": {
"type": "string",
"enum": [
"ALLOW",
"REVIEW",
"BLOCK"
]
},
"riskScore": {
"type": "number",
"minimum": 0,
"maximum": 100
},
"triggeredRules": {
"type": "array",
"items": {
"type": "object",
"properties": {
"ruleId": {
"type": "string"
},
"description": {
"type": "string"
},
"severity": {
"type": "number"
}
}
}
},
"behavioralSignals": {
"type": "array",
"items": {
"type": "object",
"properties": {
"key": {
"type": "string"
},
"label": {
"type": "string"
},
"value": {},
"riskPoints": {
"type": "number"
},
"explanation": {
"type": "string"
}
}
}
},
"anomalyScore": {
"type": "number",
"minimum": 0,
"maximum": 100
},
"anomalyReasons": {
"type": "array",
"items": {
"type": "string"
}
},
"watchlistHits": {
"type": "array",
"items": {
"type": "object",
"properties": {
"watchlistId": {
"type": "string"
},
"listType": {
"type": "string"
},
"matchType": {
"type": "string"
},
"matchValue": {
"type": "string"
},
"riskLevel": {
"type": "string"
},
"reason": {
"type": "string"
}
}
}
},
"evaluatedAt": {
"type": "string",
"format": "date-time"
}
}GET
/api/v1/transactionsList organization transactions
Returns paginated transactions for the active organization with attached alert assignment context where available.
Authentication
sessionCookie
Parameters
pageinteger
pageSizeinteger
1curl -X GET "https://api.remllo.com/api/v1/transactions" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie"Example Response
200 OK{
"data": {
"type": "array",
"items": {
"type": "object",
"additionalProperties": true
}
},
"page": {
"type": "number"
},
"pageSize": {
"type": "number"
},
"total": {
"type": "number"
}
}POST
/api/v1/transactions/adapters/{adapterKey}Ingest a transaction through an adapter
Accepts a source-specific transaction payload and maps it into the WatchTower canonical transaction model before evaluation. Adapter details are published only when safe for customer use.
Authentication
apiKey
Parameters
adapterKeystringRequired
x-api-keystringRequired
idempotency-keystring
Request Body
application/jsonobjectRequired
1curl -X POST "https://api.remllo.com/api/v1/transactions/adapters/{adapterKey}" \2 -H "x-api-key: wt_your_org_key" \3 -H "idempotency-key: 8d80a7b3-2e52-4d74-9f7f-f59f14b97f86" \4 -H "Content-Type: application/json" \5Example Response
200 OK{
"adapterKey": {
"type": "string"
},
"externalTransactionId": {
"type": "string"
},
"transactionId": {
"type": "string",
"format": "uuid"
},
"decision": {
"type": "string"
},
"riskScore": {
"type": "number"
}
}GET
/api/v1/transactions/statsGet transaction monitoring stats
Returns 30-day aggregate monitoring metrics for the active organization.
Authentication
sessionCookie
1curl -X GET "https://api.remllo.com/api/v1/transactions/stats" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie"Example Response
200 OK{
"totalTransactions": {
"type": "number"
},
"fraudPrevented": {
"type": "number"
},
"flagRate": {
"type": "string"
}
}GET
/api/v1/transactions/{id}/narrativeGet or generate an alert narrative
Returns a stored narrative for a flagged transaction or generates one on demand when possible.
Authentication
sessionCookie
Parameters
idstringRequired
1curl -X GET "https://api.remllo.com/api/v1/transactions/{id}/narrative" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie"Example Response
200 OK{
"success": {
"type": "boolean"
},
"narrative": {
"type": "string"
}
}GET
/api/v1/transactions/{id}/related-activityGet related transaction activity
Returns nearby or related activity tied to the transaction customer, counterparty, device, or account context.
Authentication
sessionCookie
Parameters
idstringRequired
1curl -X GET "https://api.remllo.com/api/v1/transactions/{id}/related-activity" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie"Example Response
200 OK{
"success": {
"type": "boolean"
},
"data": {
"type": "array",
"items": {
"type": "object",
"additionalProperties": true
}
}
}Resource
CSV Imports
Upload, inspect, validate, process, retry, and audit CSV transaction imports.
GET
/api/v1/transactions/imports/mapping-profilesList CSV mapping profiles
Returns saved CSV mapping profiles for the active organization.
Authentication
sessionCookie
ADMINRISK_LEADANALYST
1curl -X GET "https://api.remllo.com/api/v1/transactions/imports/mapping-profiles" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie"Example Response
200 OK{
"success": {
"type": "boolean"
},
"data": {
"type": "array",
"items": {
"type": "object",
"properties": {
"id": {
"type": "string",
"format": "uuid"
},
"name": {
"type": "string"
},
"sourceKey": {
"type": "string",
"nullable": true
},
"headerSignature": {
"type": "string"
},
"delimiter": {
"type": "string"
},
"mappings": {
"type": "object",
"additionalProperties": {
"type": "string"
}
},
"sampleHeaders": {
"type": "array",
"items": {
"type": "string"
}
},
"lastUsedAt": {
"type": "string",
"format": "date-time",
"nullable": true
}
}
}
}
}POST
/api/v1/transactions/imports/mapping-profilesCreate CSV mapping profile
Saves a reusable mapping from source CSV headers into the WatchTower transaction model.
Authentication
sessionCookie
ADMINRISK_LEADANALYST
Request Body
application/jsonobjectRequired
namestringRequired
headerSignaturestringRequired
delimiterstringRequired
sourceKeystring
sampleHeadersarray
itemsstring
mappingsobjectRequired
1curl -X POST "https://api.remllo.com/api/v1/transactions/imports/mapping-profiles" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie" \4 \5 -d '{6 "name": "...",7 "headerSignature": "...",8 "delimiter": ",",9 "sourceKey": "...",10 "sampleHeaders": [11 "..."12 ],13 "mappings": {}14}'Example Response
200 OK{
"success": {
"type": "boolean"
},
"data": {
"type": "object",
"properties": {
"id": {
"type": "string",
"format": "uuid"
},
"name": {
"type": "string"
},
"sourceKey": {
"type": "string",
"nullable": true
},
"headerSignature": {
"type": "string"
},
"delimiter": {
"type": "string"
},
"mappings": {
"type": "object",
"additionalProperties": {
"type": "string"
}
},
"sampleHeaders": {
"type": "array",
"items": {
"type": "string"
}
},
"lastUsedAt": {
"type": "string",
"format": "date-time",
"nullable": true
}
}
}
}PATCH
/api/v1/transactions/imports/mapping-profiles/{id}Update CSV mapping profile
Updates a saved CSV mapping profile.
Authentication
sessionCookie
ADMINRISK_LEADANALYST
Parameters
idstringRequired
Request Body
application/jsonobjectRequired
namestring
sourceKeystring
mappingsobject
1curl -X PATCH "https://api.remllo.com/api/v1/transactions/imports/mapping-profiles/{id}" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie" \4 \5 -d '{6 "name": "...",7 "sourceKey": "...",8 "mappings": {}9}'Example Response
200 OK{
"success": {
"type": "boolean"
},
"data": {
"type": "object",
"properties": {
"id": {
"type": "string",
"format": "uuid"
},
"name": {
"type": "string"
},
"sourceKey": {
"type": "string",
"nullable": true
},
"headerSignature": {
"type": "string"
},
"delimiter": {
"type": "string"
},
"mappings": {
"type": "object",
"additionalProperties": {
"type": "string"
}
},
"sampleHeaders": {
"type": "array",
"items": {
"type": "string"
}
},
"lastUsedAt": {
"type": "string",
"format": "date-time",
"nullable": true
}
}
}
}DELETE
/api/v1/transactions/imports/mapping-profiles/{id}Delete CSV mapping profile
Deletes a saved CSV mapping profile for the active organization.
Authentication
sessionCookie
ADMINRISK_LEAD
Parameters
idstringRequired
1curl -X DELETE "https://api.remllo.com/api/v1/transactions/imports/mapping-profiles/{id}" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie"Example Response
200 OK{
"success": {
"type": "boolean"
}
}POST
/api/v1/transactions/imports/inspectInspect CSV upload
Uploads a CSV file for header detection, sample parsing, validation preview, and mapping-profile suggestions. The upload token returned by this endpoint is used to validate or create an import run.
Authentication
sessionCookie
ADMINRISK_LEADANALYST
Request Body
multipart/form-dataobjectRequired
filestringRequired
CSV file to inspect.
sourceLabelstring
Optional source label for mapping suggestions.
delimiterstring
1curl -X POST "https://api.remllo.com/api/v1/transactions/imports/inspect" \2 -H "Cookie: wt_session=your_session_cookie" \3 -F "file=@/path/to/file.csv" \4 -F "sourceLabel=..." \5 -F "delimiter=,"Example Response
200 OK{
"success": {
"type": "boolean"
},
"uploadToken": {
"type": "string",
"format": "uuid"
},
"headers": {
"type": "array",
"items": {
"type": "string"
}
},
"sampleRows": {
"type": "array",
"items": {
"type": "object",
"additionalProperties": true
}
},
"suggestedMappingProfile": {
"type": "object",
"properties": {
"id": {
"type": "string",
"format": "uuid"
},
"name": {
"type": "string"
},
"sourceKey": {
"type": "string",
"nullable": true
},
"headerSignature": {
"type": "string"
},
"delimiter": {
"type": "string"
},
"mappings": {
"type": "object",
"additionalProperties": {
"type": "string"
}
},
"sampleHeaders": {
"type": "array",
"items": {
"type": "string"
}
},
"lastUsedAt": {
"type": "string",
"format": "date-time",
"nullable": true
}
}
}
}POST
/api/v1/transactions/imports/validateValidate CSV import
Validates a cached CSV upload and mapping without creating transactions.
Authentication
sessionCookie
ADMINRISK_LEADANALYST
Request Body
application/jsonobjectRequired
uploadTokenstringRequired
sourceLabelstring
mappingsobject
guardrailsobject
duplicateHandlingstring
SKIP_DUPLICATESBLOCK_IMPORT
maxInvalidRowsinteger
1curl -X POST "https://api.remllo.com/api/v1/transactions/imports/validate" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie" \4 \5 -d '{6 "uploadToken": "6ef1b19e-245a-42f7-bbf2-c91f0cbdde27",7 "sourceLabel": "...",8 "mappings": {},9 "guardrails": {10 "duplicateHandling": "SKIP_DUPLICATES",11 "maxInvalidRows": 012 }13}'Example Response
200 OK{
"success": {
"type": "boolean"
},
"data": {
"type": "object",
"additionalProperties": true
}
}POST
/api/v1/transactions/imports/runsCreate CSV import run
Creates a CSV import run from a cached upload token. Imported rows are processed through the same monitoring pipeline as API-ingested transactions.
Authentication
sessionCookie
ADMINRISK_LEADANALYST
Request Body
application/jsonobjectRequired
uploadTokenstringRequired
sourceLabelstring
mappingProfileIdstring
mappingsobject
saveMappingProfileboolean
mappingProfileNamestring
1curl -X POST "https://api.remllo.com/api/v1/transactions/imports/runs" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie" \4 \5 -d '{6 "uploadToken": "6ef1b19e-245a-42f7-bbf2-c91f0cbdde27",7 "sourceLabel": "...",8 "mappingProfileId": "6ef1b19e-245a-42f7-bbf2-c91f0cbdde27",9 "mappings": {},10 "saveMappingProfile": true,11 "mappingProfileName": "..."12}'Example Response
200 OK{
"success": {
"type": "boolean"
},
"data": {
"type": "object",
"properties": {
"id": {
"type": "string",
"format": "uuid"
},
"sourceLabel": {
"type": "string",
"nullable": true
},
"status": {
"type": "string",
"enum": [
"PENDING",
"VALIDATING",
"PROCESSING",
"COMPLETED",
"FAILED",
"CANCELED"
]
},
"totalRows": {
"type": "integer"
},
"processedRows": {
"type": "integer"
},
"validRows": {
"type": "integer"
},
"invalidRows": {
"type": "integer"
},
"duplicateRows": {
"type": "integer"
},
"createdAt": {
"type": "string",
"format": "date-time"
},
"completedAt": {
"type": "string",
"format": "date-time",
"nullable": true
}
}
}
}GET
/api/v1/transactions/importsList CSV import runs
Returns recent CSV import runs for the active organization.
Authentication
sessionCookie
ADMINRISK_LEADANALYST
1curl -X GET "https://api.remllo.com/api/v1/transactions/imports" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie"Example Response
200 OK{
"success": {
"type": "boolean"
},
"data": {
"type": "array",
"items": {
"type": "object",
"properties": {
"id": {
"type": "string",
"format": "uuid"
},
"sourceLabel": {
"type": "string",
"nullable": true
},
"status": {
"type": "string",
"enum": [
"PENDING",
"VALIDATING",
"PROCESSING",
"COMPLETED",
"FAILED",
"CANCELED"
]
},
"totalRows": {
"type": "integer"
},
"processedRows": {
"type": "integer"
},
"validRows": {
"type": "integer"
},
"invalidRows": {
"type": "integer"
},
"duplicateRows": {
"type": "integer"
},
"createdAt": {
"type": "string",
"format": "date-time"
},
"completedAt": {
"type": "string",
"format": "date-time",
"nullable": true
}
}
}
}
}GET
/api/v1/transactions/imports/{id}Get CSV import run
Returns CSV import run details, validation summary, and processing status.
Authentication
sessionCookie
ADMINRISK_LEADANALYST
Parameters
idstringRequired
1curl -X GET "https://api.remllo.com/api/v1/transactions/imports/{id}" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie"Example Response
200 OK{
"success": {
"type": "boolean"
},
"data": {
"type": "object",
"properties": {
"id": {
"type": "string",
"format": "uuid"
},
"sourceLabel": {
"type": "string",
"nullable": true
},
"status": {
"type": "string",
"enum": [
"PENDING",
"VALIDATING",
"PROCESSING",
"COMPLETED",
"FAILED",
"CANCELED"
]
},
"totalRows": {
"type": "integer"
},
"processedRows": {
"type": "integer"
},
"validRows": {
"type": "integer"
},
"invalidRows": {
"type": "integer"
},
"duplicateRows": {
"type": "integer"
},
"createdAt": {
"type": "string",
"format": "date-time"
},
"completedAt": {
"type": "string",
"format": "date-time",
"nullable": true
}
}
}
}DELETE
/api/v1/transactions/imports/{id}Delete CSV import run
Deletes an import run record where allowed by its current state.
Authentication
sessionCookie
ADMINRISK_LEAD
Parameters
idstringRequired
1curl -X DELETE "https://api.remllo.com/api/v1/transactions/imports/{id}" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie"Example Response
200 OK{
"success": {
"type": "boolean"
}
}POST
/api/v1/transactions/imports/{id}/cancelCancel CSV import run
Cancels a pending or processing CSV import run where cancellation is still safe.
Authentication
sessionCookie
ADMINRISK_LEAD
Parameters
idstringRequired
1curl -X POST "https://api.remllo.com/api/v1/transactions/imports/{id}/cancel" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie"Example Response
200 OK{
"success": {
"type": "boolean"
},
"data": {
"type": "object",
"properties": {
"id": {
"type": "string",
"format": "uuid"
},
"sourceLabel": {
"type": "string",
"nullable": true
},
"status": {
"type": "string",
"enum": [
"PENDING",
"VALIDATING",
"PROCESSING",
"COMPLETED",
"FAILED",
"CANCELED"
]
},
"totalRows": {
"type": "integer"
},
"processedRows": {
"type": "integer"
},
"validRows": {
"type": "integer"
},
"invalidRows": {
"type": "integer"
},
"duplicateRows": {
"type": "integer"
},
"createdAt": {
"type": "string",
"format": "date-time"
},
"completedAt": {
"type": "string",
"format": "date-time",
"nullable": true
}
}
}
}POST
/api/v1/transactions/imports/{id}/retryRetry CSV import run
Retries a failed or canceled CSV import run after correcting the issue.
Authentication
sessionCookie
ADMINRISK_LEAD
Parameters
idstringRequired
1curl -X POST "https://api.remllo.com/api/v1/transactions/imports/{id}/retry" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie"Example Response
200 OK{
"success": {
"type": "boolean"
},
"data": {
"type": "object",
"properties": {
"id": {
"type": "string",
"format": "uuid"
},
"sourceLabel": {
"type": "string",
"nullable": true
},
"status": {
"type": "string",
"enum": [
"PENDING",
"VALIDATING",
"PROCESSING",
"COMPLETED",
"FAILED",
"CANCELED"
]
},
"totalRows": {
"type": "integer"
},
"processedRows": {
"type": "integer"
},
"validRows": {
"type": "integer"
},
"invalidRows": {
"type": "integer"
},
"duplicateRows": {
"type": "integer"
},
"createdAt": {
"type": "string",
"format": "date-time"
},
"completedAt": {
"type": "string",
"format": "date-time",
"nullable": true
}
}
}
}POST
/api/v1/transactions/imports/{id}/purge-payloadPurge CSV import payload
Deletes the stored raw CSV payload for an import run while retaining audit metadata.
Authentication
sessionCookie
ADMINRISK_LEAD
Parameters
idstringRequired
1curl -X POST "https://api.remllo.com/api/v1/transactions/imports/{id}/purge-payload" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie"Example Response
200 OK{
"success": {
"type": "boolean"
},
"data": {
"type": "object",
"properties": {
"id": {
"type": "string",
"format": "uuid"
},
"sourceLabel": {
"type": "string",
"nullable": true
},
"status": {
"type": "string",
"enum": [
"PENDING",
"VALIDATING",
"PROCESSING",
"COMPLETED",
"FAILED",
"CANCELED"
]
},
"totalRows": {
"type": "integer"
},
"processedRows": {
"type": "integer"
},
"validRows": {
"type": "integer"
},
"invalidRows": {
"type": "integer"
},
"duplicateRows": {
"type": "integer"
},
"createdAt": {
"type": "string",
"format": "date-time"
},
"completedAt": {
"type": "string",
"format": "date-time",
"nullable": true
}
}
}
}Resource
Rules
Monitoring control catalog and custom rule lifecycle.
GET
/api/v1/rules/catalogList built-in monitoring controls
Returns the built-in WatchTower rule catalog grouped by governance tier.
Authentication
sessionCookie
1curl -X GET "https://api.remllo.com/api/v1/rules/catalog" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie"Example Response
200 OK{
"success": {
"type": "boolean"
},
"data": {
"type": "object",
"additionalProperties": true
}
}GET
/api/v1/rulesList custom organization rules
Returns all organization-specific custom rules across draft, active, and inactive states.
Authentication
sessionCookie
1curl -X GET "https://api.remllo.com/api/v1/rules" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie"Example Response
200 OK{
"success": {
"type": "boolean"
},
"count": {
"type": "number"
},
"data": {
"type": "array",
"items": {
"type": "object",
"properties": {
"id": {
"type": "string",
"format": "uuid"
},
"name": {
"type": "string"
},
"description": {
"type": "string"
},
"severity": {
"type": "number"
},
"status": {
"type": "string",
"enum": [
"DRAFT",
"ACTIVE",
"INACTIVE"
]
},
"conditions": {
"type": "array",
"items": {
"type": "object",
"properties": {
"field": {
"type": "string"
},
"operator": {
"type": "string",
"enum": [
"gt",
"gte",
"lt",
"lte",
"eq",
"neq",
"in",
"not_in",
"contains"
]
},
"value": {}
}
}
},
"velocityCheck": {
"nullable": true,
"type": "object",
"properties": {
"field": {
"type": "string"
},
"windowSeconds": {
"type": "number"
},
"maxCount": {
"type": "number"
}
}
},
"createdAt": {
"type": "string",
"format": "date-time"
}
}
}
}
}POST
/api/v1/rulesCreate a draft rule
Creates a custom monitoring rule in draft state. Rules can later be activated through the rule status endpoint.
Authentication
sessionCookie
ADMINRISK_LEAD
Request Body
application/jsonobjectRequired
namestringRequired
descriptionstringRequired
severitynumberRequired
conditionsarrayRequired
itemsobject
fieldstring
operatorstring
gtgteltlteeqneqinnot_incontains
valueany
velocityCheckobject
fieldstring
windowSecondsnumber
maxCountnumber
1curl -X POST "https://api.remllo.com/api/v1/rules" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie" \4 \5 -d '{6 "name": "...",7 "description": "...",8 "severity": 0,9 "conditions": [10 {11 "field": "...",12 "operator": "gt",13 "value": "..."14 }15 ],16 "velocityCheck": {17 "field": "...",18 "windowSeconds": 0,19 "maxCount": 020 }21}'Example Response
200 OK{
"success": {
"type": "boolean"
},
"data": {
"type": "object",
"properties": {
"id": {
"type": "string",
"format": "uuid"
},
"name": {
"type": "string"
},
"description": {
"type": "string"
},
"severity": {
"type": "number"
},
"status": {
"type": "string",
"enum": [
"DRAFT",
"ACTIVE",
"INACTIVE"
]
},
"conditions": {
"type": "array",
"items": {
"type": "object",
"properties": {
"field": {
"type": "string"
},
"operator": {
"type": "string",
"enum": [
"gt",
"gte",
"lt",
"lte",
"eq",
"neq",
"in",
"not_in",
"contains"
]
},
"value": {}
}
}
},
"velocityCheck": {
"nullable": true,
"type": "object",
"properties": {
"field": {
"type": "string"
},
"windowSeconds": {
"type": "number"
},
"maxCount": {
"type": "number"
}
}
},
"createdAt": {
"type": "string",
"format": "date-time"
}
}
},
"message": {
"type": "string"
}
}PATCH
/api/v1/rules/{id}/statusChange a rule lifecycle status
Moves a custom rule between draft, active, and inactive and hot-reloads the evaluation cache.
Authentication
sessionCookie
ADMINRISK_LEAD
Parameters
idstringRequired
Request Body
application/jsonobjectRequired
statusstringRequired
DRAFTACTIVEINACTIVE
1curl -X PATCH "https://api.remllo.com/api/v1/rules/{id}/status" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie" \4 \5 -d '{6 "status": "DRAFT"7}'Example Response
200 OK{
"success": {
"type": "boolean"
},
"data": {
"type": "object",
"properties": {
"id": {
"type": "string",
"format": "uuid"
},
"name": {
"type": "string"
},
"description": {
"type": "string"
},
"severity": {
"type": "number"
},
"status": {
"type": "string",
"enum": [
"DRAFT",
"ACTIVE",
"INACTIVE"
]
},
"conditions": {
"type": "array",
"items": {
"type": "object",
"properties": {
"field": {
"type": "string"
},
"operator": {
"type": "string",
"enum": [
"gt",
"gte",
"lt",
"lte",
"eq",
"neq",
"in",
"not_in",
"contains"
]
},
"value": {}
}
}
},
"velocityCheck": {
"nullable": true,
"type": "object",
"properties": {
"field": {
"type": "string"
},
"windowSeconds": {
"type": "number"
},
"maxCount": {
"type": "number"
}
}
},
"createdAt": {
"type": "string",
"format": "date-time"
}
}
},
"message": {
"type": "string"
}
}DELETE
/api/v1/rules/{id}Delete a custom rule
Removes a custom rule permanently and hot-reloads the rule cache.
Authentication
sessionCookie
ADMIN
Parameters
idstringRequired
1curl -X DELETE "https://api.remllo.com/api/v1/rules/{id}" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie"Example Response
200 OK{
"success": {
"type": "boolean"
},
"message": {
"type": "string"
}
}PATCH
/api/v1/rules/catalog/{id}/overrideOverride catalog control
Enables or disables an organization-specific override for a built-in monitoring control.
Authentication
sessionCookie
ADMIN
Parameters
idstringRequired
Request Body
application/jsonobjectRequired
enabledboolean
severityinteger
1curl -X PATCH "https://api.remllo.com/api/v1/rules/catalog/{id}/override" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie" \4 \5 -d '{6 "enabled": true,7 "severity": 08}'Example Response
200 OK{
"success": {
"type": "boolean"
},
"data": {
"type": "object",
"additionalProperties": true
}
}Resource
Alerts
Alert inbox, status changes, and live alert streaming.
GET
/api/v1/alertsList alerts
Returns the alert inbox for the active organization with transaction enrichment, assignees, and control attribution.
Authentication
sessionCookie
Parameters
statusstring
1curl -X GET "https://api.remllo.com/api/v1/alerts" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie"Example Response
200 OK{
"success": true
}PATCH
/api/v1/alerts/{id}Update an alert status or assignee
Resolves, escalates, marks false positive, or reassigns an alert. Linked case workflow is synchronized when a case exists.
Authentication
sessionCookie
ADMINRISK_LEADANALYST
Parameters
idstringRequired
Request Body
application/jsonobjectRequired
statusstringRequired
OPENRESOLVEDESCALATEDFALSE_POSITIVE
notesstring
assignedToIdstring
outcomeReasonstring
outcomeContextstring
1curl -X PATCH "https://api.remllo.com/api/v1/alerts/{id}" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie" \4 \5 -d '{6 "status": "OPEN",7 "notes": "...",8 "assignedToId": "...",9 "outcomeReason": "...",10 "outcomeContext": "..."11}'Example Response
200 OK{
"success": {
"type": "boolean"
},
"data": {
"type": "object",
"properties": {
"id": {
"type": "string",
"format": "uuid"
},
"status": {
"type": "string",
"enum": [
"OPEN",
"RESOLVED",
"ESCALATED",
"FALSE_POSITIVE"
]
},
"narrative": {
"type": "string",
"nullable": true
},
"assignedToId": {
"type": "string",
"nullable": true
},
"assignedTo": {
"type": "object",
"nullable": true,
"properties": {
"id": {
"type": "string",
"format": "uuid"
},
"firstName": {
"type": "string",
"nullable": true
},
"lastName": {
"type": "string",
"nullable": true
},
"email": {
"type": "string",
"format": "email"
}
}
},
"caseId": {
"type": "string",
"nullable": true
},
"primaryControl": {
"type": "string"
},
"ruleFamily": {
"type": "string"
},
"triggeredControls": {
"type": "array",
"items": {
"type": "string"
}
},
"controlCount": {
"type": "number"
},
"createdAt": {
"type": "string",
"format": "date-time"
}
}
}
}GET
/api/v1/alerts/streamingOpen the alert SSE stream
Returns a server-sent events stream of alert updates for the active organization.
Authentication
sessionCookie
1curl -X GET "https://api.remllo.com/api/v1/alerts/streaming" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie"Example Response
200 OK{
"success": true
}POST
/api/v1/alerts/{id}/open-caseOpen a case from an alert
Creates or links an investigation case from a specific alert.
Authentication
sessionCookie
ADMINRISK_LEADANALYST
Parameters
idstringRequired
1curl -X POST "https://api.remllo.com/api/v1/alerts/{id}/open-case" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie"Example Response
200 OK{
"success": {
"type": "boolean"
},
"data": {
"type": "object",
"properties": {
"id": {
"type": "string",
"format": "uuid"
},
"caseReference": "CASE-10DB14A3",
"title": {
"type": "string"
},
"description": {
"type": "string"
},
"primaryCustomer": {
"type": "string"
},
"riskScore": {
"type": "number"
},
"linkedAlerts": {
"type": "number"
},
"totalFlaggedValue": {
"type": "number"
},
"primaryControl": {
"type": "string"
},
"triggeredControls": {
"type": "array",
"items": {
"type": "string"
}
},
"controlCount": {
"type": "number"
},
"status": {
"type": "string",
"enum": [
"OPEN",
"INVESTIGATING",
"ESCALATED",
"REOPENED",
"RESOLVED",
"FALSE_POSITIVE"
]
},
"priority": {
"type": "string",
"enum": [
"Critical",
"High",
"Medium",
"Low"
]
},
"assignee": {
"type": "object",
"nullable": true,
"properties": {
"id": {
"type": "string",
"format": "uuid"
},
"firstName": {
"type": "string",
"nullable": true
},
"lastName": {
"type": "string",
"nullable": true
},
"email": {
"type": "string",
"format": "email"
}
}
},
"createdAt": {
"type": "string",
"format": "date-time"
},
"updatedAt": {
"type": "string",
"format": "date-time"
}
}
}
}Resource
Cases
Case management, notes, attachments, and exports.
GET
/api/v1/casesList cases
Returns the current case board/list with normalized case data for the active organization.
Authentication
sessionCookie
1curl -X GET "https://api.remllo.com/api/v1/cases" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie"Example Response
200 OK{
"data": {
"type": "array",
"items": {
"type": "object",
"properties": {
"id": {
"type": "string",
"format": "uuid"
},
"caseReference": "CASE-10DB14A3",
"title": {
"type": "string"
},
"description": {
"type": "string"
},
"primaryCustomer": {
"type": "string"
},
"riskScore": {
"type": "number"
},
"linkedAlerts": {
"type": "number"
},
"totalFlaggedValue": {
"type": "number"
},
"primaryControl": {
"type": "string"
},
"triggeredControls": {
"type": "array",
"items": {
"type": "string"
}
},
"controlCount": {
"type": "number"
},
"status": {
"type": "string",
"enum": [
"OPEN",
"INVESTIGATING",
"ESCALATED",
"REOPENED",
"RESOLVED",
"FALSE_POSITIVE"
]
},
"priority": {
"type": "string",
"enum": [
"Critical",
"High",
"Medium",
"Low"
]
},
"assignee": {
"type": "object",
"nullable": true,
"properties": {
"id": {
"type": "string",
"format": "uuid"
},
"firstName": {
"type": "string",
"nullable": true
},
"lastName": {
"type": "string",
"nullable": true
},
"email": {
"type": "string",
"format": "email"
}
}
},
"createdAt": {
"type": "string",
"format": "date-time"
},
"updatedAt": {
"type": "string",
"format": "date-time"
}
}
}
}
}GET
/api/v1/cases/{id}Get case detail
Returns an investigation case with alert, transaction, notes, events, and attachment context.
Authentication
sessionCookie
Parameters
idstringRequired
1curl -X GET "https://api.remllo.com/api/v1/cases/{id}" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie"Example Response
200 OK{
"data": {
"type": "object",
"additionalProperties": true
}
}PATCH
/api/v1/cases/{id}Update a case
Changes case status, assignment, priority, and disposition data. Status transitions are role-aware.
Authentication
sessionCookie
ADMINRISK_LEADANALYST
Parameters
idstringRequired
Request Body
application/jsonobjectRequired
statusstring
OPENINVESTIGATINGESCALATEDREOPENEDRESOLVEDFALSE_POSITIVE
prioritystring
CriticalHighMediumLow
assignedToIdstring
notesstring
outcomeReasonstring
outcomeContextstring
reopenReasonstring
1curl -X PATCH "https://api.remllo.com/api/v1/cases/{id}" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie" \4 \5 -d '{6 "status": "OPEN",7 "priority": "Critical",8 "assignedToId": "...",9 "notes": "...",10 "outcomeReason": "...",11 "outcomeContext": "...",12 "reopenReason": "..."13}'Example Response
200 OK{
"success": {
"type": "boolean"
},
"data": {
"type": "object",
"additionalProperties": true
}
}POST
/api/v1/cases/{id}/notesAdd a case note
Adds a note or threaded reply to a case and optionally mentions other users.
Authentication
sessionCookie
ADMINRISK_LEADANALYST
Parameters
idstringRequired
Request Body
application/jsonobjectRequired
bodystringRequired
parentIdstring
mentionedUserIdsarray
itemsstring
1curl -X POST "https://api.remllo.com/api/v1/cases/{id}/notes" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie" \4 \5 -d '{6 "body": "...",7 "parentId": "6ef1b19e-245a-42f7-bbf2-c91f0cbdde27",8 "mentionedUserIds": [9 "6ef1b19e-245a-42f7-bbf2-c91f0cbdde27"10 ]11}'Example Response
200 OK{
"success": {
"type": "boolean"
},
"data": {
"type": "object",
"additionalProperties": true
}
}POST
/api/v1/cases/{id}/attachmentsAdd a case attachment
Adds metadata for an uploaded case attachment or evidence file.
Authentication
sessionCookie
ADMINRISK_LEADANALYST
Parameters
idstringRequired
Request Body
application/jsonobjectRequired
fileNamestringRequired
fileUrlstringRequired
contentTypestringRequired
notesstring
1curl -X POST "https://api.remllo.com/api/v1/cases/{id}/attachments" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie" \4 \5 -d '{6 "fileName": "...",7 "fileUrl": "...",8 "contentType": "...",9 "notes": "..."10}'Example Response
200 OK{
"success": {
"type": "boolean"
},
"data": {
"type": "object",
"additionalProperties": true
}
}GET
/api/v1/cases/{id}/exportExport a case
Exports a case as JSON, CSV, or PDF depending on the requested format.
Authentication
sessionCookie
Parameters
idstringRequired
formatstring
jsoncsvpdf
1curl -X GET "https://api.remllo.com/api/v1/cases/{id}/export" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie"Example Response
200 OK{
"success": true
}GET
/api/v1/cases/{id}/export/goamlExport case in goAML format
Exports a case package formatted for goAML-style regulatory workflows where supported.
Authentication
sessionCookie
ADMINRISK_LEAD
Parameters
idstringRequired
1curl -X GET "https://api.remllo.com/api/v1/cases/{id}/export/goaml" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie"Example Response
200 OK{
"success": true
}GET
/api/v1/cases/{id}/attachments/{attachmentId}/downloadDownload case attachment
Downloads a case attachment if the current user has access to the case.
Authentication
sessionCookie
Parameters
idstringRequired
attachmentIdstringRequired
1curl -X GET "https://api.remllo.com/api/v1/cases/{id}/attachments/{attachmentId}/download" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie"Example Response
200 OK{
"success": true
}POST
/api/v1/cases/{id}/read-stateUpdate case read state
Marks case collaboration activity as seen by the current user.
Authentication
sessionCookie
Parameters
idstringRequired
Request Body
application/jsonobjectRequired
notesSeenAtstring
evidenceSeenAtstring
1curl -X POST "https://api.remllo.com/api/v1/cases/{id}/read-state" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie" \4 \5 -d '{6 "notesSeenAt": "2026-03-20T10:15:00.000Z",7 "evidenceSeenAt": "2026-03-20T10:15:00.000Z"8}'Example Response
200 OK{
"success": {
"type": "boolean"
}
}Resource
Reports
Operational reporting and export endpoints.
GET
/api/v1/reports/overviewGet reporting overview
Returns the main operational reporting payload for dashboards, reports, control trends, analyst workload, and SLA views.
Authentication
sessionCookie
Parameters
daysinteger
startDatestring
endDatestring
directionstring
ruleFamilystring
channelstring
1curl -X GET "https://api.remllo.com/api/v1/reports/overview" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie"Example Response
200 OK{
"summary": {
"type": "object",
"additionalProperties": true
},
"charts": {
"type": "object",
"additionalProperties": true
},
"trendSeries": {
"type": "object",
"properties": {
"daily": {
"type": "array",
"items": {
"type": "object",
"properties": {
"period": {
"type": "string"
},
"transactions": {
"type": "number"
},
"flagged": {
"type": "number"
},
"flaggedValue": {
"type": "number"
}
}
}
},
"weekly": {
"type": "array",
"items": {
"type": "object",
"properties": {
"period": {
"type": "string"
},
"transactions": {
"type": "number"
},
"flagged": {
"type": "number"
},
"flaggedValue": {
"type": "number"
}
}
}
}
}
}
}GET
/api/v1/reports/overview/export.csvExport reporting overview as CSV
Exports the overview report sections as CSV for offline analysis.
Authentication
sessionCookie
Parameters
daysinteger
startDatestring
endDatestring
1curl -X GET "https://api.remllo.com/api/v1/reports/overview/export.csv" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie"Example Response
200 OK{
"success": true
}Resource
Notifications
Notification preferences, organization delivery channels, delivery audit, inbox items, and live updates.
GET
/api/v1/notifications/preferencesList current user notification preferences
Returns the current user email delivery preferences for supported WatchTower notification events. Unset preferences default to enabled.
Authentication
sessionCookie
1curl -X GET "https://api.remllo.com/api/v1/notifications/preferences" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie"Example Response
200 OK{
"success": {
"type": "boolean"
},
"data": {
"type": "object",
"properties": {
"availableEventTypes": {
"type": "array",
"items": {
"type": "string",
"enum": [
"ALERT_CREATED",
"ALERT_ESCALATED",
"CASE_CREATED",
"CASE_ASSIGNED",
"CASE_STATUS_CHANGED",
"CASE_MENTIONED",
"INTEGRATION_FAILED"
]
}
},
"channelType": {
"type": "string",
"enum": [
"EMAIL"
]
},
"preferences": {
"type": "array",
"items": {
"type": "object",
"properties": {
"eventType": {
"type": "string",
"enum": [
"ALERT_CREATED",
"ALERT_ESCALATED",
"CASE_CREATED",
"CASE_ASSIGNED",
"CASE_STATUS_CHANGED",
"CASE_MENTIONED",
"INTEGRATION_FAILED"
]
},
"channelType": {
"type": "string",
"enum": [
"EMAIL"
]
},
"enabled": {
"type": "boolean"
},
"source": {
"type": "string",
"enum": [
"default",
"user"
]
},
"updatedAt": {
"type": "string",
"format": "date-time",
"nullable": true
}
}
}
}
}
}
}PUT
/api/v1/notifications/preferencesUpdate current user notification preferences
Updates the current user email opt-in or opt-out settings for one or more WatchTower notification events.
Authentication
sessionCookie
Request Body
application/jsonobjectRequired
preferencesarrayRequired
itemsobject
eventTypestringRequired
ALERT_CREATEDALERT_ESCALATEDCASE_CREATEDCASE_ASSIGNEDCASE_STATUS_CHANGEDCASE_MENTIONEDINTEGRATION_FAILED
enabledbooleanRequired
1curl -X PUT "https://api.remllo.com/api/v1/notifications/preferences" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie" \4 \5 -d '{6 "preferences": [7 {8 "eventType": "ALERT_CREATED",9 "enabled": true10 }11 ]12}'Example Response
200 OK{
"success": {
"type": "boolean"
},
"data": {
"type": "object",
"properties": {
"availableEventTypes": {
"type": "array",
"items": {
"type": "string",
"enum": [
"ALERT_CREATED",
"ALERT_ESCALATED",
"CASE_CREATED",
"CASE_ASSIGNED",
"CASE_STATUS_CHANGED",
"CASE_MENTIONED",
"INTEGRATION_FAILED"
]
}
},
"channelType": {
"type": "string",
"enum": [
"EMAIL"
]
},
"preferences": {
"type": "array",
"items": {
"type": "object",
"properties": {
"eventType": {
"type": "string",
"enum": [
"ALERT_CREATED",
"ALERT_ESCALATED",
"CASE_CREATED",
"CASE_ASSIGNED",
"CASE_STATUS_CHANGED",
"CASE_MENTIONED",
"INTEGRATION_FAILED"
]
},
"channelType": {
"type": "string",
"enum": [
"EMAIL"
]
},
"enabled": {
"type": "boolean"
},
"source": {
"type": "string",
"enum": [
"default",
"user"
]
},
"updatedAt": {
"type": "string",
"format": "date-time",
"nullable": true
}
}
}
}
}
}
}GET
/api/v1/notificationsList notifications
Returns the recent notification inbox for the current user.
Authentication
sessionCookie
1curl -X GET "https://api.remllo.com/api/v1/notifications" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie"Example Response
200 OK{
"success": {
"type": "boolean"
},
"unreadCount": {
"type": "number"
},
"data": {
"type": "array",
"items": {
"type": "object",
"properties": {
"id": {
"type": "string",
"format": "uuid"
},
"type": {
"type": "string"
},
"title": {
"type": "string"
},
"message": {
"type": "string"
},
"isRead": {
"type": "boolean"
},
"recipientUserId": {
"type": "string",
"format": "uuid"
},
"actorUser": {
"type": "object",
"nullable": true,
"properties": {
"id": {
"type": "string",
"format": "uuid"
},
"firstName": {
"type": "string",
"nullable": true
},
"lastName": {
"type": "string",
"nullable": true
},
"email": {
"type": "string",
"format": "email"
}
}
},
"createdAt": {
"type": "string",
"format": "date-time"
}
}
}
}
}PATCH
/api/v1/notifications/{id}/readMark a notification as read
Marks a single notification as read for the current user.
Authentication
sessionCookie
Parameters
idstringRequired
1curl -X PATCH "https://api.remllo.com/api/v1/notifications/{id}/read" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie"Example Response
200 OK{
"success": {
"type": "boolean"
},
"data": {
"type": "object",
"properties": {
"id": {
"type": "string",
"format": "uuid"
},
"type": {
"type": "string"
},
"title": {
"type": "string"
},
"message": {
"type": "string"
},
"isRead": {
"type": "boolean"
},
"recipientUserId": {
"type": "string",
"format": "uuid"
},
"actorUser": {
"type": "object",
"nullable": true,
"properties": {
"id": {
"type": "string",
"format": "uuid"
},
"firstName": {
"type": "string",
"nullable": true
},
"lastName": {
"type": "string",
"nullable": true
},
"email": {
"type": "string",
"format": "email"
}
}
},
"createdAt": {
"type": "string",
"format": "date-time"
}
}
}
}POST
/api/v1/notifications/read-allMark all notifications as read
Marks all current-user notifications as read in the active organization.
Authentication
sessionCookie
1curl -X POST "https://api.remllo.com/api/v1/notifications/read-all" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie"Example Response
200 OK{
"success": {
"type": "boolean"
}
}GET
/api/v1/notifications/streamingOpen the workspace SSE stream
Returns a server-sent events stream of workspace changes and notifications relevant to the current user.
Authentication
sessionCookie
1curl -X GET "https://api.remllo.com/api/v1/notifications/streaming" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie"Example Response
200 OK{
"success": true
}GET
/api/v1/notifications/settingsList notification routing settings
Returns organization-level notification channels, subscriptions, and routing settings.
Authentication
sessionCookie
ADMINRISK_LEAD
1curl -X GET "https://api.remllo.com/api/v1/notifications/settings" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie"Example Response
200 OK{
"success": {
"type": "boolean"
},
"data": {
"type": "object",
"additionalProperties": true
}
}GET
/api/v1/notifications/deliveriesList notification deliveries
Returns delivery attempts for notification channels so teams can audit sent, skipped, and failed notifications.
Authentication
sessionCookie
ADMINRISK_LEAD
Parameters
statusstring
PENDINGSENTFAILEDSKIPPED
channelIdstring
eventTypestring
limitinteger
1curl -X GET "https://api.remllo.com/api/v1/notifications/deliveries" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie"Example Response
200 OK{
"success": {
"type": "boolean"
},
"data": {
"type": "array",
"items": {
"type": "object",
"properties": {
"id": {
"type": "string",
"format": "uuid"
},
"eventType": {
"type": "string"
},
"channelType": {
"type": "string"
},
"status": {
"type": "string",
"enum": [
"PENDING",
"SENT",
"FAILED",
"SKIPPED"
]
},
"attemptCount": {
"type": "integer"
},
"lastAttemptAt": {
"type": "string",
"format": "date-time",
"nullable": true
},
"createdAt": {
"type": "string",
"format": "date-time"
}
}
}
}
}POST
/api/v1/notifications/channelsCreate notification channel
Creates an organization-level notification channel such as email, Slack, Teams, or webhook routing.
Authentication
sessionCookie
ADMINRISK_LEAD
Request Body
application/jsonobjectRequired
typestringRequired
EMAILSLACKTEAMSWEBHOOK
namestringRequired
statusstring
ACTIVEPAUSEDDISABLED
routingEnabledboolean
minimumSeverityinteger
allowedEventTypesarray
itemsstring
configobject
subscriptionsarray
itemsobject
eventTypestring
rolestring
userIdstring
enabledboolean
minimumSeverityinteger
1curl -X POST "https://api.remllo.com/api/v1/notifications/channels" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie" \4 \5 -d '{6 "type": "EMAIL",7 "name": "...",8 "status": "ACTIVE",9 "routingEnabled": true,10 "minimumSeverity": 0,11 "allowedEventTypes": [12 "..."13 ],14 "config": {},15 "subscriptions": [16 {17 "eventType": "...",18 "role": "...",19 "userId": "6ef1b19e-245a-42f7-bbf2-c91f0cbdde27",20 "enabled": true,21 "minimumSeverity": 022 }23 ]24}'Example Response
200 OK{
"success": {
"type": "boolean"
},
"data": {
"type": "object",
"properties": {
"id": {
"type": "string",
"format": "uuid"
},
"type": {
"type": "string",
"enum": [
"EMAIL",
"SLACK",
"TEAMS",
"WEBHOOK"
]
},
"name": {
"type": "string"
},
"status": {
"type": "string",
"enum": [
"ACTIVE",
"PAUSED",
"DISABLED"
]
},
"routingEnabled": {
"type": "boolean"
},
"minimumSeverity": {
"type": "integer",
"nullable": true
},
"allowedEventTypes": {
"type": "array",
"items": {
"type": "string"
}
},
"createdAt": {
"type": "string",
"format": "date-time"
},
"updatedAt": {
"type": "string",
"format": "date-time"
}
}
}
}PATCH
/api/v1/notifications/channels/{id}Update notification channel
Updates channel status, routing, severity, allowed event types, or provider configuration.
Authentication
sessionCookie
ADMINRISK_LEAD
Parameters
idstringRequired
Request Body
application/jsonobjectRequired
typestring
EMAILSLACKTEAMSWEBHOOK
namestring
statusstring
ACTIVEPAUSEDDISABLED
routingEnabledboolean
minimumSeverityinteger
allowedEventTypesarray
itemsstring
configobject
1curl -X PATCH "https://api.remllo.com/api/v1/notifications/channels/{id}" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie" \4 \5 -d '{6 "type": "EMAIL",7 "name": "...",8 "status": "ACTIVE",9 "routingEnabled": true,10 "minimumSeverity": 0,11 "allowedEventTypes": [12 "..."13 ],14 "config": {}15}'Example Response
200 OK{
"success": {
"type": "boolean"
},
"data": {
"type": "object",
"properties": {
"id": {
"type": "string",
"format": "uuid"
},
"type": {
"type": "string",
"enum": [
"EMAIL",
"SLACK",
"TEAMS",
"WEBHOOK"
]
},
"name": {
"type": "string"
},
"status": {
"type": "string",
"enum": [
"ACTIVE",
"PAUSED",
"DISABLED"
]
},
"routingEnabled": {
"type": "boolean"
},
"minimumSeverity": {
"type": "integer",
"nullable": true
},
"allowedEventTypes": {
"type": "array",
"items": {
"type": "string"
}
},
"createdAt": {
"type": "string",
"format": "date-time"
},
"updatedAt": {
"type": "string",
"format": "date-time"
}
}
}
}DELETE
/api/v1/notifications/channels/{id}Delete notification channel
Deletes an organization-level notification channel.
Authentication
sessionCookie
ADMINRISK_LEAD
Parameters
idstringRequired
1curl -X DELETE "https://api.remllo.com/api/v1/notifications/channels/{id}" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie"Example Response
200 OK{
"success": {
"type": "boolean"
}
}PUT
/api/v1/notifications/channels/{id}/subscriptionsReplace channel subscriptions
Replaces the event subscriptions for an organization-level notification channel.
Authentication
sessionCookie
ADMINRISK_LEAD
Parameters
idstringRequired
Request Body
application/jsonobjectRequired
subscriptionsarrayRequired
itemsobject
eventTypestring
rolestring
userIdstring
enabledboolean
minimumSeverityinteger
1curl -X PUT "https://api.remllo.com/api/v1/notifications/channels/{id}/subscriptions" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie" \4 \5 -d '{6 "subscriptions": [7 {8 "eventType": "...",9 "role": "...",10 "userId": "6ef1b19e-245a-42f7-bbf2-c91f0cbdde27",11 "enabled": true,12 "minimumSeverity": 013 }14 ]15}'Example Response
200 OK{
"success": {
"type": "boolean"
},
"data": {
"type": "object",
"properties": {
"id": {
"type": "string",
"format": "uuid"
},
"type": {
"type": "string",
"enum": [
"EMAIL",
"SLACK",
"TEAMS",
"WEBHOOK"
]
},
"name": {
"type": "string"
},
"status": {
"type": "string",
"enum": [
"ACTIVE",
"PAUSED",
"DISABLED"
]
},
"routingEnabled": {
"type": "boolean"
},
"minimumSeverity": {
"type": "integer",
"nullable": true
},
"allowedEventTypes": {
"type": "array",
"items": {
"type": "string"
}
},
"createdAt": {
"type": "string",
"format": "date-time"
},
"updatedAt": {
"type": "string",
"format": "date-time"
}
}
}
}Resource
AI
AI-assisted rule drafting and narrative generation.
POST
/api/v1/ai/rules/buildGenerate a draft rule from natural language
Uses the AI rule builder to translate a natural-language monitoring scenario into a structured draft rule definition.
Request Body
application/jsonobjectRequired
promptstringRequired
1curl -X POST "https://api.remllo.com/api/v1/ai/rules/build" \2 -H "Content-Type: application/json" \3 \4 -d '{5 "prompt": "..."6}'Example Response
200 OK{
"success": {
"type": "boolean"
},
"rule": {
"type": "object",
"properties": {
"id": {
"type": "string",
"format": "uuid"
},
"name": {
"type": "string"
},
"description": {
"type": "string"
},
"severity": {
"type": "number"
},
"status": {
"type": "string",
"enum": [
"DRAFT",
"ACTIVE",
"INACTIVE"
]
},
"conditions": {
"type": "array",
"items": {
"type": "object",
"properties": {
"field": {
"type": "string"
},
"operator": {
"type": "string",
"enum": [
"gt",
"gte",
"lt",
"lte",
"eq",
"neq",
"in",
"not_in",
"contains"
]
},
"value": {}
}
}
},
"velocityCheck": {
"nullable": true,
"type": "object",
"properties": {
"field": {
"type": "string"
},
"windowSeconds": {
"type": "number"
},
"maxCount": {
"type": "number"
}
}
},
"createdAt": {
"type": "string",
"format": "date-time"
}
}
},
"message": {
"type": "string"
}
}POST
/api/v1/ai/narrativeGenerate a narrative for a flagged transaction
Uses the AI narrative generator to produce an investigation or compliance narrative from flagged transaction data.
Request Body
application/jsonobjectRequired
transactionIdstringRequired
amountnumberRequired
currencystringRequired
senderIdstringRequired
receiverIdstringRequired
channelstringRequired
riskScorenumberRequired
decisionstringRequired
ALLOWREVIEWBLOCK
triggeredRulesarrayRequired
itemsobject
ruleIdstring
descriptionstring
severitynumber
behavioralSignalsarray
itemsobject
keystring
explanationstring
riskPointsnumber
anomalyReasonsarray
itemsstring
locationstring
ipAddressstring
isSimulationboolean
1curl -X POST "https://api.remllo.com/api/v1/ai/narrative" \2 -H "Content-Type: application/json" \3 \4 -d '{5 "transactionId": "6ef1b19e-245a-42f7-bbf2-c91f0cbdde27",6 "amount": 0,7 "currency": "...",8 "senderId": "...",9 "receiverId": "...",10 "channel": "...",11 "riskScore": 0,12 "decision": "ALLOW",13 "triggeredRules": [14 {15 "ruleId": "...",16 "description": "...",17 "severity": 018 }19 ],20 "behavioralSignals": [21 {22 "key": "...",23 "explanation": "...",24 "riskPoints": 025 }26 ],27 "anomalyReasons": [28 "..."29 ],30 "location": "...",31 "ipAddress": "...",32 "isSimulation": true33}'Example Response
200 OK{
"success": {
"type": "boolean"
},
"narrative": {
"type": "string"
}
}