We provide a simulator anti-fraud connection which can be used for integration testing. This anti-fraud connection makes it straight forward to test all response decisions and asynchronous webhooks.


To configure the connection, you will need to set the following credentials.

API KeyThis is not validated and can be set to any string

Decision mapping

In order to test various anti-fraud decisions you must create a Gr4vy buyer with a specific email address (see table below). If you do not pass a buyer with email address the decision will be skipped.

Buyer emailGr4vyDescription
accept@gr4vy.comacceptSimulates a low risk transaction
reject@gr4vy.comrejectSimulates a high risk transaction
review@gr4vy.comreviewSimulates a transaction which needs manual review
error@gr4vy.comerrorSimulates a bad request
timeout@gr4vy.comexceptionSimulates a server timeout/bad response


In order to test the review status you can manually send a POST request to the anti-fraud service webhook URL. You can find this value from the Gr4vy dashboard or via the API when fetching the anti-fraud service.

GET /anti-fraud-services/{anti_fraud_service_id}
    "type": "anti-fraud-service",
    "id": "f80b5fc6-c95d-4a28-a929-4d5268c3e141",
    "merchant_account_id": "default",
    "display_name": "Simulator",
    "anti_fraud_service_definition_id": "mock-anti-fraud",
    "active": true,
    "reviews_enabled": true,
    "created_at": "2024-04-01T00:00:00+00:00",
    "updated_at": "2024-04-01T00:00:00+00:00",
    "webhook_url": "https://api.sandbox.example.gr4vy.app/i/af/-AtfxsldSiipKU1SaMPhQWZvcnRlci1hbnRpLWZyYXVk/5bOPmoOpwNRR6bKZaPD7MNjiZcYgSu1cNtNUO0jLUNc",
    "fields": []

The expected POST body for the webhook URL must contain the UUID of the transaction and a decision of accept or reject:

POST https://api.sandbox.example.gr4vy.app/i/af/-AtfxsldSiipKU1SaMPhQWZvcnRlci1hbnRpLWZyYXVk/5bOPmoOpwNRR6bKZaPD7MNjiZcYgSu1cNtNUO0jLUNc
  "transaction_id": "d6d2bc16-8a25-4e05-a595-b4cd51fe4932",
  "decision": "accept" | "reject"

Device fingerprinting

Device fingerprinting is not currently supported via this connection.