sift 1.1.6.2 → 4.5.0

data/lib/sift/client.rb

@@ -1,51 +1,88 @@
-require 'httparty'
-require 'multi_json'
+require "httparty"
+require "multi_json"
+require "base64"
+
+require_relative "./client/decision"
+require_relative "./error"
 
 module Sift
 
   # Represents the payload returned from a call through the track API
   #
   class Response
-    attr_reader :body
-    attr_reader :http_status_code
-    attr_reader :api_status
-    attr_reader :api_error_message
-    attr_reader :request
+    attr_reader :body,
+      :http_class,
+      :http_status_code,
+      :api_status,
+      :api_error_message,
+      :request,
+      :api_error_description,
+      :api_error_issues
 
     # Constructor
     #
-    # == Parameters:
-    # http_response
+    # ==== Parameters:
+    #
+    # http_response::
     #   The HTTP body text returned from the API call. The body is expected to be
     #   a JSON object that can be decoded into status, message and request
     #   sections.
     #
-    def initialize(http_response, http_response_code)
-      @body = MultiJson.load(http_response)
-      @request = MultiJson.load(@body["request"].to_s) if @body["request"]
+    def initialize(http_response, http_response_code, http_raw_response)
       @http_status_code = http_response_code
-      @api_status = @body["status"].to_i
-      @api_error_message = @body["error_message"].to_s
+      @http_raw_response = http_raw_response
+
+      # only set these variables if a message-body is expected.
+      if not @http_raw_response.kind_of? Net::HTTPNoContent
+
+        begin
+          @body = MultiJson.load(http_response) unless http_response.nil?
+        rescue
+          if @http_status_code == 200
+            raise TypeError.new
+          end
+        end
+
+        if not @body.nil?
+          @request = MultiJson.load(@body["request"].to_s) if @body["request"]
+          @api_status = @body["status"].to_i if @body["status"]
+          @api_error_message = @body["error_message"]
+
+          if @body["error"]
+            @api_error_message = @body["error"]
+            @api_error_description = @body["description"]
+            @api_error_issues = @body["issues"] || {}
+          end
+        end
+      end
     end
 
     # Helper method returns true if and only if the response from the API call was
     # successful
     #
-    # == Returns:
-    #   true on success; false otherwise
+    # ==== Returns:
+    #
+    # true on success; false otherwise
+    #
     def ok?
-      0 == @api_status.to_i
+      if @http_raw_response.kind_of? Net::HTTPNoContent
+        #if there is no content expected, use HTTP code
+        204 == @http_status_code
+      else
+        # otherwise use API status
+        @http_raw_response.kind_of? Net::HTTPOK and 0 == @api_status.to_i
+      end
     end
 
 
-    # DEPRECIATED
-    # Getter method for depreciated 'json' member variable.
+    # DEPRECATED
+    # Getter method for deprecated 'json' member variable.
     def json
       @body
     end
 
-    # DEPRECIATED
-    # Getter method for depreciated 'original_request' member variable.
+    # DEPRECATED
+    # Getter method for deprecated 'original_request' member variable.
     def original_request
       @request
     end
@@ -54,148 +91,844 @@ module Sift
   # This class wraps accesses through the API
   #
   class Client
-    API_ENDPOINT = "https://api.siftscience.com"
-    API_TIMEOUT = 2
+    API_ENDPOINT = ENV["SIFT_RUBY_API_URL"] || 'https://api.siftscience.com'
+    API3_ENDPOINT = ENV["SIFT_RUBY_API3_URL"] || 'https://api3.siftscience.com'
 
     include HTTParty
     base_uri API_ENDPOINT
 
-    # Constructor
-    #
-    # == Parameters:
-    # api_key
-    #   The Sift Science API key associated with your customer account. This parameter
-    #   cannot be nil or blank.
-    # path
-    #   The path to the event API, e.g., "/v201/events"
-    #
-    def initialize(api_key = Sift.api_key, path = Sift.current_rest_api_path, timeout = API_TIMEOUT)
-      raise(RuntimeError, "api_key must be a non-empty string") if (!api_key.is_a? String) || api_key.empty?
-      raise(RuntimeError, "path must be a non-empty string") if (!path.is_a? String) || path.empty?
-      @api_key = api_key
-      @path = path
-      @timeout = timeout
+    attr_reader :api_key, :account_id
 
+    def self.build_auth_header(api_key)
+      { "Authorization" => "Basic #{Base64.encode64(api_key)}" }
+    end
 
+    def self.user_agent
+      "sift-ruby/#{VERSION}"
     end
 
-    def api_key
-      @api_key
+    # Constructor
+    #
+    # ==== Parameters:
+    #
+    # opts (optional)::
+    #   A Hash of optional parameters for this Client --
+    #
+    #   :api_key::
+    #     The Sift Science API key associated with your account.
+    #     Sift.api_key is used if this parameter is not set.
+    #
+    #   :account_id::
+    #     The ID of your Sift Science account.  Sift.account_id is
+    #     used if this parameter is not set.
+    #
+    #   :timeout::
+    #     The number of seconds to wait before failing a request. By
+    #     default this is configured to 2 seconds.
+    #
+    #   :version::
+    #     The version of the Events API, Score API, and Labels API to call.
+    #     By default, version 205.
+    #
+    #   :path::
+    #     The URL path to use for Events API path.  By default, the
+    #     official path of the specified-version of the Events API.
+    #
+    #
+    def initialize(opts = {})
+      @api_key = opts[:api_key] || Sift.api_key
+      @account_id = opts[:account_id] || Sift.account_id
+      @version = opts[:version] || API_VERSION
+      @timeout = opts[:timeout] || 2  # 2-second timeout by default
+      @path = opts[:path] || Sift.rest_api_path(@version)
+
+      raise("api_key") if !@api_key.is_a?(String) || @api_key.empty?
+      raise("path must be a non-empty string") if !@path.is_a?(String) || @path.empty?
     end
 
     def user_agent
-      "SiftScience/v#{API_VERSION} sift-ruby/#{VERSION}"
+      "SiftScience/v#{@version} sift-ruby/#{VERSION}"
     end
 
-    # Tracks an event and associated properties through the Sift Science API. This call
-    # is blocking.
+
+    # Sends an event to the Sift Science Events API.
     #
-    # == Parameters:
-    # event
-    #   The name of the event to send. This can be either a reserved event name, like
-    #   $transaction or $label or a custom event name (that does not start with a $).
-    #   This parameter must be specified.
+    # See https://siftscience.com/developers/docs/ruby/events-api .
     #
-    # properties
-    #   A hash of name-value pairs that specify the event-specific attributes to track.
-    #   This parameter must be specified.
+    # ==== Parameters:
+    #
+    # event::
+    #   The name of the event to send. This can be either a reserved
+    #   event name, like $transaction or $label or a custom event name
+    #   (that does not start with a $).  This parameter must be
+    #   specified.
+    #
+    # properties::
+    #   A hash of name-value pairs that specify the event-specific
+    #   attributes to track.  This parameter must be specified.
+    #
+    # opts (optional)::
+    #   A Hash of optional parameters for the request --
+    #
+    #   :return_score::
+    #     If true, requests that the response include a score for this
+    #     user, computed using the submitted event.  See
+    #     https://siftscience.com/developers/docs/ruby/score-api/synchronous-scores
+    #
+    #   :abuse_types::
+    #     List of abuse types, specifying for which abuse types a
+    #     score should be returned (if scoring was requested).  By
+    #     default, a score is returned for every abuse type to which
+    #     you are subscribed.
+    #
+    #   :return_action::
+    #     If true, requests that the response include any actions
+    #     triggered as a result of the tracked event.
     #
-    # timeout (optional)
-    #   The number of seconds to wait before failing the request. By default this is
-    #   configured to 2 seconds (see above). This parameter is optional.
-    #
-    # path (optional)
-    #   Overrides the default API path with a different URL.
-    #
-    # return_score (optional)
-    #   Whether the API response should include a score for this user (the score will
-    #   be calculated using the submitted event
-    #
-    # == Returns:
-    #   In the case of an HTTP error (timeout, broken connection, etc.), this
-    #   method returns nil; otherwise, a Response object is returned and captures
-    #   the status message and status code. In general, you can ignore the returned
-    #   result, though.
-    #
-    def track(event, properties = {}, timeout = nil, path = nil, return_score = false, api_key = @api_key)
-      raise(RuntimeError, "event must be a non-empty string") if (!event.is_a? String) || event.empty?
-      raise(RuntimeError, "properties cannot be empty") if properties.empty?
-      raise(RuntimeError, "Bad api_key parameter") if api_key.empty?
-      path ||= @path
-      timeout ||= @timeout
-      if return_score
-        path = path + "?return_score=true"
+    #   :return_workflow_status::
+    #     If true, requests that the response include the status of
+    #     any workflow run as a result of the tracked event.  See
+    #     https://siftscience.com/developers/docs/ruby/workflows-api/workflow-decisions
+    #
+    #   :timeout::
+    #     Overrides the timeout (in seconds) for this call.
+    #
+    #   :api_key::
+    #     Overrides the API key for this call.
+    #
+    #   :version::
+    #     Overrides the version of the Events API to call.
+    #
+    #   :path::
+    #     Overrides the URI path for this API call.
+    # 
+    #   :include_score_percentiles::
+    #     include_score_percentiles(optional) : Whether to add new parameter in the query parameter.
+    #
+    #   :warnings::
+    #     warnings(optional) : Whether to add list of warnings (if any) to response.
+    #
+    # ==== Returns:
+    #
+    # In the case of a network error (timeout, broken connection, etc.),
+    # this method propagates the exception, otherwise, a Response object is
+    # returned that captures the status message and status code.
+    #
+    def track(event, properties = {}, opts = {})
+      api_key = opts[:api_key] || @api_key
+      version = opts[:version] || @version
+      path = opts[:path] || (version && Sift.rest_api_path(version)) || @path
+      timeout = opts[:timeout] || @timeout
+      return_score = opts[:return_score]
+      return_action = opts[:return_action]
+      return_workflow_status = opts[:return_workflow_status]
+      return_route_info = opts[:return_route_info]
+      force_workflow_run = opts[:force_workflow_run]
+      abuse_types = opts[:abuse_types]
+      include_score_percentiles = opts[:include_score_percentiles]
+      warnings = opts[:warnings]
+
+      raise("event must be a non-empty string") if (!event.is_a? String) || event.empty?
+      raise("properties cannot be empty") if properties.empty?
+      raise("api_key cannot be empty") if api_key.empty?
+
+      query = {}
+      query["return_score"] = "true" if return_score
+      query["return_action"] = "true" if return_action
+      query["return_workflow_status"] = "true" if return_workflow_status
+      query["return_route_info"] = "true" if return_route_info
+      query["force_workflow_run"] = "true" if force_workflow_run
+      query["abuse_types"] = abuse_types.join(",") if abuse_types
+
+      if include_score_percentiles == "true" || warnings == "true"
+        fields = []
+        fields << "SCORE_PERCENTILES" if include_score_percentiles == "true"
+        fields << "WARNINGS" if warnings == "true"
+        query["fields"] = fields.join(",")
       end
+
       options = {
         :body => MultiJson.dump(delete_nils(properties).merge({"$type" => event,
                                                                "$api_key" => api_key})),
-        :headers => {"User-Agent" => user_agent}
+        :headers => {"User-Agent" => user_agent},
+        :query => query
       }
       options.merge!(:timeout => timeout) unless timeout.nil?
-      begin
-        response = self.class.post(path, options)
-        Response.new(response.body, response.code)
-      rescue StandardError => e
-        Sift.warn("Failed to track event: " + e.to_s)
-        Sift.warn(e.backtrace)
-        nil
+
+      response = self.class.post(path, options)
+      Response.new(response.body, response.code, response.response)
+    end
+
+
+    # Retrieves a user's fraud score from the Sift Science API.
+    #
+    # See https://siftscience.com/developers/docs/ruby/score-api/score-api .
+    #
+    # ==== Parameters:
+    #
+    # user_id::
+    #   A user's id. This id should be the same as the user_id used in
+    #   event calls.
+    #
+    # opts (optional)::
+    #   A Hash of optional parameters for the request --
+    #
+    #   :abuse_types::
+    #     List of abuse types, specifying for which abuse types a
+    #     score should be returned.  By default, a score is returned
+    #     for every abuse type to which you are subscribed.
+    #
+    #   :api_key::
+    #     Overrides the API key for this call.
+    #
+    #   :timeout::
+    #     Overrides the timeout (in seconds) for this call.
+    #
+    #   :version::
+    #     Overrides the version of the Events API to call.
+    # 
+    #   :include_score_percentiles::
+    #     include_score_percentiles(optional) : Whether to add new parameter in the query parameter.
+    #
+    # ==== Returns:
+    #
+    # A Response object containing a status code, status message, and,
+    # if successful, the user's score(s).
+    #
+    def score(user_id, opts = {})
+      abuse_types = opts[:abuse_types]
+      api_key = opts[:api_key] || @api_key
+      timeout = opts[:timeout] || @timeout
+      version = opts[:version] || @version
+      include_score_percentiles = opts[:include_score_percentiles]
+
+      raise("user_id must be a non-empty string") if (!user_id.is_a? String) || user_id.to_s.empty?
+      raise("Bad api_key parameter") if api_key.empty?
+
+      query = {}
+      query["api_key"] = api_key
+      query["abuse_types"] = abuse_types.join(",") if abuse_types
+      if include_score_percentiles == "true"
+        query["fields"] =  "SCORE_PERCENTILES"
       end
+
+      options = {
+        :headers => {"User-Agent" => user_agent},
+        :query => query
+      }
+      options.merge!(:timeout => timeout) unless timeout.nil?
+
+      response = self.class.get(Sift.score_api_path(user_id, version), options)
+      Response.new(response.body, response.code, response.response)
     end
 
-    # Retrieves a user's fraud score from the Sift Science API. This call
-    # is blocking.
+
+    # Fetches the latest score(s) computed for the specified user and abuse types.
+    #
+    # As opposed to client.score() and client.rescore_user(), this *does not* compute
+    # a new score for the user; it simply fetches the latest score(s) which have computed.
+    # These scores may be arbitrarily old.
+    #
+    # See https://siftscience.com/developers/docs/ruby/score-api/get-score for more details.
     #
-    # == Parameters:
-    # user_id
+    # ==== Parameters:
+    #
+    # user_id::
     #   A user's id. This id should be the same as the user_id used in
     #   event calls.
     #
-    # == Returns:
-    #   A Response object is returned and captures the status message and
-    #   status code. In general, you can ignore the returned result, though.
+    # opts (optional)::
+    #   A Hash of optional parameters for the request --
+    #
+    #   :abuse_types::
+    #     List of abuse types, specifying for which abuse types a
+    #     score should be returned.  By default, a score is returned
+    #     for every abuse type to which you are subscribed.
+    #
+    #   :api_key::
+    #     Overrides the API key for this call.
+    #
+    #   :timeout::
+    #     Overrides the timeout (in seconds) for this call.
+    # 
+    #   :include_score_percentiles::
+    #     include_score_percentiles(optional) : Whether to add new parameter in the query parameter.
+    #
+    # ==== Returns:
+    #
+    # A Response object containing a status code, status message, and,
+    # if successful, the user's score(s).
     #
-    def score(user_id, timeout = nil, api_key = @api_key)
+    def get_user_score(user_id, opts = {})
+      abuse_types = opts[:abuse_types]
+      api_key = opts[:api_key] || @api_key
+      timeout = opts[:timeout] || @timeout
+      include_score_percentiles = opts[:include_score_percentiles]
 
-      raise(RuntimeError, "user_id must be a non-empty string") if (!user_id.is_a? String) || user_id.to_s.empty?
-      raise(RuntimeError, "Bad api_key parameter") if api_key.empty?
-      timetout ||= @timeout
+      raise("user_id must be a non-empty string") if (!user_id.is_a? String) || user_id.to_s.empty?
+      raise("Bad api_key parameter") if api_key.empty?
 
-      options = { :headers => {"User-Agent" => user_agent} }
+      query = {}
+      query["api_key"] = api_key
+      query["abuse_types"] = abuse_types.join(",") if abuse_types
+      if include_score_percentiles == "true"
+        query["fields"] =  "SCORE_PERCENTILES"
+      end
+
+      options = {
+        :headers => {"User-Agent" => user_agent},
+        :query => query
+      }
       options.merge!(:timeout => timeout) unless timeout.nil?
 
-      response = self.class.get("/v#{API_VERSION}/score/#{user_id}/?api_key=#{api_key}", options)
-      Response.new(response.body, response.code)
+      response = self.class.get(Sift.user_score_api_path(user_id, @version), options)
+      Response.new(response.body, response.code, response.response)
+    end
+
+
+    # Rescores the specified user for the specified abuse types and returns the resulting score(s).
+    #
+    # See https://siftscience.com/developers/docs/ruby/score-api/rescore for more details.
+    #
+    # ==== Parameters:
+    #
+    # user_id::
+    #   A user's id. This id should be the same as the user_id used in
+    #   event calls.
+    #
+    # opts (optional)::
+    #   A Hash of optional parameters for the request --
+    #
+    #   :abuse_types::
+    #     List of abuse types, specifying for which abuse types a
+    #     score should be returned.  By default, a score is returned
+    #     for every abuse type to which you are subscribed.
+    #
+    #   :api_key::
+    #     Overrides the API key for this call.
+    #
+    #   :timeout::
+    #     Overrides the timeout (in seconds) for this call.
+    #
+    # ==== Returns:
+    #
+    # A Response object containing a status code, status message, and,
+    # if successful, the user's score(s).
+    #
+    def rescore_user(user_id, opts = {})
+      abuse_types = opts[:abuse_types]
+      api_key = opts[:api_key] || @api_key
+      timeout = opts[:timeout] || @timeout
+
+      raise("user_id must be a non-empty string") if (!user_id.is_a? String) || user_id.to_s.empty?
+      raise("Bad api_key parameter") if api_key.empty?
+
+      query = {}
+      query["api_key"] = api_key
+      query["abuse_types"] = abuse_types.join(",") if abuse_types
 
+      options = {
+        :headers => {"User-Agent" => user_agent},
+        :query => query
+      }
+      options.merge!(:timeout => timeout) unless timeout.nil?
+
+      response = self.class.post(Sift.user_score_api_path(user_id, @version), options)
+      Response.new(response.body, response.code, response.response)
     end
 
-    # Labels a user as either good or bad. This call is blocking.
+
+    # Labels a user.
+    #
+    # See https://siftscience.com/developers/docs/ruby/labels-api/label-user .
     #
-    # == Parameters:
-    # user_id
+    # ==== Parameters:
+    #
+    # user_id::
     #   A user's id. This id should be the same as the user_id used in
     #   event calls.
     #
-    # properties
+    # properties::
     #   A hash of name-value pairs that specify the label attributes.
     #   This parameter must be specified.
     #
-    # timeout (optional)
-    #   The number of seconds to wait before failing the request. By default this is
-    #   configured to 2 seconds (see above). This parameter is optional.
+    # opts (optional)::
+    #   A Hash of optional parameters for the request --
+    #
+    #   :api_key::
+    #     Overrides the API key for this call.
+    #
+    #   :timeout::
+    #     Overrides the timeout (in seconds) for this call.
+    #
+    #   :version::
+    #     Overrides the version of the Events API to call.
+    #
+    # ==== Returns:
+    #
+    # In the case of a connection error (timeout, broken connection,
+    # etc.), this method returns nil; otherwise, a Response object is
+    # returned that captures the status message and status code.
+    #
+    def label(user_id, properties = {}, opts = {})
+      api_key = opts[:api_key] || @api_key
+      timeout = opts[:timeout] || @timeout
+      version = opts[:version] || @version
+      path = Sift.users_label_api_path(user_id, version)
+
+      raise("user_id must be a non-empty string") if (!user_id.is_a? String) || user_id.to_s.empty?
+
+      track("$label", delete_nils(properties),
+            :path => path, :api_key => api_key, :timeout => timeout)
+    end
+
+
+    # Unlabels a user.
+    #
+    # See https://siftscience.com/developers/docs/ruby/labels-api/unlabel-user .
+    #
+    # ==== Parameters:
+    #
+    # user_id::
+    #   A user's id. This id should be the same as the user_id used in
+    #   event calls.
+    #
+    # opts (optional)::
+    #   A Hash of optional parameters for this request --
+    #
+    #   :abuse_type::
+    #     The abuse type for which the user should be unlabeled.  If
+    #     omitted, the user is unlabeled for all abuse types.
+    #
+    #   :api_key::
+    #     Overrides the API key for this call.
+    #
+    #   :timeout::
+    #     Overrides the timeout (in seconds) for this call.
+    #
+    #   :version::
+    #     Overrides the version of the Events API to call.
+    #
+    # ==== Returns:
+    #
+    # A Response object is returned with only an http code of 204.
+    #
+    def unlabel(user_id, opts = {})
+      abuse_type = opts[:abuse_type]
+      api_key = opts[:api_key] || @api_key
+      timeout = opts[:timeout] || @timeout
+      version = opts[:version] || @version
+
+      raise("user_id must be a non-empty string") if (!user_id.is_a? String) || user_id.to_s.empty?
+
+      query = {}
+      query[:api_key] = api_key
+      query[:abuse_type] = abuse_type if abuse_type
+
+      options = {
+        :headers => {},
+        :query => query
+      }
+      options.merge!(:timeout => timeout) unless timeout.nil?
+
+      response = self.class.delete(Sift.users_label_api_path(user_id, version), options)
+      Response.new(response.body, response.code, response.response)
+    end
+
+
+    # Gets the status of a workflow run.
+    #
+    # See https://siftscience.com/developers/docs/ruby/workflows-api/workflow-status .
+    #
+    # ==== Parameters
+    #
+    # run_id::
+    #   The ID of a workflow run.
+    #
+    # opts (optional)::
+    #   A Hash of optional parameters for this request --
+    #
+    #   :account_id::
+    #     Overrides the API key for this call.
+    #
+    #   :api_key::
+    #     Overrides the API key for this call.
+    #
+    #   :timeout::
+    #     Overrides the timeout (in seconds) for this call.
+    #
+    def get_workflow_status(run_id, opts = {})
+      account_id = opts[:account_id] || @account_id
+      api_key = opts[:api_key] || @api_key
+      timeout = opts[:timeout] || @timeout
+
+      options = {
+        :headers => { "User-Agent" => user_agent },
+        :basic_auth => { :username => api_key, :password => "" }
+      }
+      options.merge!(:timeout => timeout) unless timeout.nil?
+
+      uri = API3_ENDPOINT + Sift.workflow_status_path(account_id, run_id)
+      response = self.class.get(uri, options)
+      Response.new(response.body, response.code, response.response)
+    end
+
+
+    # Gets the decision status of a user.
+    #
+    # See https://siftscience.com/developers/docs/ruby/decisions-api/decision-status .
+    #
+    # ==== Parameters
+    #
+    # user_id::
+    #   The ID of user.
+    #
+    # opts (optional)::
+    #   A Hash of optional parameters for this request --
+    #
+    #   :account_id::
+    #     Overrides the API key for this call.
+    #
+    #   :api_key::
+    #     Overrides the API key for this call.
+    #
+    #   :timeout::
+    #     Overrides the timeout (in seconds) for this call.
+    #
+    def get_user_decisions(user_id, opts = {})
+      account_id = opts[:account_id] || @account_id
+      api_key = opts[:api_key] || @api_key
+      timeout = opts[:timeout] || @timeout
+
+      options = {
+        :headers => { "User-Agent" => user_agent },
+        :basic_auth => { :username => api_key, :password => "" }
+      }
+      options.merge!(:timeout => timeout) unless timeout.nil?
+
+      uri = API3_ENDPOINT + Sift.user_decisions_api_path(account_id, user_id)
+      response = self.class.get(uri, options)
+      Response.new(response.body, response.code, response.response)
+    end
+
+
+    # Gets the decision status of an order.
+    #
+    # See https://siftscience.com/developers/docs/ruby/decisions-api/decision-status .
+    #
+    # ==== Parameters
+    #
+    # order_id::
+    #   The ID of an order.
+    #
+    # opts (optional)::
+    #   A Hash of optional parameters for this request --
     #
-    # == Returns:
-    #   A Response object is returned and captures the status message and
-    #   status code. In general, you can ignore the returned result, though.
+    #   :account_id::
+    #     Overrides the API key for this call.
     #
-    def label(user_id, properties = {}, timeout = nil, api_key = @api_key)
+    #   :api_key::
+    #     Overrides the API key for this call.
+    #
+    #   :timeout::
+    #     Overrides the timeout (in seconds) for this call.
+    #
+    def get_order_decisions(order_id, opts = {})
+      account_id = opts[:account_id] || @account_id
+      api_key = opts[:api_key] || @api_key
+      timeout = opts[:timeout] || @timeout
+
+      options = {
+        :headers => { "User-Agent" => user_agent },
+        :basic_auth => { :username => api_key, :password => "" }
+      }
+      options.merge!(:timeout => timeout) unless timeout.nil?
+
+      uri = API3_ENDPOINT + Sift.order_decisions_api_path(account_id, order_id)
+      response = self.class.get(uri, options)
+      Response.new(response.body, response.code, response.response)
+    end
+
+    # Gets the decision status of a session.
+    #
+    # See https://siftscience.com/developers/docs/ruby/decisions-api/decision-status .
+    #
+    # ==== Parameters
+    #
+    # user_id::
+    #   The ID of the user in the session.
+    #
+    # session_id::
+    #   The ID of a session.
+    #
+    # opts (optional)::
+    #   A Hash of optional parameters for this request --
+    #
+    #   :account_id::
+    #     Overrides the account id for this call.
+    #
+    #   :api_key::
+    #     Overrides the API key for this call.
+    #
+    #   :timeout::
+    #     Overrides the timeout (in seconds) for this call.
+    #
+    def get_session_decisions(user_id, session_id, opts = {})
+      account_id = opts[:account_id] || @account_id
+      api_key = opts[:api_key] || @api_key
+      timeout = opts[:timeout] || @timeout
 
-      raise(RuntimeError, "user_id must be a non-empty string") if (!user_id.is_a? String) || user_id.to_s.empty?
+      options = {
+        :headers => { "User-Agent" => user_agent },
+        :basic_auth => { :username => api_key, :password => "" }
+      }
+      options.merge!(:timeout => timeout) unless timeout.nil?
 
-      path = Sift.current_users_label_api_path(user_id)
-      track("$label", delete_nils(properties), timeout, path, false, api_key)
+      uri = API3_ENDPOINT + Sift.session_decisions_api_path(account_id, user_id, session_id)
+      response = self.class.get(uri, options)
+      Response.new(response.body, response.code, response.response)
     end
 
+    # Gets the decision status of a piece of content.
+    #
+    # See https://siftscience.com/developers/docs/ruby/decisions-api/decision-status .
+    #
+    # ==== Parameters
+    #
+    # user_id::
+    #   The ID of the owner of the content.
+    #
+    # content_id::
+    #   The ID of a piece of content.
+    #
+    # opts (optional)::
+    #   A Hash of optional parameters for this request --
+    #
+    #   :account_id::
+    #     Overrides the API key for this call.
+    #
+    #   :api_key::
+    #     Overrides the API key for this call.
+    #
+    #   :timeout::
+    #     Overrides the timeout (in seconds) for this call.
+    #
+    def get_content_decisions(user_id, content_id, opts = {})
+      account_id = opts[:account_id] || @account_id
+      api_key = opts[:api_key] || @api_key
+      timeout = opts[:timeout] || @timeout
+
+      options = {
+        :headers => { "User-Agent" => user_agent },
+        :basic_auth => { :username => api_key, :password => "" }
+      }
+      options.merge!(:timeout => timeout) unless timeout.nil?
+
+      uri = API3_ENDPOINT + Sift.content_decisions_api_path(account_id, user_id, content_id)
+      response = self.class.get(uri, options)
+      Response.new(response.body, response.code, response.response)
+    end
+
+    def decisions(opts = {})
+      decision_instance.list(opts)
+    end
+
+    def decisions!(opts = {})
+      handle_response(decisions(opts))
+    end
+
+    def apply_decision(configs = {})
+      decision_instance.apply_to(configs)
+    end
+
+    def apply_decision!(configs = {})
+      handle_response(apply_decision(configs))
+    end
+
+    def build_default_headers_post(api_key)
+      {
+        "Authorization" => "Basic #{Base64.encode64(api_key+":")}",
+        "User-Agent" => "SiftScience/v#{@version} sift-ruby/#{VERSION}",
+        "Content-Type" => "application/json"
+      }
+    end
+
+    def verification_send(properties = {}, opts = {})
+      api_key = opts[:api_key] || @api_key
+      version = opts[:version] || @version
+      timeout = opts[:timeout] || @timeout
+
+      raise("properties cannot be empty") if properties.empty?
+      raise("api_key cannot be empty") if api_key.empty?
+
+
+      options = {
+        :body => MultiJson.dump(delete_nils(properties)),
+        :headers => build_default_headers_post(api_key)
+      }
+      options.merge!(:timeout => timeout) unless timeout.nil?
+
+      response = self.class.post(Sift.verification_api_send_path(@version), options)
+      Response.new(response.body, response.code, response.response)
+    end
+
+    def verification_resend(properties = {}, opts = {})
+      api_key = opts[:api_key] || @api_key
+      version = opts[:version] || @version
+      timeout = opts[:timeout] || @timeout
+
+      raise("properties cannot be empty") if properties.empty?
+      raise("api_key cannot be empty") if api_key.empty?
+
+
+      options = {
+        :body => MultiJson.dump(delete_nils(properties)),
+        :headers => build_default_headers_post(api_key)
+      }
+      options.merge!(:timeout => timeout) unless timeout.nil?
+
+      response = self.class.post(Sift.verification_api_resend_path(@version), options)
+      Response.new(response.body, response.code, response.response)
+    end
+
+    def verification_check(properties = {}, opts = {})
+      api_key = opts[:api_key] || @api_key
+      version = opts[:version] || @version
+      timeout = opts[:timeout] || @timeout
+
+      raise("properties cannot be empty") if properties.empty?
+      raise("api_key cannot be empty") if api_key.empty?
+
+
+      options = {
+        :body => MultiJson.dump(delete_nils(properties)),
+        :headers => build_default_headers_post(api_key)
+      }
+      options.merge!(:timeout => timeout) unless timeout.nil?
+
+      response = self.class.post(Sift.verification_api_check_path(@version), options)
+      Response.new(response.body, response.code, response.response)
+    end
+
+    def create_psp_merchant_profile(properties = {}, opts = {})
+      # Create a new PSP Merchant profile
+      # Args:
+      #   properties: A dict of merchant profile data.
+      # Returns
+      #   A sift.client.Response object if the call succeeded, else raises an ApiException
+
+      account_id = opts[:account_id] || @account_id
+      api_key = opts[:api_key] || @api_key
+      timeout = opts[:timeout] || @timeout
+
+      raise("api_key cannot be empty") if api_key.empty?
+      raise("account_id cannot be empty") if account_id.empty?
+      raise("properties cannot be empty") if properties.empty?
+
+      options = {
+        :body => MultiJson.dump(delete_nils(properties)),
+        :headers => { "User-Agent" => user_agent, "Content-Type" => "application/json" },
+        :basic_auth => { :username => api_key, :password => "" }
+      }
+      options.merge!(:timeout => timeout) unless timeout.nil?
+      response = self.class.post(API_ENDPOINT + Sift.psp_merchant_api_path(account_id), options)
+      Response.new(response.body, response.code, response.response)
+    end
+
+    def update_psp_merchant_profile(merchant_id, properties = {}, opts = {})
+      # Update an existing PSP Merchant profile
+      #  Args:
+      #      merchant_id: id of merchant
+      #      properties: A dict of merchant profile data.
+      #  Returns
+      #      A sift.client.Response object if the call succeeded, else raises an ApiException
+
+      account_id = opts[:account_id] || @account_id
+      api_key = opts[:api_key] || @api_key
+      timeout = opts[:timeout] || @timeout
+
+      raise("api_key cannot be empty") if api_key.empty?
+      raise("account_id cannot be empty") if account_id.empty?
+      raise("merchant_id cannot be empty") if merchant_id.empty?
+      raise("properties cannot be empty") if properties.empty?
+
+      options = {
+        :body => MultiJson.dump(delete_nils(properties)),
+        :headers => { "User-Agent" => user_agent, "Content-Type" => "application/json" },
+        :basic_auth => { :username => api_key, :password => "" }
+      }
+      options.merge!(:timeout => timeout) unless timeout.nil?
+      response = self.class.put(API_ENDPOINT + Sift.psp_merchant_id_api_path(account_id, merchant_id), options)
+      Response.new(response.body, response.code, response.response)
+    end
+
+  def get_a_psp_merchant_profile(merchant_id, opts = {})
+    # Gets a PSP merchant profile using merchant id.
+    #  Args:
+    #      merchant_id: id of merchant
+    #  Returns
+    #      A sift.client.Response object if the call succeeded, else raises an ApiException
+
+    account_id = opts[:account_id] || @account_id
+    api_key = opts[:api_key] || @api_key
+    timeout = opts[:timeout] || @timeout
+    
+    raise("api_key cannot be empty") if api_key.empty?
+    raise("account_id cannot be empty") if account_id.empty?
+    raise("merchant_id cannot be empty") if merchant_id.empty?
+
+    options = {
+      :headers => { "User-Agent" => user_agent, "Content-Type" => "application/json" },
+      :basic_auth => { :username => api_key, :password => "" }
+    }
+    options.merge!(:timeout => timeout) unless timeout.nil?
+    response = self.class.get(API_ENDPOINT + Sift.psp_merchant_id_api_path(account_id, merchant_id), options)
+    Response.new(response.body, response.code, response.response)
+  end
+
+  def get_psp_merchant_profiles(batch_size = nil, batch_token = nil, opts = {})
+    # Get all PSP merchant profiles.
+    # Args:
+    #  batch_size : Batch or page size of the paginated sequence.
+    #  batch_token : Batch or page position of the paginated sequence.
+    #  Returns
+    #      A sift.client.Response object if the call succeeded, else raises an ApiException
+
+    account_id = opts[:account_id] || @account_id
+    api_key = opts[:api_key] || @api_key
+    timeout = opts[:timeout] || @timeout
+
+    raise("api_key cannot be empty") if api_key.empty?
+    raise("account_id cannot be empty") if account_id.empty?
+
+    query = {}
+    query["batch_size"] = batch_size if batch_size
+    query["batch_token"] = batch_token if batch_token
+
+    options = {
+      :headers => { "User-Agent" => user_agent, "Content-Type" => "application/json" },
+      :basic_auth => { :username => api_key, :password => "" },
+      :query => query
+    }
+    options.merge!(:timeout => timeout) unless timeout.nil?
+    response = self.class.get(API_ENDPOINT + Sift.psp_merchant_api_path(account_id), options)
+    Response.new(response.body, response.code, response.response)
+  end
+
     private
+
+    def handle_response(response)
+      if response.ok?
+        response.body
+      else
+        raise ApiError.new(response.api_error_message, response)
+      end
+    end
+
+    def decision_instance
+      @decision_instance ||= Decision.new(api_key, account_id)
+    end
+
     def delete_nils(properties)
       properties.delete_if do |k, v|
         case v