--- title: Create Risk Evaluation (using targeted risk policies) description: This example uses POST {{apiPath}}/v1/environments/{{envID}}/riskEvaluations to create a risk evaluation that processes the defined targeted risk policies before carrying out the risk evaluation. component: pingone-api page_id: pingone-api:protect:risk-evaluations/create_risk_eval_with_targeted_policies canonical_url: https://developer.pingidentity.com/pingone-api/protect/risk-evaluations/create_risk_eval_with_targeted_policies.html section_ids: prerequisites: Prerequisites headers: Headers body: Body example-request: Example Request example-response: Example Response --- # Create Risk Evaluation (using targeted risk policies) ## ```none POST {{apiPath}}/v1/environments/{{envID}}/riskEvaluations ``` This example uses `POST {{apiPath}}/v1/environments/{{envID}}/riskEvaluations` to create a risk evaluation that processes the defined targeted risk policies before carrying out the risk evaluation. The body of the request specifies that the targeted risk policies should be used by setting `riskPolicySet.targeted` to `true`, rather than providing a risk policy ID in the `riskPolicySet` object. The selection of the risk policy to use for the evaluation is based on the flow type, user, and target application, which are provided as part of the `event` object (`flow`, `user`, `targetResource`). ### Prerequisites * Refer to [Risk Evaluations](#risk-evaluations) for important overview information. :::requestmodel For complete property descriptions, refer to [Risk Evaluations](#risk-evaluations). | Property | Type | Required? | | --------------------------- | ------- | --------- | | `event` | Object | Required | | `event.browser.userAgent` | String | Optional | | `event.flow.type` | String | Optional | | `event.flow.subtype` | String | Optional | | `event.ip` | String | Required | | `event.session.id` | String | Optional | | `event.sharingType` | String | Optional | | `event.sdk.signals.data` | String | Optional | | `event.targetResource.id` | String | Optional | | `event.targetResource.name` | String | Optional | | `event.user.groups` | Array | Optional | | `event.user.groups[].name` | String | Optional | | `event.user.id` | String | Required | | `event.user.name` | String | Optional | | `event.user.type` | String | Required | | `riskPolicySet.targeted` | Boolean | Optional | * : :leveloffset: -1 #### Headers Authorization      Bearer {{accessToken}} Content-Type      application/json #### Body raw ( application/json ) ```json { "event": { "targetResource": { "id": "{{targetResourceID}}", "name": "Jira" }, "ip": "156.35.85.124", "sdk": { "signals": { "data": "{{signalsSdkPayload}}" } }, "flow": { "type": "AUTHENTICATION", "subtype": "ACTIVE_SESSION" }, "session": { "id": "{{sessionID}}" }, "user": { "id": "john", "name": "John DeMock", "type": "EXTERNAL", "groups": [ { "name": "dev" }, { "name": "sre" } ] }, "sharingType": "SHARED", "browser": { "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36" } }, "riskPolicySet": { "targeted": true } } ``` ### #### Example Request * cURL * C# * Go * HTTP * Java * jQuery * NodeJS * Python * PHP * Ruby * Swift ```shell curl --location --globoff '{{apiPath}}/v1/environments/{{envID}}/riskEvaluations' \ --header 'Content-Type: application/json' \ --header 'Authorization: Bearer {{accessToken}}' \ --data '{ "event": { "targetResource": { "id": "{{targetResourceID}}", "name": "Jira" }, "ip": "156.35.85.124", "sdk": { "signals": { "data": "{{signalsSdkPayload}}" } }, "flow": { "type": "AUTHENTICATION", "subtype": "ACTIVE_SESSION" }, "session": { "id": "{{sessionID}}" }, "user": { "id": "john", "name": "John DeMock", "type": "EXTERNAL", "groups": [ { "name": "dev" }, { "name": "sre" } ] }, "sharingType": "SHARED", "browser": { "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36" } }, "riskPolicySet": { "targeted": true } }' ``` ```csharp var options = new RestClientOptions("{{apiPath}}/v1/environments/{{envID}}/riskEvaluations") { MaxTimeout = -1, }; var client = new RestClient(options); var request = new RestRequest("", Method.Post); request.AddHeader("Content-Type", "application/json"); request.AddHeader("Authorization", "Bearer {{accessToken}}"); var body = @"{" + "\n" + @" ""event"": {" + "\n" + @" ""targetResource"": {" + "\n" + @" ""id"": ""{{targetResourceID}}""," + "\n" + @" ""name"": ""Jira""" + "\n" + @" }," + "\n" + @" ""ip"": ""156.35.85.124""," + "\n" + @" ""sdk"": {" + "\n" + @" ""signals"": {" + "\n" + @" ""data"": ""{{signalsSdkPayload}}""" + "\n" + @" }" + "\n" + @" }," + "\n" + @" ""flow"": {" + "\n" + @" ""type"": ""AUTHENTICATION""," + "\n" + @" ""subtype"": ""ACTIVE_SESSION""" + "\n" + @" }," + "\n" + @" ""session"": {" + "\n" + @" ""id"": ""{{sessionID}}""" + "\n" + @" }," + "\n" + @" ""user"": {" + "\n" + @" ""id"": ""john""," + "\n" + @" ""name"": ""John DeMock""," + "\n" + @" ""type"": ""EXTERNAL""," + "\n" + @" ""groups"": [" + "\n" + @" {" + "\n" + @" ""name"": ""dev""" + "\n" + @" }," + "\n" + @" {" + "\n" + @" ""name"": ""sre""" + "\n" + @" }" + "\n" + @" ]" + "\n" + @" }," + "\n" + @" ""sharingType"": ""SHARED""," + "\n" + @" ""browser"": {" + "\n" + @" ""userAgent"": ""Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36""" + "\n" + @" }" + "\n" + @" }," + "\n" + @" ""riskPolicySet"": {" + "\n" + @" ""targeted"": true" + "\n" + @" }" + "\n" + @"}"; request.AddStringBody(body, DataFormat.Json); RestResponse response = await client.ExecuteAsync(request); Console.WriteLine(response.Content); ``` ```golang package main import ( "fmt" "strings" "net/http" "io" ) func main() { url := "{{apiPath}}/v1/environments/{{envID}}/riskEvaluations" method := "POST" payload := strings.NewReader(`{ "event": { "targetResource": { "id": "{{targetResourceID}}", "name": "Jira" }, "ip": "156.35.85.124", "sdk": { "signals": { "data": "{{signalsSdkPayload}}" } }, "flow": { "type": "AUTHENTICATION", "subtype": "ACTIVE_SESSION" }, "session": { "id": "{{sessionID}}" }, "user": { "id": "john", "name": "John DeMock", "type": "EXTERNAL", "groups": [ { "name": "dev" }, { "name": "sre" } ] }, "sharingType": "SHARED", "browser": { "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36" } }, "riskPolicySet": { "targeted": true } }`) client := &http.Client { } req, err := http.NewRequest(method, url, payload) if err != nil { fmt.Println(err) return } req.Header.Add("Content-Type", "application/json") req.Header.Add("Authorization", "Bearer {{accessToken}}") res, err := client.Do(req) if err != nil { fmt.Println(err) return } defer res.Body.Close() body, err := io.ReadAll(res.Body) if err != nil { fmt.Println(err) return } fmt.Println(string(body)) } ``` ```http POST /v1/environments/{{envID}}/riskEvaluations HTTP/1.1 Host: {{apiPath}} Content-Type: application/json Authorization: Bearer {{accessToken}} { "event": { "targetResource": { "id": "{{targetResourceID}}", "name": "Jira" }, "ip": "156.35.85.124", "sdk": { "signals": { "data": "{{signalsSdkPayload}}" } }, "flow": { "type": "AUTHENTICATION", "subtype": "ACTIVE_SESSION" }, "session": { "id": "{{sessionID}}" }, "user": { "id": "john", "name": "John DeMock", "type": "EXTERNAL", "groups": [ { "name": "dev" }, { "name": "sre" } ] }, "sharingType": "SHARED", "browser": { "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36" } }, "riskPolicySet": { "targeted": true } } ``` ```java OkHttpClient client = new OkHttpClient().newBuilder() .build(); MediaType mediaType = MediaType.parse("application/json"); RequestBody body = RequestBody.create(mediaType, "{\n \"event\": {\n \"targetResource\": {\n \"id\": \"{{targetResourceID}}\",\n \"name\": \"Jira\"\n },\n \"ip\": \"156.35.85.124\",\n \"sdk\": {\n \"signals\": {\n \"data\": \"{{signalsSdkPayload}}\"\n }\n },\n \"flow\": {\n \"type\": \"AUTHENTICATION\",\n \"subtype\": \"ACTIVE_SESSION\"\n },\n \"session\": {\n \"id\": \"{{sessionID}}\"\n },\n \"user\": {\n \"id\": \"john\",\n \"name\": \"John DeMock\",\n \"type\": \"EXTERNAL\",\n \"groups\": [\n {\n \"name\": \"dev\"\n },\n {\n \"name\": \"sre\"\n }\n ]\n },\n \"sharingType\": \"SHARED\",\n \"browser\": {\n \"userAgent\": \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36\"\n }\n },\n \"riskPolicySet\": {\n \"targeted\": true\n }\n}"); Request request = new Request.Builder() .url("{{apiPath}}/v1/environments/{{envID}}/riskEvaluations") .method("POST", body) .addHeader("Content-Type", "application/json") .addHeader("Authorization", "Bearer {{accessToken}}") .build(); Response response = client.newCall(request).execute(); ``` ```javascript var settings = { "url": "{{apiPath}}/v1/environments/{{envID}}/riskEvaluations", "method": "POST", "timeout": 0, "headers": { "Content-Type": "application/json", "Authorization": "Bearer {{accessToken}}" }, "data": JSON.stringify({ "event": { "targetResource": { "id": "{{targetResourceID}}", "name": "Jira" }, "ip": "156.35.85.124", "sdk": { "signals": { "data": "{{signalsSdkPayload}}" } }, "flow": { "type": "AUTHENTICATION", "subtype": "ACTIVE_SESSION" }, "session": { "id": "{{sessionID}}" }, "user": { "id": "john", "name": "John DeMock", "type": "EXTERNAL", "groups": [ { "name": "dev" }, { "name": "sre" } ] }, "sharingType": "SHARED", "browser": { "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36" } }, "riskPolicySet": { "targeted": true } }), }; $.ajax(settings).done(function (response) { console.log(response); }); ``` ```javascript var request = require('request'); var options = { 'method': 'POST', 'url': '{{apiPath}}/v1/environments/{{envID}}/riskEvaluations', 'headers': { 'Content-Type': 'application/json', 'Authorization': 'Bearer {{accessToken}}' }, body: JSON.stringify({ "event": { "targetResource": { "id": "{{targetResourceID}}", "name": "Jira" }, "ip": "156.35.85.124", "sdk": { "signals": { "data": "{{signalsSdkPayload}}" } }, "flow": { "type": "AUTHENTICATION", "subtype": "ACTIVE_SESSION" }, "session": { "id": "{{sessionID}}" }, "user": { "id": "john", "name": "John DeMock", "type": "EXTERNAL", "groups": [ { "name": "dev" }, { "name": "sre" } ] }, "sharingType": "SHARED", "browser": { "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36" } }, "riskPolicySet": { "targeted": true } }) }; request(options, function (error, response) { if (error) throw new Error(error); console.log(response.body); }); ``` ```python import requests import json url = "{{apiPath}}/v1/environments/{{envID}}/riskEvaluations" payload = json.dumps({ "event": { "targetResource": { "id": "{{targetResourceID}}", "name": "Jira" }, "ip": "156.35.85.124", "sdk": { "signals": { "data": "{{signalsSdkPayload}}" } }, "flow": { "type": "AUTHENTICATION", "subtype": "ACTIVE_SESSION" }, "session": { "id": "{{sessionID}}" }, "user": { "id": "john", "name": "John DeMock", "type": "EXTERNAL", "groups": [ { "name": "dev" }, { "name": "sre" } ] }, "sharingType": "SHARED", "browser": { "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36" } }, "riskPolicySet": { "targeted": True } }) headers = { 'Content-Type': 'application/json', 'Authorization': 'Bearer {{accessToken}}' } response = requests.request("POST", url, headers=headers, data=payload) print(response.text) ``` ```php setUrl('{{apiPath}}/v1/environments/{{envID}}/riskEvaluations'); $request->setMethod(HTTP_Request2::METHOD_POST); $request->setConfig(array( 'follow_redirects' => TRUE )); $request->setHeader(array( 'Content-Type' => 'application/json', 'Authorization' => 'Bearer {{accessToken}}' )); $request->setBody('{\n "event": {\n "targetResource": {\n "id": "{{targetResourceID}}",\n "name": "Jira"\n },\n "ip": "156.35.85.124",\n "sdk": {\n "signals": {\n "data": "{{signalsSdkPayload}}"\n }\n },\n "flow": {\n "type": "AUTHENTICATION",\n "subtype": "ACTIVE_SESSION"\n },\n "session": {\n "id": "{{sessionID}}"\n },\n "user": {\n "id": "john",\n "name": "John DeMock",\n "type": "EXTERNAL",\n "groups": [\n {\n "name": "dev"\n },\n {\n "name": "sre"\n }\n ]\n },\n "sharingType": "SHARED",\n "browser": {\n "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36"\n }\n },\n "riskPolicySet": {\n "targeted": true\n }\n}'); try { $response = $request->send(); if ($response->getStatus() == 200) { echo $response->getBody(); } else { echo 'Unexpected HTTP status: ' . $response->getStatus() . ' ' . $response->getReasonPhrase(); } } catch(HTTP_Request2_Exception $e) { echo 'Error: ' . $e->getMessage(); } ``` ```ruby require "uri" require "json" require "net/http" url = URI("{{apiPath}}/v1/environments/{{envID}}/riskEvaluations") http = Net::HTTP.new(url.host, url.port); request = Net::HTTP::Post.new(url) request["Content-Type"] = "application/json" request["Authorization"] = "Bearer {{accessToken}}" request.body = JSON.dump({ "event": { "targetResource": { "id": "{{targetResourceID}}", "name": "Jira" }, "ip": "156.35.85.124", "sdk": { "signals": { "data": "{{signalsSdkPayload}}" } }, "flow": { "type": "AUTHENTICATION", "subtype": "ACTIVE_SESSION" }, "session": { "id": "{{sessionID}}" }, "user": { "id": "john", "name": "John DeMock", "type": "EXTERNAL", "groups": [ { "name": "dev" }, { "name": "sre" } ] }, "sharingType": "SHARED", "browser": { "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36" } }, "riskPolicySet": { "targeted": true } }) response = http.request(request) puts response.read_body ``` ```swift let parameters = "{\n \"event\": {\n \"targetResource\": {\n \"id\": \"{{targetResourceID}}\",\n \"name\": \"Jira\"\n },\n \"ip\": \"156.35.85.124\",\n \"sdk\": {\n \"signals\": {\n \"data\": \"{{signalsSdkPayload}}\"\n }\n },\n \"flow\": {\n \"type\": \"AUTHENTICATION\",\n \"subtype\": \"ACTIVE_SESSION\"\n },\n \"session\": {\n \"id\": \"{{sessionID}}\"\n },\n \"user\": {\n \"id\": \"john\",\n \"name\": \"John DeMock\",\n \"type\": \"EXTERNAL\",\n \"groups\": [\n {\n \"name\": \"dev\"\n },\n {\n \"name\": \"sre\"\n }\n ]\n },\n \"sharingType\": \"SHARED\",\n \"browser\": {\n \"userAgent\": \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36\"\n }\n },\n \"riskPolicySet\": {\n \"targeted\": true\n }\n}" let postData = parameters.data(using: .utf8) var request = URLRequest(url: URL(string: "{{apiPath}}/v1/environments/{{envID}}/riskEvaluations")!,timeoutInterval: Double.infinity) request.addValue("application/json", forHTTPHeaderField: "Content-Type") request.addValue("Bearer {{accessToken}}", forHTTPHeaderField: "Authorization") request.httpMethod = "POST" request.httpBody = postData let task = URLSession.shared.dataTask(with: request) { data, response, error in guard let data = data else { print(String(describing: error)) return } print(String(data: data, encoding: .utf8)!) } task.resume() ``` #### Example Response 201 Created ```json { "_links": { "self": { "href": "https://api.pingone.eu/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/riskEvaluations/f46ef994-e5e8-4881-a8e1-17b727cf249b" }, "environment": { "href": "https://api.pingone.eu/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6" }, "event": { "href": "https://api.pingone.eu/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/riskEvaluations/f46ef994-e5e8-4881-a8e1-17b727cf249b/event" } }, "id": "f46ef994-e5e8-4881-a8e1-17b727cf249b", "environment": { "id": "abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6" }, "createdAt": "2025-04-10T11:42:19.263Z", "updatedAt": "2025-04-10T11:42:19.263Z", "event": { "completionStatus": "IN_PROGRESS", "targetResource": { "id": "{{targetResourceID}}", "name": "Jira" }, "ip": "156.35.85.124", "flow": { "type": "AUTHENTICATION", "subtype": "ACTIVE_SESSION" }, "session": { "id": "01ddc236-0698-467a-919e-40ef0d47cb34" }, "user": { "id": "john", "name": "John DeMock", "type": "EXTERNAL", "groups": [ { "name": "dev" }, { "name": "sre" } ] }, "sharingType": "SHARED", "browser": { "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36" } }, "riskPolicySet": { "id": "f394426f-9b71-4e01-ac78-2956a2e92ac2", "name": "Score-based policy", "targeted": true }, "result": { "level": "HIGH", "score": 0, "source": "INVALID_SDK_PAYLOAD", "recommendedAction": "DENY", "type": "VALUE" }, "details": { "ipAddressReputation": { "score": 0, "domain": { "asn": 766, "sld": "uniovi", "tld": "es", "organization": "universidad de oviedo", "isp": "entidad publica empresarial red.es" }, "level": "LOW" }, "anonymousNetworkDetected": false, "country": "spain", "device": { "id": "Id-4c0013c4-5739-440f-91f4-147f460dd2ec", "estimatedDistance": 0, "os": { "name": "Windows" }, "browser": { "name": "Chrome" } }, "state": "asturias", "city": "oviedo", "impossibleTravel": false, "ipvel4": { "level": "LOW", "threshold": { "source": "MIN_NOT_REACHED" }, "velocity": { "distinctCount": 1, "during": 3600 }, "type": "VELOCITY" }, "ipvel3": { "level": "LOW", "threshold": { "source": "MIN_NOT_REACHED" }, "velocity": { "distinctCount": 1, "during": 3600 }, "type": "VELOCITY" }, "userLocationAnomaly": { "reason": "Not enough information to assess risk score", "status": "IN_TRAINING_PERIOD", "type": "USER_LOCATION_ANOMALY" }, "newDevice": { "reason": "Not enough information to assess risk score", "status": "IN_TRAINING_PERIOD", "type": "DEVICE" }, "deviceManagementPredictor": { "reason": "Not enough information to assess risk score", "status": "NOT_AVAILABLE", "attribute": "${event.isManaged}", "type": "MAP" } } } ```