WatchTower/API Reference
API Reference
Everything you need to integrate Remllo WatchTower into your application. Use our REST API to ingest transactions, manage organizations, and monitor risk.
Auth Model
WatchTower uses session authentication for console routes and organization API keys for transaction ingestion.
Core Entry Point
Most external integrations start with POST /api/v1/transactions.
Recommended Reading
Read the Quickstart, Authentication, and Retry & Idempotency guides before building your first client.
Developer Reference
Remllo WatchTower API
The WatchTower API powers transaction ingestion, alerting, case management, rule operations, reporting, organization administration, and real-time workspace updates. This spec is the source-of-truth reference used by the Remllo documentation platform.
Resource
Authentication
Session login, onboarding, invitations, MFA, and password lifecycle.
POST
/api/v1/auth/registerCreate an organization and initial admin
Creates a new organization, provisions the first admin account, and returns a one-time ingestion API key for connecting external transaction sources.
Request Body
objectRequired
organizationNamestringRequired
firstNamestringRequired
lastNamestringRequired
emailstringRequired
passwordstringRequired
1curl -X POST "https://api.remllo.com/api/v1/auth/register" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie" \4 \5 -d '{6 "organizationName": "...",7 "firstName": "...",8 "lastName": "...",9 "email": "ops@example.com",10 "password": "..."11}'Example Response
200 OK{
"message": {
"type": "string"
},
"apiKey": {
"type": "string",
"description": "Only returned once. Store securely."
},
"organization": {
"type": "object",
"properties": {
"id": {
"type": "string",
"format": "uuid"
},
"name": {
"type": "string"
}
}
},
"user": {
"type": "object",
"properties": {
"id": {
"type": "string",
"format": "uuid"
},
"email": {
"type": "string",
"format": "email"
},
"firstName": {
"type": "string"
},
"lastName": {
"type": "string"
}
}
}
}POST
/api/v1/auth/loginCreate an authenticated session
Requires an authenticated WatchTower console session. Session is issued as an HttpOnly cookie after login. If MFA is enabled, this endpoint returns a challenge token instead of a completed session.
Request Body
objectRequired
emailstringRequired
passwordstringRequired
1curl -X POST "https://api.remllo.com/api/v1/auth/login" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie" \4 \5 -d '{6 "email": "ops@example.com",7 "password": "..."8}'Example Response
200 OK{
"message": {
"type": "string"
},
"requiresMfa": {
"type": "boolean"
},
"challengeToken": {
"type": "string"
},
"user": {
"type": "object",
"properties": {
"id": {
"type": "string",
"format": "uuid"
},
"email": {
"type": "string",
"format": "email"
},
"firstName": {
"type": "string"
},
"lastName": {
"type": "string"
}
}
},
"organization": {
"type": "object",
"properties": {
"id": {
"type": "string",
"format": "uuid"
},
"name": {
"type": "string"
},
"role": {
"type": "string"
}
}
}
}POST
/api/v1/auth/mfa/verify-loginComplete an MFA challenge
Verifies a TOTP code or backup code after password authentication and completes the session login.
Request Body
objectRequired
challengeTokenstringRequired
codestringRequired
1curl -X POST "https://api.remllo.com/api/v1/auth/mfa/verify-login" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie" \4 \5 -d '{6 "challengeToken": "...",7 "code": "..."8}'Example Response
200 OK{
"message": {
"type": "string"
},
"user": {
"type": "object",
"properties": {
"id": {
"type": "string",
"format": "uuid"
},
"email": {
"type": "string",
"format": "email"
}
}
},
"organization": {
"type": "object",
"properties": {
"id": {
"type": "string",
"format": "uuid"
},
"name": {
"type": "string"
},
"role": {
"type": "string"
}
}
}
}GET
/api/v1/auth/invitations/{token}Resolve an invitation token
Returns invitation details so the invited user can review the organization and complete password setup.
Parameters
tokenstringRequired
1curl -X GET "https://api.remllo.com/api/v1/auth/invitations/{token}" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie"Example Response
200 OK{
"email": {
"type": "string",
"format": "email"
},
"firstName": {
"type": "string",
"nullable": true
},
"lastName": {
"type": "string",
"nullable": true
},
"role": {
"type": "string"
},
"invitationPending": {
"type": "boolean"
},
"organization": {
"type": "object",
"properties": {
"id": {
"type": "string",
"format": "uuid"
},
"name": {
"type": "string"
}
}
}
}POST
/api/v1/auth/invitations/acceptAccept an organization invitation
Sets the invited user password, clears the invitation token, signs the user in, and joins the target organization.
Request Body
objectRequired
tokenstringRequired
passwordstringRequired
firstNamestring
lastNamestring
1curl -X POST "https://api.remllo.com/api/v1/auth/invitations/accept" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie" \4 \5 -d '{6 "token": "...",7 "password": "...",8 "firstName": "...",9 "lastName": "..."10}'Example Response
200 OK{
"message": {
"type": "string"
},
"user": {
"type": "object",
"properties": {
"id": {
"type": "string",
"format": "uuid"
},
"email": {
"type": "string",
"format": "email"
},
"firstName": {
"type": "string"
},
"lastName": {
"type": "string"
}
}
},
"organization": {
"type": "object",
"properties": {
"id": {
"type": "string",
"format": "uuid"
},
"name": {
"type": "string"
},
"role": {
"type": "string"
}
}
}
}POST
/api/v1/auth/password-reset/requestRequest a password reset link
Creates a one-time password reset token and returns a reset link for manual delivery or future email delivery.
Request Body
objectRequired
emailstringRequired
1curl -X POST "https://api.remllo.com/api/v1/auth/password-reset/request" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie" \4 \5 -d '{6 "email": "ops@example.com"7}'Example Response
200 OK{
"success": {
"type": "boolean"
},
"resetUrl": {
"type": "string",
"format": "uri",
"nullable": true
}
}GET
/api/v1/auth/password-reset/{token}Validate a password reset token
Checks whether a reset token is still valid and returns the associated email address.
Parameters
tokenstringRequired
1curl -X GET "https://api.remllo.com/api/v1/auth/password-reset/{token}" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie"Example Response
200 OK{
"email": {
"type": "string",
"format": "email"
}
}POST
/api/v1/auth/password-reset/completeComplete a password reset
Sets a new password using a valid reset token.
Request Body
objectRequired
tokenstringRequired
passwordstringRequired
1curl -X POST "https://api.remllo.com/api/v1/auth/password-reset/complete" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie" \4 \5 -d '{6 "token": "...",7 "password": "..."8}'Example Response
200 OK{
"message": {
"type": "string"
}
}POST
/api/v1/auth/change-passwordChange the current user password
Requires an authenticated WatchTower console session. Session is issued as an HttpOnly cookie after login.
Authentication
sessionCookie
Request Body
objectRequired
currentPasswordstringRequired
newPasswordstringRequired
1curl -X POST "https://api.remllo.com/api/v1/auth/change-password" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie" \4 \5 -d '{6 "currentPassword": "...",7 "newPassword": "..."8}'Example Response
200 OK{
"message": {
"type": "string"
}
}GET
/api/v1/auth/meGet the current authenticated session
Returns the signed-in user and active organization membership.
Authentication
sessionCookie
1curl -X GET "https://api.remllo.com/api/v1/auth/me" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie"Example Response
200 OK{
"user": {
"type": "object",
"properties": {
"id": {
"type": "string",
"format": "uuid"
},
"email": {
"type": "string",
"format": "email"
},
"firstName": {
"type": "string"
},
"lastName": {
"type": "string"
},
"mfaEnabled": {
"type": "boolean"
}
}
},
"organization": {
"type": "object",
"properties": {
"id": {
"type": "string",
"format": "uuid"
},
"name": {
"type": "string"
},
"role": {
"type": "string"
},
"slaConfig": {
"$ref": "#/components/schemas/SlaConfig"
}
}
}
}POST
/api/v1/auth/mfa/setupStart MFA enrollment
Generates a TOTP secret, otpauth URL, and backup codes for the current user. Final activation requires `POST /mfa/verify-setup`.
Authentication
sessionCookie
1curl -X POST "https://api.remllo.com/api/v1/auth/mfa/setup" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie"Example Response
200 OK{
"secret": {
"type": "string"
},
"otpauthUrl": {
"type": "string"
},
"backupCodes": {
"type": "array",
"items": {
"type": "string"
}
}
}POST
/api/v1/auth/mfa/verify-setupComplete MFA enrollment
Validates the initial TOTP code and enables MFA on the account.
Authentication
sessionCookie
Request Body
objectRequired
codestringRequired
1curl -X POST "https://api.remllo.com/api/v1/auth/mfa/verify-setup" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie" \4 \5 -d '{6 "code": "..."7}'Example Response
200 OK{
"message": {
"type": "string"
},
"mfaEnabled": {
"type": "boolean"
}
}POST
/api/v1/auth/mfa/disableDisable MFA
Disables MFA using the current password and a valid TOTP or backup code.
Authentication
sessionCookie
Request Body
objectRequired
passwordstringRequired
codestringRequired
1curl -X POST "https://api.remllo.com/api/v1/auth/mfa/disable" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie" \4 \5 -d '{6 "password": "...",7 "code": "..."8}'Example Response
200 OK{
"message": {
"type": "string"
},
"mfaEnabled": {
"type": "boolean"
}
}Resource
Organizations
Organization profile, thresholds, SLA, members, audit logs, and API key management.
GET
/api/v1/orgs/meGet the active organization profile
Returns organization configuration, SLA, thresholds, membership roster, and API key status for the signed-in organization.
Authentication
sessionCookie
1curl -X GET "https://api.remllo.com/api/v1/orgs/me" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie"Example Response
200 OK{
"id": {
"type": "string",
"format": "uuid"
},
"name": {
"type": "string"
},
"hasApiKey": {
"type": "boolean"
},
"webhookUrl": {
"type": "string",
"format": "uri",
"nullable": true
},
"highValueTransactionThreshold": {
"type": "number"
},
"riskThresholdLow": {
"type": "number"
},
"riskThresholdMedium": {
"type": "number"
},
"riskThresholdHigh": {
"type": "number"
},
"slaConfig": {
"$ref": "#/components/schemas/SlaConfig"
},
"createdAt": {
"type": "string",
"format": "date-time"
},
"memberships": {
"type": "array",
"items": {
"type": "object",
"properties": {
"id": {
"type": "string",
"format": "uuid"
},
"role": {
"type": "string",
"enum": [
"ADMIN",
"RISK_LEAD",
"ANALYST",
"VIEWER"
]
},
"userId": {
"type": "string",
"format": "uuid"
},
"organizationId": {
"type": "string",
"format": "uuid"
},
"createdAt": {
"type": "string",
"format": "date-time"
},
"updatedAt": {
"type": "string",
"format": "date-time"
},
"user": {
"type": "object",
"properties": {
"id": {
"type": "string",
"format": "uuid"
},
"email": {
"type": "string",
"format": "email"
},
"firstName": {
"type": "string",
"nullable": true
},
"lastName": {
"type": "string",
"nullable": true
},
"invitationPending": {
"type": "boolean"
}
}
}
}
}
}
}PATCH
/api/v1/orgs/webhookUpdate the organization webhook URL
Sets or clears the outbound webhook destination used for WatchTower notifications and events.
Authentication
sessionCookie
ADMINRISK_LEAD
Request Body
objectRequired
webhookUrlstringRequired
1curl -X PATCH "https://api.remllo.com/api/v1/orgs/webhook" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie" \4 \5 -d '{6 "webhookUrl": "..."7}'Example Response
200 OK{
"message": {
"type": "string"
},
"webhookUrl": {
"type": "string",
"nullable": true
}
}PATCH
/api/v1/orgs/thresholdsUpdate risk thresholds
Updates organization-level high-value and risk bucket thresholds used by the rule engine and dashboards.
Authentication
sessionCookie
ADMINRISK_LEAD
Request Body
objectRequired
highValueTransactionThresholdnumber
riskThresholdLownumberRequired
riskThresholdMediumnumberRequired
riskThresholdHighnumberRequired
1curl -X PATCH "https://api.remllo.com/api/v1/orgs/thresholds" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie" \4 \5 -d '{6 "highValueTransactionThreshold": 0,7 "riskThresholdLow": 0,8 "riskThresholdMedium": 0,9 "riskThresholdHigh": 010}'Example Response
200 OK{
"message": {
"type": "string"
},
"data": {
"type": "object",
"additionalProperties": true
}
}PATCH
/api/v1/orgs/slaUpdate organization SLA policy
Updates SLA targets for each priority band. Admin-only.
Authentication
sessionCookie
ADMIN
Request Body
Required
1curl -X PATCH "https://api.remllo.com/api/v1/orgs/sla" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie" \4Example Response
200 OK{
"message": {
"type": "string"
},
"slaConfig": {
"$ref": "#/components/schemas/SlaConfig"
}
}POST
/api/v1/orgs/membersInvite an organization member
Creates or links a user to the organization, generates an invite link if the user has not set a password yet, and assigns a role.
Authentication
sessionCookie
ADMIN
Request Body
objectRequired
firstNamestring
lastNamestring
emailstringRequired
rolestringRequired
ADMINRISK_LEADANALYSTVIEWER
1curl -X POST "https://api.remllo.com/api/v1/orgs/members" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie" \4 \5 -d '{6 "firstName": "...",7 "lastName": "...",8 "email": "ops@example.com",9 "role": "ADMIN"10}'Example Response
200 OK{
"message": {
"type": "string"
},
"membership": {
"type": "object",
"properties": {
"id": {
"type": "string",
"format": "uuid"
},
"role": {
"type": "string",
"enum": [
"ADMIN",
"RISK_LEAD",
"ANALYST",
"VIEWER"
]
},
"userId": {
"type": "string",
"format": "uuid"
},
"organizationId": {
"type": "string",
"format": "uuid"
},
"createdAt": {
"type": "string",
"format": "date-time"
},
"updatedAt": {
"type": "string",
"format": "date-time"
},
"user": {
"type": "object",
"properties": {
"id": {
"type": "string",
"format": "uuid"
},
"email": {
"type": "string",
"format": "email"
},
"firstName": {
"type": "string",
"nullable": true
},
"lastName": {
"type": "string",
"nullable": true
},
"invitationPending": {
"type": "boolean"
}
}
}
}
},
"inviteUrl": {
"type": "string",
"format": "uri",
"nullable": true
}
}PATCH
/api/v1/orgs/members/{membershipId}Update a member role
Changes the role for an existing organization membership. Admin-only.
Authentication
sessionCookie
ADMIN
Parameters
membershipIdstringRequired
Request Body
objectRequired
rolestringRequired
ADMINRISK_LEADANALYSTVIEWER
1curl -X PATCH "https://api.remllo.com/api/v1/orgs/members/{membershipId}" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie" \4 \5 -d '{6 "role": "ADMIN"7}'Example Response
200 OK{
"message": {
"type": "string"
},
"membership": {
"type": "object",
"properties": {
"id": {
"type": "string",
"format": "uuid"
},
"role": {
"type": "string",
"enum": [
"ADMIN",
"RISK_LEAD",
"ANALYST",
"VIEWER"
]
},
"userId": {
"type": "string",
"format": "uuid"
},
"organizationId": {
"type": "string",
"format": "uuid"
},
"createdAt": {
"type": "string",
"format": "date-time"
},
"updatedAt": {
"type": "string",
"format": "date-time"
},
"user": {
"type": "object",
"properties": {
"id": {
"type": "string",
"format": "uuid"
},
"email": {
"type": "string",
"format": "email"
},
"firstName": {
"type": "string",
"nullable": true
},
"lastName": {
"type": "string",
"nullable": true
},
"invitationPending": {
"type": "boolean"
}
}
}
}
}
}DELETE
/api/v1/orgs/members/{membershipId}Remove an organization member
Removes organization access for a member while preserving historical records and audit references.
Authentication
sessionCookie
ADMIN
Parameters
membershipIdstringRequired
1curl -X DELETE "https://api.remllo.com/api/v1/orgs/members/{membershipId}" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie"Example Response
200 OK{
"message": {
"type": "string"
}
}GET
/api/v1/orgs/audit-logsList organization audit logs
Returns recent audit events for organization configuration, member management, and monitoring actions.
Authentication
sessionCookie
1curl -X GET "https://api.remllo.com/api/v1/orgs/audit-logs" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie"Example Response
200 OK{
"data": {
"type": "array",
"items": {
"type": "object",
"additionalProperties": true
}
}
}POST
/api/v1/orgs/api-key/generateGenerate an ingestion API key
Creates the first organization ingestion API key and returns the raw value once.
Authentication
sessionCookie
ADMIN
1curl -X POST "https://api.remllo.com/api/v1/orgs/api-key/generate" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie"Example Response
200 OK{
"apiKey": {
"type": "string"
},
"message": {
"type": "string"
}
}POST
/api/v1/orgs/api-key/rotateRotate the ingestion API key
Replaces the current organization API key and returns the new raw value once.
Authentication
sessionCookie
ADMIN
1curl -X POST "https://api.remllo.com/api/v1/orgs/api-key/rotate" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie"Example Response
200 OK{
"apiKey": {
"type": "string"
},
"message": {
"type": "string"
}
}DELETE
/api/v1/orgs/api-keyRevoke the ingestion API key
Deletes the current organization ingestion API key.
Authentication
sessionCookie
ADMIN
1curl -X DELETE "https://api.remllo.com/api/v1/orgs/api-key" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie"Example Response
200 OK{
"message": {
"type": "string"
}
}PATCH
/api/v1/orgs/allowed-ipsSet API key IP allowlist
Defines the IP addresses allowed to use the organization API key for transaction ingestion.
Authentication
sessionCookie
ADMIN
Request Body
objectRequired
allowedIpsarrayRequired
itemsstring
1curl -X PATCH "https://api.remllo.com/api/v1/orgs/allowed-ips" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie" \4 \5 -d '{6 "allowedIps": [7 "..."8 ]9}'Example Response
200 OK{
"message": {
"type": "string"
},
"allowedIps": {
"type": "array",
"items": {
"type": "string"
}
}
}Resource
Transactions
Transaction ingestion and transaction monitoring retrieval APIs.
POST
/api/v1/transactionsIngest a transaction for real-time monitoring
Requires an organization ingestion API key in the `x-api-key` header and an `idempotency-key` header. Evaluates the transaction against the active monitoring controls and returns the risk decision immediately.
Authentication
apiKey
Parameters
x-api-keystringRequired
idempotency-keystringRequired
Request Body
objectRequired
idstringRequired
amountnumberRequired
currencystringRequired
channelstringRequired
USSDPOSWEBMOBILETRANSFERATMCARDbank_transfercardussdmobile_money
transactionTypestring
DEBITCREDIT
timestampstringRequired
paymentReferencestring
sessionIdstring
senderobjectRequired
namestringRequired
accountNumberstringRequired
bankCodestringRequired
bankNamestring
phoneNumberstring
walletIdstring
bvnstring
receiverobjectRequired
namestringRequired
accountNumberstringRequired
bankCodestringRequired
bankNamestring
merchantIdstring
terminalIdstring
deviceobject
deviceIdstring
ipAddressstring
deviceTypestring
mobilewebpos
operatingSystemstring
networkProviderstring
locationstring
userAgentstring
behaviorobject
transactionsLast1Minnumber
transactionsLast5Minnumber
velocityScorenumber
newDeviceDetectedboolean
newIpDetectedboolean
accountAgeDaysnumber
metadataobject
senderIdstring
receiverIdstring
1curl -X POST "https://api.remllo.com/api/v1/transactions" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie" \4 \5 -d '{6 "id": "6ef1b19e-245a-42f7-bbf2-c91f0cbdde27",7 "amount": 0,8 "currency": "NGN",9 "channel": "USSD",10 "transactionType": "DEBIT",11 "timestamp": "2026-03-20T10:15:00.000Z",12 "paymentReference": "...",13 "sessionId": "...",14 "sender": {15 "name": "...",16 "accountNumber": "...",17 "bankCode": "...",18 "bankName": "...",19 "phoneNumber": "...",20 "walletId": "...",21 "bvn": "..."22 },23 "receiver": {24 "name": "...",25 "accountNumber": "...",26 "bankCode": "...",27 "bankName": "...",28 "merchantId": "...",29 "terminalId": "..."30 },31 "device": {32 "deviceId": "...",33 "ipAddress": "...",34 "deviceType": "mobile",35 "operatingSystem": "...",36 "networkProvider": "...",37 "location": "...",38 "userAgent": "..."39 },40 "behavior": {41 "transactionsLast1Min": 0,42 "transactionsLast5Min": 0,43 "velocityScore": 0,44 "newDeviceDetected": true,45 "newIpDetected": true,46 "accountAgeDays": 047 },48 "metadata": {},49 "senderId": "...",50 "receiverId": "..."51}'Example Response
200 OK{
"transactionId": {
"type": "string",
"format": "uuid"
},
"decision": {
"type": "string",
"enum": [
"ALLOW",
"REVIEW",
"BLOCK"
]
},
"riskScore": {
"type": "number",
"minimum": 0,
"maximum": 100
},
"triggeredRules": {
"type": "array",
"items": {
"type": "object",
"properties": {
"ruleId": {
"type": "string"
},
"description": {
"type": "string"
},
"severity": {
"type": "number"
}
}
}
},
"behavioralSignals": {
"type": "array",
"items": {
"type": "object",
"properties": {
"key": {
"type": "string"
},
"label": {
"type": "string"
},
"value": {},
"riskPoints": {
"type": "number"
},
"explanation": {
"type": "string"
}
}
}
},
"anomalyScore": {
"type": "number",
"minimum": 0,
"maximum": 100
},
"anomalyReasons": {
"type": "array",
"items": {
"type": "string"
}
},
"watchlistHits": {
"type": "array",
"items": {
"type": "object",
"properties": {
"watchlistId": {
"type": "string"
},
"listType": {
"type": "string"
},
"matchType": {
"type": "string"
},
"matchValue": {
"type": "string"
},
"riskLevel": {
"type": "string"
},
"reason": {
"type": "string"
}
}
}
},
"evaluatedAt": {
"type": "string",
"format": "date-time"
}
}GET
/api/v1/transactionsList organization transactions
Returns paginated transactions for the active organization with attached alert assignment context where available.
Authentication
sessionCookie
Parameters
pageinteger
pageSizeinteger
1curl -X GET "https://api.remllo.com/api/v1/transactions" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie"Example Response
200 OK{
"data": {
"type": "array",
"items": {
"type": "object",
"additionalProperties": true
}
},
"page": {
"type": "number"
},
"pageSize": {
"type": "number"
},
"total": {
"type": "number"
}
}GET
/api/v1/transactions/statsGet transaction monitoring stats
Returns 30-day aggregate monitoring metrics for the active organization.
Authentication
sessionCookie
1curl -X GET "https://api.remllo.com/api/v1/transactions/stats" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie"Example Response
200 OK{
"totalTransactions": {
"type": "number"
},
"fraudPrevented": {
"type": "number"
},
"flagRate": {
"type": "string"
}
}GET
/api/v1/transactions/{id}/narrativeGet or generate an alert narrative
Returns a stored narrative for a flagged transaction or generates one on demand when possible.
Authentication
sessionCookie
Parameters
idstringRequired
1curl -X GET "https://api.remllo.com/api/v1/transactions/{id}/narrative" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie"Example Response
200 OK{
"success": {
"type": "boolean"
},
"narrative": {
"type": "string"
}
}Resource
Rules
Monitoring control catalog and custom rule lifecycle.
GET
/api/v1/rules/catalogList built-in monitoring controls
Returns the built-in WatchTower rule catalog grouped by governance tier.
Authentication
sessionCookie
1curl -X GET "https://api.remllo.com/api/v1/rules/catalog" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie"Example Response
200 OK{
"success": {
"type": "boolean"
},
"data": {
"type": "object",
"additionalProperties": true
}
}GET
/api/v1/rulesList custom organization rules
Returns all organization-specific custom rules across draft, active, and inactive states.
Authentication
sessionCookie
1curl -X GET "https://api.remllo.com/api/v1/rules" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie"Example Response
200 OK{
"success": {
"type": "boolean"
},
"count": {
"type": "number"
},
"data": {
"type": "array",
"items": {
"type": "object",
"properties": {
"id": {
"type": "string",
"format": "uuid"
},
"name": {
"type": "string"
},
"description": {
"type": "string"
},
"severity": {
"type": "number"
},
"status": {
"type": "string",
"enum": [
"DRAFT",
"ACTIVE",
"INACTIVE"
]
},
"conditions": {
"type": "array",
"items": {
"type": "object",
"properties": {
"field": {
"type": "string"
},
"operator": {
"type": "string",
"enum": [
"gt",
"gte",
"lt",
"lte",
"eq",
"neq",
"in",
"not_in",
"contains"
]
},
"value": {}
}
}
},
"velocityCheck": {
"nullable": true,
"type": "object",
"properties": {
"field": {
"type": "string"
},
"windowSeconds": {
"type": "number"
},
"maxCount": {
"type": "number"
}
}
},
"createdAt": {
"type": "string",
"format": "date-time"
}
}
}
}
}POST
/api/v1/rulesCreate a draft rule
Creates a custom monitoring rule in draft state. Rules can later be activated through the rule status endpoint.
Authentication
sessionCookie
ADMINRISK_LEAD
Request Body
objectRequired
namestringRequired
descriptionstringRequired
severitynumberRequired
conditionsarrayRequired
itemsobject
fieldstring
operatorstring
gtgteltlteeqneqinnot_incontains
value
velocityCheckobject
fieldstring
windowSecondsnumber
maxCountnumber
1curl -X POST "https://api.remllo.com/api/v1/rules" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie" \4 \5 -d '{6 "name": "...",7 "description": "...",8 "severity": 0,9 "conditions": [10 {11 "field": "...",12 "operator": "gt",13 "value": "..."14 }15 ],16 "velocityCheck": {17 "field": "...",18 "windowSeconds": 0,19 "maxCount": 020 }21}'Example Response
200 OK{
"success": {
"type": "boolean"
},
"data": {
"type": "object",
"properties": {
"id": {
"type": "string",
"format": "uuid"
},
"name": {
"type": "string"
},
"description": {
"type": "string"
},
"severity": {
"type": "number"
},
"status": {
"type": "string",
"enum": [
"DRAFT",
"ACTIVE",
"INACTIVE"
]
},
"conditions": {
"type": "array",
"items": {
"type": "object",
"properties": {
"field": {
"type": "string"
},
"operator": {
"type": "string",
"enum": [
"gt",
"gte",
"lt",
"lte",
"eq",
"neq",
"in",
"not_in",
"contains"
]
},
"value": {}
}
}
},
"velocityCheck": {
"nullable": true,
"type": "object",
"properties": {
"field": {
"type": "string"
},
"windowSeconds": {
"type": "number"
},
"maxCount": {
"type": "number"
}
}
},
"createdAt": {
"type": "string",
"format": "date-time"
}
}
},
"message": {
"type": "string"
}
}PATCH
/api/v1/rules/{id}/statusChange a rule lifecycle status
Moves a custom rule between draft, active, and inactive and hot-reloads the evaluation cache.
Authentication
sessionCookie
ADMINRISK_LEAD
Parameters
idstringRequired
Request Body
objectRequired
statusstringRequired
DRAFTACTIVEINACTIVE
1curl -X PATCH "https://api.remllo.com/api/v1/rules/{id}/status" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie" \4 \5 -d '{6 "status": "DRAFT"7}'Example Response
200 OK{
"success": {
"type": "boolean"
},
"data": {
"type": "object",
"properties": {
"id": {
"type": "string",
"format": "uuid"
},
"name": {
"type": "string"
},
"description": {
"type": "string"
},
"severity": {
"type": "number"
},
"status": {
"type": "string",
"enum": [
"DRAFT",
"ACTIVE",
"INACTIVE"
]
},
"conditions": {
"type": "array",
"items": {
"type": "object",
"properties": {
"field": {
"type": "string"
},
"operator": {
"type": "string",
"enum": [
"gt",
"gte",
"lt",
"lte",
"eq",
"neq",
"in",
"not_in",
"contains"
]
},
"value": {}
}
}
},
"velocityCheck": {
"nullable": true,
"type": "object",
"properties": {
"field": {
"type": "string"
},
"windowSeconds": {
"type": "number"
},
"maxCount": {
"type": "number"
}
}
},
"createdAt": {
"type": "string",
"format": "date-time"
}
}
},
"message": {
"type": "string"
}
}DELETE
/api/v1/rules/{id}Delete a custom rule
Removes a custom rule permanently and hot-reloads the rule cache.
Authentication
sessionCookie
ADMIN
Parameters
idstringRequired
1curl -X DELETE "https://api.remllo.com/api/v1/rules/{id}" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie"Example Response
200 OK{
"success": {
"type": "boolean"
},
"message": {
"type": "string"
}
}Resource
Alerts
Alert inbox, status changes, and live alert streaming.
GET
/api/v1/alertsList alerts
Returns the alert inbox for the active organization with transaction enrichment, assignees, and control attribution.
Authentication
sessionCookie
Parameters
statusstring
1curl -X GET "https://api.remllo.com/api/v1/alerts" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie"Example Response
200 OK{
"success": true
}PATCH
/api/v1/alerts/{id}Update an alert status or assignee
Resolves, escalates, marks false positive, or reassigns an alert. Linked case workflow is synchronized when a case exists.
Authentication
sessionCookie
ADMINRISK_LEADANALYST
Parameters
idstringRequired
Request Body
objectRequired
statusstringRequired
OPENRESOLVEDESCALATEDFALSE_POSITIVE
notesstring
assignedToIdstring
outcomeReasonstring
outcomeContextstring
1curl -X PATCH "https://api.remllo.com/api/v1/alerts/{id}" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie" \4 \5 -d '{6 "status": "OPEN",7 "notes": "...",8 "assignedToId": "...",9 "outcomeReason": "...",10 "outcomeContext": "..."11}'Example Response
200 OK{
"success": {
"type": "boolean"
},
"data": {
"type": "object",
"properties": {
"id": {
"type": "string",
"format": "uuid"
},
"status": {
"type": "string",
"enum": [
"OPEN",
"RESOLVED",
"ESCALATED",
"FALSE_POSITIVE"
]
},
"narrative": {
"type": "string",
"nullable": true
},
"assignedToId": {
"type": "string",
"nullable": true
},
"assignedTo": {
"type": "object",
"nullable": true,
"properties": {
"id": {
"type": "string",
"format": "uuid"
},
"firstName": {
"type": "string",
"nullable": true
},
"lastName": {
"type": "string",
"nullable": true
},
"email": {
"type": "string",
"format": "email"
}
}
},
"caseId": {
"type": "string",
"nullable": true
},
"primaryControl": {
"type": "string"
},
"ruleFamily": {
"type": "string"
},
"triggeredControls": {
"type": "array",
"items": {
"type": "string"
}
},
"controlCount": {
"type": "number"
},
"createdAt": {
"type": "string",
"format": "date-time"
}
}
}
}GET
/api/v1/alerts/streamingOpen the alert SSE stream
Returns a server-sent events stream of alert updates for the active organization.
Authentication
sessionCookie
1curl -X GET "https://api.remllo.com/api/v1/alerts/streaming" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie"Example Response
200 OK{
"success": true
}Resource
Cases
Case management, notes, attachments, and exports.
GET
/api/v1/casesList cases
Returns the current case board/list with normalized case data for the active organization.
Authentication
sessionCookie
1curl -X GET "https://api.remllo.com/api/v1/cases" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie"Example Response
200 OK{
"data": {
"type": "array",
"items": {
"type": "object",
"properties": {
"id": {
"type": "string",
"format": "uuid"
},
"caseReference": "CASE-10DB14A3",
"title": {
"type": "string"
},
"description": {
"type": "string"
},
"primaryCustomer": {
"type": "string"
},
"riskScore": {
"type": "number"
},
"linkedAlerts": {
"type": "number"
},
"totalFlaggedValue": {
"type": "number"
},
"primaryControl": {
"type": "string"
},
"triggeredControls": {
"type": "array",
"items": {
"type": "string"
}
},
"controlCount": {
"type": "number"
},
"status": {
"type": "string",
"enum": [
"OPEN",
"INVESTIGATING",
"ESCALATED",
"REOPENED",
"RESOLVED",
"FALSE_POSITIVE"
]
},
"priority": {
"type": "string",
"enum": [
"Critical",
"High",
"Medium",
"Low"
]
},
"assignee": {
"type": "object",
"nullable": true,
"properties": {
"id": {
"type": "string",
"format": "uuid"
},
"firstName": {
"type": "string",
"nullable": true
},
"lastName": {
"type": "string",
"nullable": true
},
"email": {
"type": "string",
"format": "email"
}
}
},
"createdAt": {
"type": "string",
"format": "date-time"
},
"updatedAt": {
"type": "string",
"format": "date-time"
}
}
}
}
}GET
/api/v1/cases/{id}Get case detail
Returns an investigation case with alert, transaction, notes, events, and attachment context.
Authentication
sessionCookie
Parameters
idstringRequired
1curl -X GET "https://api.remllo.com/api/v1/cases/{id}" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie"Example Response
200 OK{
"data": {
"type": "object",
"additionalProperties": true
}
}PATCH
/api/v1/cases/{id}Update a case
Changes case status, assignment, priority, and disposition data. Status transitions are role-aware.
Authentication
sessionCookie
ADMINRISK_LEADANALYST
Parameters
idstringRequired
Request Body
objectRequired
statusstring
OPENINVESTIGATINGESCALATEDREOPENEDRESOLVEDFALSE_POSITIVE
prioritystring
CriticalHighMediumLow
assignedToIdstring
notesstring
outcomeReasonstring
outcomeContextstring
reopenReasonstring
1curl -X PATCH "https://api.remllo.com/api/v1/cases/{id}" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie" \4 \5 -d '{6 "status": "OPEN",7 "priority": "Critical",8 "assignedToId": "...",9 "notes": "...",10 "outcomeReason": "...",11 "outcomeContext": "...",12 "reopenReason": "..."13}'Example Response
200 OK{
"success": {
"type": "boolean"
},
"data": {
"type": "object",
"additionalProperties": true
}
}POST
/api/v1/cases/{id}/notesAdd a case note
Adds a note or threaded reply to a case and optionally mentions other users.
Authentication
sessionCookie
ADMINRISK_LEADANALYST
Parameters
idstringRequired
Request Body
objectRequired
bodystringRequired
parentIdstring
mentionedUserIdsarray
itemsstring
1curl -X POST "https://api.remllo.com/api/v1/cases/{id}/notes" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie" \4 \5 -d '{6 "body": "...",7 "parentId": "6ef1b19e-245a-42f7-bbf2-c91f0cbdde27",8 "mentionedUserIds": [9 "6ef1b19e-245a-42f7-bbf2-c91f0cbdde27"10 ]11}'Example Response
200 OK{
"success": {
"type": "boolean"
},
"data": {
"type": "object",
"additionalProperties": true
}
}POST
/api/v1/cases/{id}/attachmentsAdd a case attachment
Adds metadata for an uploaded case attachment or evidence file.
Authentication
sessionCookie
ADMINRISK_LEADANALYST
Parameters
idstringRequired
Request Body
objectRequired
fileNamestringRequired
fileUrlstringRequired
contentTypestringRequired
notesstring
1curl -X POST "https://api.remllo.com/api/v1/cases/{id}/attachments" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie" \4 \5 -d '{6 "fileName": "...",7 "fileUrl": "...",8 "contentType": "...",9 "notes": "..."10}'Example Response
200 OK{
"success": {
"type": "boolean"
},
"data": {
"type": "object",
"additionalProperties": true
}
}GET
/api/v1/cases/{id}/exportExport a case
Exports a case as JSON, CSV, or PDF depending on the requested format.
Authentication
sessionCookie
Parameters
idstringRequired
formatstring
jsoncsvpdf
1curl -X GET "https://api.remllo.com/api/v1/cases/{id}/export" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie"Example Response
200 OK{
"success": true
}Resource
Reports
Operational reporting and export endpoints.
GET
/api/v1/reports/overviewGet reporting overview
Returns the main operational reporting payload for dashboards, reports, control trends, analyst workload, and SLA views.
Authentication
sessionCookie
Parameters
daysinteger
startDatestring
endDatestring
directionstring
ruleFamilystring
channelstring
1curl -X GET "https://api.remllo.com/api/v1/reports/overview" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie"Example Response
200 OK{
"summary": {
"type": "object",
"additionalProperties": true
},
"charts": {
"type": "object",
"additionalProperties": true
},
"trendSeries": {
"type": "object",
"properties": {
"daily": {
"type": "array",
"items": {
"type": "object",
"properties": {
"period": {
"type": "string"
},
"transactions": {
"type": "number"
},
"flagged": {
"type": "number"
},
"flaggedValue": {
"type": "number"
}
}
}
},
"weekly": {
"type": "array",
"items": {
"type": "object",
"properties": {
"period": {
"type": "string"
},
"transactions": {
"type": "number"
},
"flagged": {
"type": "number"
},
"flaggedValue": {
"type": "number"
}
}
}
}
}
}
}GET
/api/v1/reports/overview/export.csvExport reporting overview as CSV
Exports the overview report sections as CSV for offline analysis.
Authentication
sessionCookie
Parameters
daysinteger
startDatestring
endDatestring
1curl -X GET "https://api.remllo.com/api/v1/reports/overview/export.csv" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie"Example Response
200 OK{
"success": true
}Resource
Notifications
Notification inbox and server-sent event streams.
GET
/api/v1/notificationsList notifications
Returns the recent notification inbox for the current user.
Authentication
sessionCookie
1curl -X GET "https://api.remllo.com/api/v1/notifications" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie"Example Response
200 OK{
"success": {
"type": "boolean"
},
"unreadCount": {
"type": "number"
},
"data": {
"type": "array",
"items": {
"type": "object",
"properties": {
"id": {
"type": "string",
"format": "uuid"
},
"type": {
"type": "string"
},
"title": {
"type": "string"
},
"message": {
"type": "string"
},
"isRead": {
"type": "boolean"
},
"recipientUserId": {
"type": "string",
"format": "uuid"
},
"actorUser": {
"type": "object",
"nullable": true,
"properties": {
"id": {
"type": "string",
"format": "uuid"
},
"firstName": {
"type": "string",
"nullable": true
},
"lastName": {
"type": "string",
"nullable": true
},
"email": {
"type": "string",
"format": "email"
}
}
},
"createdAt": {
"type": "string",
"format": "date-time"
}
}
}
}
}PATCH
/api/v1/notifications/{id}/readMark a notification as read
Marks a single notification as read for the current user.
Authentication
sessionCookie
Parameters
idstringRequired
1curl -X PATCH "https://api.remllo.com/api/v1/notifications/{id}/read" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie"Example Response
200 OK{
"success": {
"type": "boolean"
},
"data": {
"type": "object",
"properties": {
"id": {
"type": "string",
"format": "uuid"
},
"type": {
"type": "string"
},
"title": {
"type": "string"
},
"message": {
"type": "string"
},
"isRead": {
"type": "boolean"
},
"recipientUserId": {
"type": "string",
"format": "uuid"
},
"actorUser": {
"type": "object",
"nullable": true,
"properties": {
"id": {
"type": "string",
"format": "uuid"
},
"firstName": {
"type": "string",
"nullable": true
},
"lastName": {
"type": "string",
"nullable": true
},
"email": {
"type": "string",
"format": "email"
}
}
},
"createdAt": {
"type": "string",
"format": "date-time"
}
}
}
}POST
/api/v1/notifications/read-allMark all notifications as read
Marks all current-user notifications as read in the active organization.
Authentication
sessionCookie
1curl -X POST "https://api.remllo.com/api/v1/notifications/read-all" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie"Example Response
200 OK{
"success": {
"type": "boolean"
}
}GET
/api/v1/notifications/streamingOpen the workspace SSE stream
Returns a server-sent events stream of workspace changes and notifications relevant to the current user.
Authentication
sessionCookie
1curl -X GET "https://api.remllo.com/api/v1/notifications/streaming" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie"Example Response
200 OK{
"success": true
}Resource
AI
AI-assisted rule drafting and narrative generation.
POST
/api/v1/ai/rules/buildGenerate a draft rule from natural language
Uses the AI rule builder to translate a natural-language monitoring scenario into a structured draft rule definition.
Request Body
objectRequired
promptstringRequired
1curl -X POST "https://api.remllo.com/api/v1/ai/rules/build" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie" \4 \5 -d '{6 "prompt": "..."7}'Example Response
200 OK{
"success": {
"type": "boolean"
},
"rule": {
"type": "object",
"properties": {
"id": {
"type": "string",
"format": "uuid"
},
"name": {
"type": "string"
},
"description": {
"type": "string"
},
"severity": {
"type": "number"
},
"status": {
"type": "string",
"enum": [
"DRAFT",
"ACTIVE",
"INACTIVE"
]
},
"conditions": {
"type": "array",
"items": {
"type": "object",
"properties": {
"field": {
"type": "string"
},
"operator": {
"type": "string",
"enum": [
"gt",
"gte",
"lt",
"lte",
"eq",
"neq",
"in",
"not_in",
"contains"
]
},
"value": {}
}
}
},
"velocityCheck": {
"nullable": true,
"type": "object",
"properties": {
"field": {
"type": "string"
},
"windowSeconds": {
"type": "number"
},
"maxCount": {
"type": "number"
}
}
},
"createdAt": {
"type": "string",
"format": "date-time"
}
}
},
"message": {
"type": "string"
}
}POST
/api/v1/ai/narrativeGenerate a narrative for a flagged transaction
Uses the AI narrative generator to produce an investigation or compliance narrative from flagged transaction data.
Request Body
objectRequired
transactionIdstringRequired
amountnumberRequired
currencystringRequired
senderIdstringRequired
receiverIdstringRequired
channelstringRequired
riskScorenumberRequired
decisionstringRequired
ALLOWREVIEWBLOCK
triggeredRulesarrayRequired
itemsobject
ruleIdstring
descriptionstring
severitynumber
behavioralSignalsarray
itemsobject
keystring
explanationstring
riskPointsnumber
anomalyReasonsarray
itemsstring
locationstring
ipAddressstring
isSimulationboolean
1curl -X POST "https://api.remllo.com/api/v1/ai/narrative" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie" \4 \5 -d '{6 "transactionId": "6ef1b19e-245a-42f7-bbf2-c91f0cbdde27",7 "amount": 0,8 "currency": "...",9 "senderId": "...",10 "receiverId": "...",11 "channel": "...",12 "riskScore": 0,13 "decision": "ALLOW",14 "triggeredRules": [15 {16 "ruleId": "...",17 "description": "...",18 "severity": 019 }20 ],21 "behavioralSignals": [22 {23 "key": "...",24 "explanation": "...",25 "riskPoints": 026 }27 ],28 "anomalyReasons": [29 "..."30 ],31 "location": "...",32 "ipAddress": "...",33 "isSimulation": true34}'Example Response
200 OK{
"success": {
"type": "boolean"
},
"narrative": {
"type": "string"
}
}Resource
System
Health and operational diagnostics for an authenticated organization.
GET
/api/v1/system/healthGet authenticated system health
Returns operational health metrics for the active organization, including transaction counts, alert counts, Redis connectivity, active rules, and recent audit activity.
Authentication
sessionCookie
1curl -X GET "https://api.remllo.com/api/v1/system/health" \2 -H "Content-Type: application/json" \3 -H "Cookie: wt_session=your_session_cookie"Example Response
200 OK{
"uptime": {
"type": "number"
},
"redis": {
"type": "string",
"enum": [
"connected",
"degraded",
"disconnected"
]
},
"transactions": {
"type": "object",
"properties": {
"last24h": {
"type": "number"
},
"last7d": {
"type": "number"
}
}
},
"alerts": {
"type": "object",
"additionalProperties": {
"type": "number"
}
},
"activeRules": {
"type": "number"
},
"recentAuditLogs": {
"type": "array",
"items": {
"type": "object",
"additionalProperties": true
}
},
"timestamp": {
"type": "string",
"format": "date-time"
}
}