specs.yaml

openapi: 3.0.3
info:
  title: Fraud Prevention Service
  version: v2
  description: Fraud & Risk APIs to detect fraud
  contact:
    name: Risk Tech Verge
    email: RiskTechVerge@expedia.com
  x-eg-lifecycle: PLANNED
servers:
  - url: https://api.expediagroup.com/fraud-prevention/v2
  - url: https://api.sandbox.expediagroup.com/fraud-prevention/v2
  - url: https://test-api.expediagroup.com/fraud-prevention/v2
  - url: https://test-api.sandbox.expediagroup.com/fraud-prevention/v2
tags:
  - name: OrderPurchaseScreen
  - name: OrderPurchaseUpdate
  - name: AccountScreen
  - name: AccountUpdate
paths:
  /fraud-prevention/v2/order/purchase/screen:
    post:
      tags:
        - screenOrderPurchase
      description: "The Order Purchase API gives a Fraud recommendation for a
        transaction. A recommendation can be Accept, Reject, or Review. A
        transaction is marked as Review whenever there are insufficient signals
        to recommend Accept or Reject. These incidents are manually reviewed,
        and a corrected recommendation is made asynchronously. "
      summary: Run fraud screening for one transaction
      operationId: screenOrderPurchase
      security:
        - orderPurchaseScreenAuth:
            - fraudandrisk.fraud.order-purchase-screen
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: "#/components/schemas/OrderPurchaseScreenRequest"
      responses:
        "200":
          description: The OrderPurchaseScreenRequest was successfully received and the
            order screening is complete.
          content:
            application/json:
              schema:
                $ref: "#/components/schemas/OrderPurchaseScreenResponse"
        "400":
          description: Bad request
          content:
            application/json:
              schema:
                $ref: "#/components/schemas/BadRequestError"
        "401":
          description: Unauthorized
          content:
            application/json:
              schema:
                $ref: "#/components/schemas/UnauthorizedError"
        "403":
          description: Forbidden
          content:
            application/json:
              schema:
                $ref: "#/components/schemas/ForbiddenError"
        "404":
          description: Not Found
          content:
            application/json:
              schema:
                $ref: "#/components/schemas/NotFoundError"
        "429":
          description: Too many requests
          content:
            application/json:
              schema:
                $ref: "#/components/schemas/TooManyRequestsError"
        "500":
          description: Internal server error
          content:
            application/json:
              schema:
                $ref: "#/components/schemas/InternalServerError"
        "502":
          description: Bad gateway
          content:
            application/json:
              schema:
                $ref: "#/components/schemas/BadGatewayError"
        "503":
          description: Retryable Order Purchase Screen Failure
          content:
            application/json:
              schema:
                $ref: "#/components/schemas/RetryableOrderPurchaseScreenFailure"
        "504":
          description: Gateway timeout
          content:
            application/json:
              schema:
                $ref: "#/components/schemas/GatewayTimeoutError"
  /fraud-prevention/v2/order/purchase/update:
    post:
      tags:
        - updateOrderPurchase
      description: >
        The Order Purchase Update API is called when the status of the order has
        changed.


        For example, if the customer cancels the reservation, changes reservation in any way, or adds additional products or travelers to the reservation, the Order Purchase Update API is called to notify Expedia Group about the change.


        The Order Purchase Update API is also called when the merchant cancels or changes an order based on a Fraud recommendation.
      summary: Send an update for a transaction
      operationId: updateOrderPurchase
      security:
        - orderPurchaseUpdateAuth:
            - fraudandrisk.fraud.order-purchase-update
      requestBody:
        required: true
        description: >
          An OrderPurchaseUpdate request may be of one of the following types
          `ORDER_UPDATE`, `CHARGEBACK_FEEDBACK`, `INSULT_FEEDBACK`,
          `REFUND_UPDATE`, `PAYMENT_UPDATE`.
        content:
          application/json:
            schema:
              $ref: "#/components/schemas/OrderPurchaseUpdateRequest"
            examples:
              OrderUpdate:
                summary: Sample OrderUpdate Request
                value:
                  type: ORDER_UPDATE
                  risk_id: "1234324324"
                  acquirer_reference_number: "12345"
                  order_status: COMPLETED
                  cancellation_reason:
                    primary_reason_description: string
              ChargebackFeedback:
                summary: Sample ChargebackFeedback Request
                value:
                  type: CHARGEBACK_FEEDBACK
                  risk_id: "1234324324"
                  chargeback_detail:
                    chargeback_status: RECEIVED
                    chargeback_reason: FRAUD
                    chargeback_amount:
                      value: 123.45
                      currency_code: USD
              InsultFeedback:
                summary: Sample InsultFeedback Request
                value:
                  type: INSULT_FEEDBACK
                  risk_id: "1234324324"
              RefundUpdate:
                summary: Sample RefundUpdate Request
                value:
                  type: REFUND_UPDATE
                  risk_id: "1234324324"
                  refund_status: SETTLED
                  refund_details:
                    acquirer_reference_number: "12345"
                    refund_deposit_date_time: 2022-07-24T01:01:01.111Z
                    refund_settlement_date_time: 2022-07-24T01:01:01.111Z
                    settlement_id: "12345"
                    refund_settled_amount:
                      value: 123.32
                      currency_code: USD
              PaymentUpdate:
                summary: Sample PaymentUpdate Request
                value:
                  type: PAYMENT_UPDATE
                  risk_id: "1234324324"
                  merchant_order_code: "12345"
      responses:
        "200":
          description: The OrderUpdateRequest was successful.
          content:
            application/json:
              schema:
                $ref: "#/components/schemas/OrderPurchaseUpdateResponse"
        "400":
          description: Bad request
          content:
            application/json:
              schema:
                $ref: "#/components/schemas/BadRequestError"
        "401":
          description: Unauthorized
          content:
            application/json:
              schema:
                $ref: "#/components/schemas/UnauthorizedError"
        "403":
          description: Forbidden
          content:
            application/json:
              schema:
                $ref: "#/components/schemas/ForbiddenError"
        "404":
          description: Order Purchase Update Not Found
          content:
            application/json:
              schema:
                $ref: "#/components/schemas/OrderPurchaseUpdateNotFoundError"
        "429":
          description: Too many requests
          content:
            application/json:
              schema:
                $ref: "#/components/schemas/TooManyRequestsError"
        "500":
          description: Internal server error
          content:
            application/json:
              schema:
                $ref: "#/components/schemas/InternalServerError"
        "502":
          description: Bad gateway
          content:
            application/json:
              schema:
                $ref: "#/components/schemas/BadGatewayError"
        "503":
          description: Retryable Order Purchase Update Failure
          content:
            application/json:
              schema:
                $ref: "#/components/schemas/RetryableOrderPurchaseUpdateFailure"
        "504":
          description: Gateway timeout
          content:
            application/json:
              schema:
                $ref: "#/components/schemas/GatewayTimeoutError"
  /fraud-prevention/v2/account/screen:
    post:
      tags:
        - screenAccount
      description: The Account Screen API gives a Fraud recommendation for an account
        transaction. A recommendation can be ACCEPT, CHALLENGE, or REJECT. A
        transaction is marked as CHALLENGE whenever there are insufficient
        signals to recommend ACCEPT or REJECT. These CHALLENGE incidents are
        manually reviewed, and a corrected recommendation is made
        asynchronously.
      summary: Run fraud screening for one transaction
      operationId: screenAccount
      security:
        - accountScreenAuth:
            - fraudandrisk.fraud.account-screen
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: "#/components/schemas/AccountScreenRequest"
      responses:
        "200":
          description: The AccountScreenRequest was successfully received and the account
            screening is complete.
          content:
            application/json:
              schema:
                $ref: "#/components/schemas/AccountScreenResponse"
        "400":
          description: Bad request
          content:
            application/json:
              schema:
                $ref: "#/components/schemas/AccountTakeoverBadRequestError"
        "401":
          description: Unauthorized
          content:
            application/json:
              schema:
                $ref: "#/components/schemas/AccountTakeoverUnauthorizedError"
        "403":
          description: Forbidden
          content:
            application/json:
              schema:
                $ref: "#/components/schemas/ForbiddenError"
        "404":
          description: Not Found
          content:
            application/json:
              schema:
                $ref: "#/components/schemas/NotFoundError"
        "429":
          description: Too many requests
          content:
            application/json:
              schema:
                $ref: "#/components/schemas/TooManyRequestsError"
        "500":
          description: Internal server error
          content:
            application/json:
              schema:
                $ref: "#/components/schemas/InternalServerError"
        "502":
          description: Bad gateway
          content:
            application/json:
              schema:
                $ref: "#/components/schemas/BadGatewayError"
        "503":
          description: Service unavailable
          content:
            application/json:
              schema:
                $ref: "#/components/schemas/ServiceUnavailableError"
        "504":
          description: Gateway timeout
          content:
            application/json:
              schema:
                $ref: "#/components/schemas/GatewayTimeoutError"
  /fraud-prevention/v2/account/update:
    post:
      tags:
        - updateAccount
      description: The Account Update API is called when there is an account lifecycle
        transition such as a challenge outcome, account restoration, or
        remediation action completion. For example, if a user's account is
        disabled, deleted, or restored, the Account Update API is called to
        notify Expedia Group about the change. The Account Update API is also
        called when a user responds to a login Multi-Factor Authentication based
        on a Fraud recommendation.
      summary: Send an update as a result of an account screen transaction
      operationId: updateAccount
      security:
        - accountUpdateAuth:
            - fraudandrisk.fraud.account-update
      requestBody:
        required: true
        description: An AccountUpdate request may be of one of the following types
          `MULTI_FACTOR_AUTHENTICATION_UPDATE`, `REMEDIATION_UPDATE`.
        content:
          application/json:
            schema:
              $ref: "#/components/schemas/AccountUpdateRequest"
            examples:
              MultiFactorAuthenticationUpdate:
                summary: Sample MultiFactorAuthenticationUpdate Request
                value:
                  type: MULTI_FACTOR_AUTHENTICATION_UPDATE
                  risk_id: "1234324324"
                  multi_factor_authentication_attempts:
                    - delivery_method: SMS
                      status: SUCCESS
                      reference_id: "1234324324"
                      provider_name: DUO
                      attempt_count: 2
                      update_start_date_time: 2022-07-24T01:01:01.111Z
                      update_end_date_time: 2022-07-24T01:02:01.111Z
                      telephone:
                        country_access_code: "1"
                        area_code: "234"
                        phone_number: "5678910"
              RemediationUpdate:
                summary: Sample RemediationUpdate Request
                value:
                  type: REMEDIATION_UPDATE
                  risk_id: "1234324324"
                  remediation_update_actions:
                    - action_name: PASSWORD_RESET
                      status: SUCCESS
                      update_end_date_time: 2022-07-24T01:02:01.111Z
      responses:
        "200":
          description: The AccountUpdateResponse was successful.
          content:
            application/json:
              schema:
                $ref: "#/components/schemas/AccountUpdateResponse"
        "400":
          description: Bad request
          content:
            application/json:
              schema:
                $ref: "#/components/schemas/AccountTakeoverBadRequestError"
        "401":
          description: Unauthorized
          content:
            application/json:
              schema:
                $ref: "#/components/schemas/AccountTakeoverUnauthorizedError"
        "403":
          description: Forbidden
          content:
            application/json:
              schema:
                $ref: "#/components/schemas/ForbiddenError"
        "404":
          description: Account Update Not Found
          content:
            application/json:
              schema:
                $ref: "#/components/schemas/AccountUpdateNotFoundError"
        "429":
          description: Too many requests
          content:
            application/json:
              schema:
                $ref: "#/components/schemas/TooManyRequestsError"
        "500":
          description: Internal server error
          content:
            application/json:
              schema:
                $ref: "#/components/schemas/InternalServerError"
        "502":
          description: Bad gateway
          content:
            application/json:
              schema:
                $ref: "#/components/schemas/BadGatewayError"
        "503":
          description: Service unavailable
          content:
            application/json:
              schema:
                $ref: "#/components/schemas/ServiceUnavailableError"
        "504":
          description: Gateway timeout
          content:
            application/json:
              schema:
                $ref: "#/components/schemas/GatewayTimeoutError"
components:
  schemas:
    Error:
      description: The object used to describe an error, containing both
        human-readable and machine-readable information.
      type: object
      properties:
        code:
          description: Snake cased all caps error code interpreted from the HTTP status
            code that can programmatically be acted upon.
          type: string
          example: BAD_REQUEST
          enum:
            - UNAUTHORIZED
            - FORBIDDEN
            - NOT_FOUND
            - ORDER_PURCHASE_UPDATE_NOT_FOUND
            - TOO_MANY_REQUESTS
            - INTERNAL_SERVER_ERROR
            - BAD_GATEWAY
            - RETRYABLE_ORDER_PURCHASE_SCREEN_FAILURE
            - RETRYABLE_ORDER_PURCHASE_UPDATE_FAILURE
            - GATEWAY_TIMEOUT
            - BAD_REQUEST
        message:
          description: A human-readable explanation of the error, specific to this error
            occurrence.
          type: string
          example: An input validation error was encountered. Please see causes for more
            details.
      required:
        - code
        - message
    UnauthorizedError:
      description: Indicates that the token sent in the 'Authorization' header is
        either invalid or missing. Please check the value in the token field
        along with the token expiration time before retrying.
      example:
        code: UNAUTHORIZED
        message: Invalid EG token provided. Please provide a valid token in the
          Authorization header.
      allOf:
        - $ref: "#/components/schemas/Error"
    ForbiddenError:
      description: Indicates that the API cannot fulfill the request because while the
        client is correctly authenticated, the client doesn't have the
        permission to execute the specified operation. This error type does not
        imply that the request is valid, or that the resource against which the
        operation being performed exists or satisfies other pre-conditions.
      example:
        code: FORBIDDEN
        message: Insufficient permissions to perform the request.
      allOf:
        - $ref: "#/components/schemas/AccountTakeoverError"
    NotFoundError:
      description: Indicates that the API cannot find the resource that is either
        being requested or against which the operation is being performed.
        Please check the request again to make sure that the request is valid.
      example:
        code: NOT_FOUND
        message: The requested resource does not exist.
      allOf:
        - $ref: "#/components/schemas/AccountTakeoverError"
    OrderPurchaseUpdateNotFoundError:
      description: Indicates that the API cannot find the resource that is either
        being requested or against which the operation is being performed.
      example:
        code: ORDER_PURCHASE_UPDATE_NOT_FOUND
        message: The request failed because the Order Screen event for this booking is
          missing. Please send a new Order Screen event again.
      allOf:
        - $ref: "#/components/schemas/Error"
    TooManyRequestsError:
      description: Indicates that the API cannot fulfill the request because server
        resources have been exhausted. Perhaps the client has sent too many
        requests in a given amount of time or has reached some specific quota.
        Please check the rate limits for the product and adjust as necessary
        before retries. If you believe the rate limit was incorrect or if you
        need a different rate limit, please reach out to the <support team>
        regarding the next steps.
      example:
        code: TOO_MANY_REQUESTS
        message: The request failed because the server resources for this client have
          been exhausted.
      allOf:
        - $ref: "#/components/schemas/AccountTakeoverError"
    InternalServerError:
      description: Indicates that the API encountered an unexpected condition that
        prevented it from fulfilling the request. Sometimes used as a generic
        catch-allerror type when no other error types can be used. Retrying the
        same request will usually result in the same error. Please reach out to
        support team as next step for this error resolution.
      example:
        code: INTERNAL_SERVER_ERROR
        message: The server encountered an internal error.
      allOf:
        - $ref: "#/components/schemas/AccountTakeoverError"
    BadGatewayError:
      description: Indicates that the server received an invalid response from the
        upstream server. Causes could be incorrectly configured target server at
        gateway, EOF exception, incorrectly configured keep-alive timeouts.
        Please reach out to support team as next step for this error resolution.
      example:
        code: BAD_GATEWAY
        message: The server received an invalid response from an upstream server.
      allOf:
        - $ref: "#/components/schemas/AccountTakeoverError"
    RetryableOrderPurchaseScreenFailure:
      description: >
        Indicates that the API is either down for maintenance or overloaded and
        cannot fulfill the request at the current time. This is a temporary
        error and retrying the same request after a certain delay could
        eventually result in success.

        There will be a Retry-After HTTP header in API response specifying how long to wait to retry the request. If there is no Retry-After HTTP header then retry can happen immediately. If the error persists after retrying with delay, please reach out to <support team>."
      example:
        code: RETRYABLE_ORDER_PURCHASE_SCREEN_FAILURE
        message: A temporary internal error occurred. You can safely retry your call
          using the same order details.
      allOf:
        - $ref: "#/components/schemas/Error"
    RetryableOrderPurchaseUpdateFailure:
      description: >
        Indicates that the API is either down for maintenance or overloaded and
        cannot fulfill the request at the current time. This is a temporary
        error and retrying the same request after a certain delay could
        eventually result in success.

        There will be a Retry-After HTTP header in API response specifying how long to wait to retry the request. If there is no Retry-After HTTP header then retry can happen immediately. If the error persists after retrying with delay, please reach out to <support team>."
      example:
        code: RETRYABLE_ORDER_PURCHASE_UPDATE_FAILURE
        message: A temporary internal error occurred. You can safely retry your call
          using the same order details.
      allOf:
        - $ref: "#/components/schemas/Error"
    GatewayTimeoutError:
      description: Indicates that the API gateway has issues completing the request on
        time. Request can be retried if it is idempotent, If the issue persists,
        please reach out to support. For non-idempotent requests, please reach
        out to <support team> to know the status of your request before
        attempting retries.
      example:
        code: GATEWAY_TIMEOUT
        message: The server timed out while trying to complete the request.
      allOf:
        - $ref: "#/components/schemas/AccountTakeoverError"
    BadRequestError:
      description: Indicates that a bad request occurred. Typically it is an invalid
        parameter.
      example:
        code: BAD_REQUEST
        message: An input validation error was encountered. Please see causes for more
          details.
        causes:
          code: MISSING_MANDATORY_PARAM
          field: $.transaction.customer_account.account_type
          message: The value of a field should not be null.
      allOf:
        - $ref: "#/components/schemas/Error"
        - type: object
          properties:
            causes:
              type: array
              items:
                type: object
                properties:
                  code:
                    type: string
                    example: MISSING_MANDATORY_PARAM
                    enum:
                      - MISSING_MANDATORY_PARAM
                      - INVALID_PARAM
                      - INVALID_FORMAT
                  field:
                    type: string
                    description: A JSON Path expression indicating which field, in the request body,
                      caused the error.
                    example: $.transaction.customer_account.account_type
                  message:
                    type: string
                    example: The value of a field should not be null.
    OrderPurchaseUpdateRequest:
      title: OrderPurchaseUpdateRequest
      description: >
        The `type` field value is used as a discriminator, with the following
        mapping:

        * `ORDER_UPDATE`: `OrderUpdate`

        * `CHARGEBACK_FEEDBACK`: `ChargebackFeedback`

        * `INSULT_FEEDBACK`: `InsultFeedback`

        * `REFUND_UPDATE`: `RefundUpdate`

        * `PAYMENT_UPDATE`: `PaymentUpdate`
      type: object
      required:
        - risk_id
        - type
      properties:
        type:
          $ref: "#/components/schemas/UpdateType"
        risk_id:
          description: The `risk_id` provided by Expedia's Fraud Prevention Service in the
            `OrderPurchaseScreenResponse`.
          type: string
          maxLength: 200
          example: "123456789"
      discriminator:
        propertyName: type
        mapping:
          ORDER_UPDATE: OrderUpdate
          CHARGEBACK_FEEDBACK: ChargebackFeedback
          INSULT_FEEDBACK: InsultFeedback
          REFUND_UPDATE: RefundUpdate
          PAYMENT_UPDATE: PaymentUpdate
    UpdateType:
      title: UpdateType
      description: Transaction type associated with the update event.
      type: string
      enum:
        - ORDER_UPDATE
        - CHARGEBACK_FEEDBACK
        - INSULT_FEEDBACK
        - REFUND_UPDATE
        - PAYMENT_UPDATE
    OrderUpdate:
      title: OrderUpdate
      description: Order related data that should be updated.
      allOf:
        - $ref: "#/components/schemas/OrderPurchaseUpdateRequest"
        - type: object
          required:
            - order_status
          properties:
            order_status:
              $ref: "#/components/schemas/Status"
            acquirer_reference_number:
              description: >
                A unique number that tags a credit or debit card transaction
                when it goes from the merchant's bank through to the
                cardholder's bank.

                `acquirer_reference_number` is a required field only if `order_status` = `COMPLETED`

                Typically, merchants can get this number from their payment processors.

                This number is used when dealing with disputes/chargebacks on original transactions.
              type: string
              maxLength: 200
            cancellation_reason:
              $ref: "#/components/schemas/CancellationReason"
    CancellationReason:
      title: CancellationReason
      description: Reason of order update cancellation.
      type: object
      properties:
        primary_reason_code:
          description: Primary cancellation reason code.
          type: string
          maxLength: 200
        sub_reason_code:
          description: Substitute cancellation reason code.
          type: string
          maxLength: 200
        primary_reason_description:
          description: Primary cancellation reason code. Required if `order_status =
            CANCELLED`.
          type: string
          maxLength: 200
        sub_reason_description:
          description: Substitute cancellation reason description.
          type: string
          maxLength: 200
    ChargebackFeedback:
      title: ChargebackFeedback
      description: Feedback from EG external partners if they receive a chargeback for
        a false negative recommendation from Fraud Prevention system.
      allOf:
        - $ref: "#/components/schemas/OrderPurchaseUpdateRequest"
        - type: object
          properties:
            chargeback_detail:
              $ref: "#/components/schemas/ChargebackDetail"
    InsultFeedback:
      title: InsultFeedback
      description: Feedback from EG external partners regarding a false positive
        recommendation that from Fraud Prevention system gave for their
        customer.
      allOf:
        - $ref: "#/components/schemas/OrderPurchaseUpdateRequest"
        - type: object
          properties:
            insult_detail:
              $ref: "#/components/schemas/InsultDetail"
    RefundUpdate:
      title: RefundUpdate
      description: Refund related data. Update should be sent when refund is issued or
        settled. Amounts should include all fees and taxes.
      discriminator:
        propertyName: refund_status
        mapping:
          ISSUED: IssuedRefundUpdate
          SETTLED: SettledRefundUpdate
      allOf:
        - $ref: "#/components/schemas/OrderPurchaseUpdateRequest"
        - type: object
          required:
            - refund_status
          properties:
            refund_status:
              description: |
                Identifies the refund status. Possible values are:
                -`ISSUED` - The refund was issued.
                -`SETTLED` - The refund was settled.
              type: string
              enum:
                - ISSUED
                - SETTLED
    IssuedRefundUpdate:
      title: IssuedRefundUpdate
      description: Data related to the issued refund that should be updated.
      allOf:
        - $ref: "#/components/schemas/RefundUpdate"
        - type: object
          required:
            - refund_status
          properties:
            refund_details:
              $ref: "#/components/schemas/IssuedRefundUpdateDetails"
    SettledRefundUpdate:
      title: SettledRefundUpdate
      description: Data related to the settled refund that should be updated.
      allOf:
        - $ref: "#/components/schemas/RefundUpdate"
        - type: object
          required:
            - refund_status
          properties:
            refund_details:
              $ref: "#/components/schemas/SettledRefundUpdateDetails"
    IssuedRefundUpdateDetails:
      title: IssuedRefundUpdateDetails
      description: Data that describes issued refund that should be updated.
      type: object
      required:
        - refund_issued_date_time
        - refund_issued_amount
      properties:
        refund_issued_date_time:
          description: Date and time when the 3rd party payment processor confirmed that a
            previously submitted payment refund has issued at the participating
            financial institutions.
          type: string
          format: date-time
        refund_issued_amount:
          $ref: "#/components/schemas/Amount"
    SettledRefundUpdateDetails:
      title: SettledRefundUpdateDetails
      description: Data that describes settled refund that should be updated.
      type: object
      required:
        - refund_settlement_date_time
        - refund_deposit_date_time
        - acquirer_reference_number
        - settlement_id
        - refund_settled_amount
      properties:
        refund_settlement_date_time:
          description: Date and time when the 3rd party payment processor confirmed that a
            previously submitted payment refund has settled at the participating
            financial institutions.
          type: string
          format: date-time
        refund_deposit_date_time:
          description: Date and time when the refund was deposited to the original form of
            payment.
          type: string
          format: date-time
        acquirer_reference_number:
          description: >
            A unique number that tags a credit or debit card transaction when it
            goes from the merchant's bank through to the cardholder's bank.

            Typically, merchants can get this number from their payment processors.

            This number is used when dealing with disputes/chargebacks on original transactions.
          type: string
          maxLength: 200
        settlement_id:
          description: Unique settlement identifier specific to the payment processor for
            the settlement transaction generated for a previously submitted
            payment refund.
          type: string
          maxLength: 200
        refund_settled_amount:
          $ref: "#/components/schemas/Amount"
    PaymentUpdate:
      title: PaymentUpdate
      description: Payment related data that should be updated.
      allOf:
        - $ref: "#/components/schemas/OrderPurchaseUpdateRequest"
        - type: object
          required:
            - merchant_order_code
          properties:
            merchant_order_code:
              description: Reference code passed to acquiring bank at the time of payment.
                This code is the key ID that ties back to payments data at the
                payment level.
              type: string
              maxLength: 200
    ChargebackDetail:
      title: ChargebackDetail
      type: object
      description: Details related to the chargeback.
      required:
        - chargeback_status
        - chargeback_reason
        - chargeback_amount
      properties:
        chargeback_status:
          type: string
          enum:
            - RECEIVED
            - REVERSAL
          description: |
            Identifies the chargeback status. Possible values are:
            -`RECEIVED` - The chargeback was received.
            -`REVERSAL` - The chargeback reversal was received.
        chargeback_reason:
          type: string
          enum:
            - FRAUD
            - NON_FRAUD
          description: Reason for chargeback which can be `Fraud` or `Non Fraud`.
        chargeback_amount:
          $ref: "#/components/schemas/Amount"
        bank_reason_code:
          type: string
          description: Unique code provided by the acquiring bank for the category of fraud.
          maxLength: 200
        chargeback_reported_date_time:
          type: string
          format: date-time
          description: Date and time when the chargeback was reported to the partner, in
            ISO-8601 date and time format `yyyy-MM-ddTHH:mm:ss.SSSZ`.
    InsultDetail:
      title: InsultDetail
      type: object
      description: Details related to the insult.
      properties:
        insult_reported_date_time:
          type: string
          format: date-time
          description: Date and time when the insult was reported to the partner, in
            ISO-8601 date and time format `yyyy-MM-ddTHH:mm:ss.SSSZ`.
    Status:
      title: Status
      description: >
        Defines the current state of the Order.

        Generally, OrderPurchaseScreenRequest is followed by an OrderUpdate reflecting the change in current order status. From `IN_PROGRESS` to any of below possible values:

        * `COMPLETED` is used when the order has been processed fully. For example, inventory has been reserved, and the payment has been settled.

        * `CHANGE_COMPLETED` is like `COMPLETED` but on a changed order.

        * `CANCELLED` is used when the order is cancelled. This could be acustomer initiated cancel or based on Fraud recommendation.

        * `FAILED` is used when order failed due to any errors on Partner system. This could be followed by another OrderUpdate call with any `order_status` once the order is recovered, abandoned, or cancelled.

        * `CHANGE_FAILED` is like `FAILED` but on a changed order.

        *

        * `CHANGE_COMPLETED` or `CHANGE_FAILED` are applicable if OrderPurchaseScreen Fraud API was called via a change in order which is through `transaction.transaction_details.order_type` = `CHANGE`

        * `COMPLETED` or `CANCELLED` order status indicates the completion of lifecycle on an order.
      type: string
      enum:
        - COMPLETED
        - CHANGE_COMPLETED
        - CANCELLED
        - FAILED
        - CHANGE_FAILED
      maxLength: 200
    OrderPurchaseUpdateResponse:
      title: OrderPurchaseUpdateResponse
      type: object
      properties:
        risk_id:
          type: string
          description: Unique identifier of transaction that was updated.
          maxLength: 200
          example: "1234567"
    OrderPurchaseScreenRequest:
      title: OrderPurchaseScreenRequest
      type: object
      properties:
        transaction:
          $ref: "#/components/schemas/OrderPurchaseTransaction"
      required:
        - transaction
    OrderPurchaseTransaction:
      title: OrderPurchaseTransaction
      type: object
      required:
        - site_info
        - device_details
        - customer_account
        - transaction_details
      properties:
        site_info:
          $ref: "#/components/schemas/SiteInfo"
        device_details:
          $ref: "#/components/schemas/DeviceDetails"
        customer_account:
          $ref: "#/components/schemas/CustomerAccount"
        transaction_details:
          $ref: "#/components/schemas/TransactionDetails"
    OrderPurchaseScreenResponse:
      title: OrderPurchaseScreenResponse
      type: object
      properties:
        risk_id:
          type: string
          description: Unique identifier assigned to the transaction by Expedia's Fraud
            Prevention Service.
          maxLength: 200
          example: "1234567"
        decision:
          $ref: "#/components/schemas/FraudDecision"
    FraudDecision:
      title: FraudDecision
      type: string
      enum:
        - ACCEPT
        - REVIEW
        - REJECT
    SiteInfo:
      title: SiteInfo
      type: object
      required:
        - country_code
        - agent_assisted
      properties:
        country_code:
          description: The alpha-3 ISO code that represents a country name.
          pattern: ^[A-Z]{3}$
          type: string
          example: USA
        agent_assisted:
          description: Identifies if an agent assisted in booking travel for the customer.
            `False` if the order was directly booked by customer.
          type: boolean
    DeviceDetails:
      title: DeviceDetails
      required:
        - ip_address
      type: object
      properties:
        source:
          type: string
          maxLength: 50
          description: Source of the device_box. Default value is `TrustWidget`.
        device_box:
          type: string
          description: Device related information retrieved from TrustWidget.
        ip_address:
          type: string
          description: IP address of the device used for booking.
          pattern: ^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$|^(?:[A-F0-9]{1,4}:){7}[A-F0-9]{1,4}$
          example: 192.168.32.48
    TransactionDetails:
      title: TransactionDetails
      required:
        - order_id
        - current_order_status
        - order_type
        - travel_products
        - travelers
      type: object
      properties:
        order_id:
          description: Unique identifier assigned to the order by the partner. `order_id`
            is specific to the partner namespace.
          type: string
          maxLength: 50
          example: "1000000234"
        current_order_status:
          description: >
            Status of the order:

            * `IN_PROGRESS` is used when order has not processed fully. For example, inventory has not yet been reserved, or payment has not yet been settled.

            * `COMPLETED` is used when an order has been processed fully. For example, inventory has been reserved, and the payment has been settled.
          type: string
          enum:
            - IN_PROGRESS
            - COMPLETED
        order_type:
          description: >
            Type of order. Possible `order_types`.


            `CREATE` - Initial type of a brand new order.


            `CHANGE` - If a `OrderPurchaseScreenRequest` has already been submitted for the initial booking with `order_type = CREATE`, but has now been modified and partner wishes to resubmit for Fraud screening then the `order_type = CHANGE`. Examples of changes that are supported are changes made to `check-in/checkout dates` or `price of a TravelProduct`.
          type: string
          enum:
            - CREATE
            - CHANGE
          example: CREATE
        travel_products:
          type: array
          minItems: 1
          maxItems: 20
          items:
            $ref: "#/components/schemas/TravelProduct"
        travelers:
          description: Individuals who are part of the travel party for the order. At
            minimum there must be at least `1` traveler.
          type: array
          items:
            $ref: "#/components/schemas/Traveler"
          minItems: 1
          maxItems: 30
        payments:
          description: List of the form(s) of payment being used to purchase the
            order.  One or more forms of payment can be used within an order.
            Information gathered will be specific to the form of payment.
          type: array
          items:
            $ref: "#/components/schemas/Payment"
          minItems: 1
          maxItems: 30
    CustomerAccount:
      title: CustomerAccount
      required:
        - account_type
        - name
        - email_address
      type: object
      properties:
        user_id:
          description: Unique account identifier provided by the partner's Identity
            Provider/System assigned to the account owner by the partner.
            `user_id` is specific to the partner namespace. Used to track repeat
            purchases by the same user.
          type: string
        account_type:
          description: >
            Identifies if the customer account is known to the client. Possible
            values are:


            -`GUEST` - Applicable if the partner maintains record to distinguish whether the transaction was booked via a guest account.


            -`STANDARD` - Default account type.
          type: string
          enum:
            - GUEST
            - STANDARD
          example: STANDARD
        name:
          $ref: "#/components/schemas/Name"
        email_address:
          description: Email address for the account owner.
          type: string
          format: email
        telephones:
          type: array
          items:
            $ref: "#/components/schemas/Telephone"
        address:
          allOf:
            - $ref: "#/components/schemas/Address"
            - required:
                - address_line1
                - city
                - state
                - zip_code
                - country_code
        registered_time:
          description: The local date and time that the customer first registered on the
            client site, in ISO-8601 date and time format
            `yyyy-MM-ddTHH:mm:ss.SSSZ`.
          type: string
          format: date-time
          maxLength: 50
    Traveler:
      title: Traveler
      type: object
      required:
        - traveler_name
        - primary
      properties:
        traveler_name:
          $ref: "#/components/schemas/Name"
        email_address:
          description: Email address associated with the traveler as supplied by the
            partner system.
          type: string
          format: email
          maxLength: 200
        telephones:
          type: array
          items:
            $ref: "#/components/schemas/Telephone"
          minItems: 1
          maxItems: 250
        primary:
          description: Indicator for one of the travelers who is the primary traveler. One
            traveler in each itinerary item must be listed as primary. By
            default, for a single traveler this should be set to `true`.
          type: boolean
        age:
          description: Age of the traveler.
          type: number
        birth_date:
          description: Date of birth for traveler, in ISO-8601 date and time format
            `yyyy-MM-ddTHH:mm:ss.SSSZ`.
          type: string
          format: date-time
          maxLength: 50
        citizenship_country_code:
          description: The alpha-3 ISO country code of the traveler's nationality.
          type: string
          pattern: ^[A-Z]{3}$
          minLength: 3
          maxLength: 3
        traveler_id:
          description: A unique identifier for travelers in the transaction.
          type: string
          maxLength: 100
    Address:
      title: Address
      type: object
      properties:
        address_type:
          type: string
          enum:
            - HOME
            - WORK
        address_line1:
          description: Address line 1 of the address provided.
          type: string
          maxLength: 200
        address_line2:
          description: Address line 2 of the address provided.
          type: string
          maxLength: 200
        city:
          description: City of the address provided.
          type: string
          maxLength: 200
        state:
          description: The two-characters ISO code for the state or province of the address.
          type: string
          pattern: ^[A-Z]{2}$
        zip_code:
          description: Zip code of the address provided.
          type: string
          maxLength: 20
        country_code:
          description: ISO alpha-3 country code of the address provided.
          pattern: ^[A-Z]{3}$
          type: string
    TravelProduct:
      title: TravelProduct
      description: >
        The `type` field value is used as a discriminator, with the following
        mapping:

        * `CRUISE`: `Cruise`

        * `AIR`: `Air`

        * `CAR`: `Car`

        * `INSURANCE`: `Insurance`

        * `HOTEL`: `Hotel`

        * `RAIL`: `Rail`

        * `ACTIVITY`: `Activity`
      required:
        - price
        - type
        - inventory_type
        - inventory_source
      type: object
      discriminator:
        propertyName: type
        mapping:
          CRUISE: "#/components/schemas/Cruise"
          AIR: "#/components/schemas/Air"
          CAR: "#/components/schemas/Car"
          INSURANCE: "#/components/schemas/Insurance"
          HOTEL: "#/components/schemas/Hotel"
          RAIL: "#/components/schemas/Rail"
          ACTIVITY: "#/components/schemas/Activity"
      properties:
        price:
          $ref: "#/components/schemas/Amount"
        type:
          $ref: "#/components/schemas/TravelProductType"
        inventory_type:
          description: >
            Type of inventory.

            Ensure attributes mentioned in dictionary below are set to corresponding values only.

            `inventory_type` has the following mapping with TravelProduct `type` attribute:

            *       inventory_type            :      type

            * ------------------------------------------------------

            *  `Cruise`                       : `CRUISE`

            *  `Air`                          : `AIR`

            *  `Car`                          : `CAR`

            *  `Insurance`                    : `INSURANCE`

            *  `Hotel`                        : `HOTEL`

            *  `Rail`                         : `RAIL`

            *  `Activity`                     : `ACTIVITY`
          type: string
          maxLength: 30
        inventory_source:
          description: >
            Identifies the business model through which the supply is being
            sold. Merchant/Agency.

            * `MERCHANT` is used when Partner is the merchant of record for this order.

            * `AGENCY` is used when this order is through an agency booking.
          type: string
          enum:
            - MERCHANT
            - AGENCY
        travelers_references:
          description: >
            List of travelerGuids who are part of the traveling party on the
            order for the product.

            Information for each product and its required travelers should be provided in the API request.

            If the product booking does not require accompanying quest information then that does not need to be provided in the API request.

            Example:

            * For Air products, all travelers' details are required to complete the booking.

            * For Hotel products, typically the details on the person checking-in is required.

            * For Car products, typically only the primary driver information is required.

            If multiple traveler details are in the itinerary, this structure allows to fill up traveler details once in the `travelers` section, and then associate individual products to the respective travelers.

            This association is made using `traveler_id` field. A GUID can be generated for each object in the `travelers` section. The same GUID can be provided in the `traveler_references` below.

            The `travelers` array should have at least one `traveler` object, and each `traveler` object should have a `traveler_id` which is not necessarily an account id.

            Example:

            *   Travelers

            * ------------

            *  A - GUID1

            *  B - GUID2

            *  C - GUID3

            *

            *   Products

            * ------------

            * Air

            *   [GUID1, GUID2, GUID3]

            * Hotel

            *   [GUID1]

            * Car

            *   [GUID3]

            * Rail

            *   [GUID2]

            * Activity

            *   [GUID1]

            * The example above demonstrates the association of travelers with various products.

            * All three travelers (A, B, and C) are associated with the Air product.

            * Traveler A is associated with the Hotel and Activity products.

            * Traveler C is associated with the Car product.

            * Traveler B is associated with the Rail product.
          type: array
          minItems: 1
          maxItems: 40
          items:
            type: string
            maxLength: 50
        pay_later:
          description: >
            The attribute serves as a boolean indicator that significantly
            influences the handling of payment information during the fraud
            prevention process:

            * When 'pay_later' is set to 'true':
              - This configuration signals that payment information is optional for the booking. Travelers are given the choice to defer payment until they arrive at the rental counter following the completion of the booking.
              - It is imperative for partners to explicitly set this attribute to 'true' when payment information can be optional for a particular booking scenario.
            * When 'pay_later' is set to 'false':
              - In this mode, the attribute mandates the inclusion of payment information during the order purchase screen request. Travelers are required to provide payment details.
              - Partners must exercise caution and ensure they supply the necessary payment information, as failure to do so in cases where 'pay_later' is set to 'false' will result in a 'Bad Request' error. This error helps maintain the consistency and accuracy of the fraud prevention process and payment handling.
          type: boolean
        refundable:
          description: |
            Identifies if the product amount is refundable on cancel:
            * When 'refundable' is set to 'true':
              - This configuration signals that the booking is eligible for cancellation and refund according to the terms and conditions specified by the partner. Travelers are granted the option to cancel the booking and receive a refund, provided they meet the conditions outlined by the partner (e.g., cancellation within a specified time frame).
              - Partners must ensure that they correctly configure this attribute to 'true' when a booking can be refunded, in order to avoid confusion or disputes regarding refund eligibility.
            * When 'refundable' is set to 'false':
              - In this mode, the booking is non-refundable, and no refunds will be issued under any circumstances, except where required by law or other overriding regulations. Travelers should be clearly informed at the time of booking that the reservation is non-refundable.
              - Partners should be careful when setting this attribute to 'false' to ensure that travelers are aware of the non-refundable policy, as failing to properly communicate this could lead to customer dissatisfaction or complaints.
          type: boolean
    Rail:
      title: Rail
      allOf:
        - $ref: "#/components/schemas/TravelProduct"
        - type: object
          required:
            - type
            - route_type
            - rail_segments
          properties:
            route_type:
              description: >
                The type of route or itinerary for the Rail product, indicating
                the travel arrangement and pattern. Possible values are:

                - `MULTIPLE_DESTINATIONS` - The Rail product includes multiple destinations in its itinerary.

                - `ONE_WAY` - The Rail product represents a one-way journey.

                - `ROUNDTRIP` - The Rail product represents a roundtrip journey.
              type: string
              enum:
                - MULTIPLE_DESTINATIONS
                - ONE_WAY
                - ROUND_TRIP
            rail_segments:
              type: array
              minItems: 1
              maxItems: 20
              items:
                $ref: "#/components/schemas/RailSegments"
    RailSegments:
      title: RailSegments
      type: object
      required:
        - departure_time
        - arrival_time
        - departure_station
        - arrival_station
        - transportation_method
      properties:
        departure_time:
          description: The local date and time of the scheduled departure from the
            departure station, in ISO-8601 date and time format
            `yyyy-MM-ddTHH:mm:ss.SSSZ`.
          type: string
          format: date-time
          maxLength: 50
        arrival_time:
          description: The local date and time of the scheduled arrival at the destination
            station, in ISO-8601 date and time format
            `yyyy-MM-ddTHH:mm:ss.SSSZ`.
          type: string
          format: date-time
          maxLength: 50
        departure_station:
          $ref: "#/components/schemas/RailwayStationDetails"
        arrival_station:
          $ref: "#/components/schemas/RailwayStationDetails"
        transportation_method:
          description: >
            This attribute represents the specific transportation method by
            which the passenger is traveling. It captures the mode of
            transportation used during the Rail product journey, Possible values
            are:
                - `BUS` - The Rail product includes bus transportation for certain segments of the itinerary.
                - `FERRY` - The Rail product involves ferry transportation as part of the journey.
                - `PUBLIC_TRANSPORT` - The Rail product represents the use of public transportation modes for the journey.
                - `TRAM` - The Rail product includes tram transportation as part of the journey.
                - `RAIL` - The Rail product specifically utilizes train transportation for the journey.
                - `TRANSFER` - The Rail product involves transfers between different modes of transportation.
                - `OTHER` - The Rail product utilizes transportation methods not covered by the aforementioned categories.
          type: string
          enum:
            - BUS
            - FERRY
            - PUBLIC_TRANSPORT
            - RAIL
            - TRAM
            - TRANSFER
            - OTHERS
        operating_company:
          description: This attribute captures the name or identifier of the company
            responsible for operating the Rail product. It represents the
            specific operating entity, such as Amtrak, British Railways, or a
            bus company.
          type: object
          properties:
            marketing_name:
              description: "The name used by the transportation carrier for marketing purposes
                in the travel segment. Example: ARX, AMTRAC, ARRIVA"
              type: string
              maxLength: 200
    RailwayStationDetails:
      title: RailwayStationDetails
      type: object
      required:
        - name
        - station_code
        - address
      properties:
        name:
          description: The popularly known name or title by which the railway station is
            identified.
          type: string
          maxLength: 200
          example: Grand Central Terminal
        type:
          description: This attribute provides information about the specific
            classification assigned to the rail station. It helps differentiate
            between different types of stations, such as major stations
            (STATION) or stations located within a city (city).
          type: string
          enum:
            - STATION
            - CITY
          example: STATION
        station_code:
          description: The unique identifier or code assigned to an individual rail
            station or a pseudo-station representing all the stations within a
            specific city, from which rail travel originates.
          type: string
          maxLength: 200
          example: GCT
        address:
          $ref: "#/components/schemas/Address"
        timezone:
          description: The timezone associated with the location of the station,
            specifying the local time offset from Coordinated Universal Time
            (UTC).
          type: string
          maxLength: 200
          example: America/New_York
    Activity:
      title: Activity
      allOf:
        - $ref: "#/components/schemas/TravelProduct"
        - type: object
          required:
            - category_name
            - activity_description
            - supply_provider
            - tickets
            - coordinates
          properties:
            category_name:
              description: >
                This field categorizes various types of activities available
                within the product. It allows API consumers to assign
                descriptive labels or keywords representing the nature of each
                activity.

                Possible category name values include:

                * `Adventures`: This category includes activities such as hiking, zip-lining, rock climbing, bungee jumping, and other adventurous pursuits.

                * `Air, Balloon & Helicopter Tours`: This category offers activities like hot air balloon rides, helicopter tours, and aerial sightseeing experiences.

                * `Cruises & Water Tours`: This includes options such as boat cruises, yacht tours, river rafting, snorkeling, and diving expeditions. 

                * `Nightlife`: This category encompasses activities like clubbing, pub crawls, live music events, and cultural performances. These activities predominantly occur during the evening or nighttime.
              type: string
              maxLength: 200
              example: Tours & Sightseeing
            activity_description:
              description: This field provides additional details or a brief explanation of
                the specific activity.
              type: string
              maxLength: 200
              example: 06:40 AM, Tour from Marbella in English, includes Food Only
            supply_provider:
              $ref: "#/components/schemas/SupplyProvider"
            tickets:
              type: array
              minItems: 1
              maxItems: 40
              items:
                $ref: "#/components/schemas/Ticket"
            coordinates:
              $ref: "#/components/schemas/Coordinates"
            start_date_time:
              description: The field represents the start time of an activity, using the
                ISO-8601 date and time format `yyyy-MM-ddTHH:mm:ss.SSSZ`.
              type: string
              format: date-time
              example: 2024-02-21T02:14:00.000-0800
            end_date_time:
              description: The field represents the end time of an activity, using the
                ISO-8601 date and time format `yyyy-MM-ddTHH:mm:ss.SSSZ`.
              type: string
              format: date-time
              example: 2024-02-21T02:14:00.000-0800
            is_passbook:
              description: >
                Indicates whether a QR code is required for an activity, serving
                as proof of reservation or purchase. This includes digital
                tickets saved on mobile applications such as Google Pay, Apple
                Wallet, or similar services provided by activity organizers.
              type: boolean
            available_policy:
              $ref: "#/components/schemas/AvailablePolicy"
    Coordinates:
      type: object
      description: This field signifies the precise geographical coordinates denoting
        the location of the activity.
      required:
        - latitude
        - longitude
      properties:
        latitude:
          description: The latitude in degrees. It must be in the range [-90.0, +90.0].
          type: number
          format: double
          minimum: -90
          maximum: 90
        longitude:
          description: The longitude in degrees. It must be in the range [-180.0, +180.0].
          type: number
          format: double
          minimum: -180
          maximum: 180
    SupplyProvider:
      title: SupplyProvider
      type: object
      required:
        - name
        - type
      properties:
        name:
          description: This field provides name of the partner involved in offering the
            activity.
          type: string
          maxLength: 200
          example: VIATOR
        type:
          description: >
            This field indicates the nature or relationship of the vendor
            associated with a particular activity.

            * `THIRD_PARTY`: This value indicates that the partner integrates with a third-party platform via APIs and ingests activities from them.

            * `DIRECT`: This value signifies that the partner is a direct entity or provider associated with the organization or platform offering the activity.
          type: string
          enum:
            - THIRD_PARTY
            - DIRECT
        vendor_name:
          description: This field describes the name of the third-party vendor who
            provided the supply provider or the operating company with the
            activity.
          type: string
          maxLength: 200
          example: SuperShuttle
    Ticket:
      title: Ticket
      type: object
      required:
        - type
        - quantity
      properties:
        type:
          description: Specifies the type of the ticket, such as ADULT, CHILD, SENIOR,
            STUDENT, or OTHER.
          type: string
          enum:
            - ADULT
            - CHILD
            - SENIOR
            - STUDENT
            - OTHER
        quantity:
          description: This field represents the count or number of tickets associated
            with the type.
          type: integer
          format: int32
          minimum: 1
          maximum: 30
    AvailablePolicy:
      title: AvailablePolicy
      type: object
      properties:
        delayed_fulfillment:
          $ref: "#/components/schemas/DelayedFulfillment"
    DelayedFulfillment:
      title: DelayedFulfillment
      description: This field holds details about activity's capabilities and
        execution details related to inventory hold functionality.
      type: object
      properties:
        is_available:
          description: This field indicates if the fulfillment of an activity is possible
            or not.
          type: boolean
        hold_duration_value:
          description: This field indicates the duration of the hold on an activity.
          type: number
          format: int32
          example: 40
        hold_duration_unit_of_measure:
          description: This field indicates the unit of duration of the hold on an activity.
          type: string
          maxLength: 100
          example: minutes
        is_delayed_customer_confirmation:
          description: >
            This field indicates whether customer order confirmation can be
            delayed. Customer will receive ticket number, voucher ID or any
            other type of confirmation until transaction is successfully
            completed or approved by an analyst during the review process.
          type: boolean
    Air:
      title: Air
      allOf:
        - $ref: "#/components/schemas/TravelProduct"
        - type: object
          required:
            - type
            - departure_time
            - arrival_time
            - air_segments
          properties:
            departure_time:
              description: Local date and time of departure from original departure location,
                in ISO-8601 date and time format `yyyy-MM-ddTHH:mm:ss.SSSZ`.
              type: string
              format: date-time
              maxLength: 50
            arrival_time:
              description: Local date and time of arrival to final destination location, in
                ISO-8601 date and time format `yyyy-MM-ddTHH:mm:ss.SSSZ`.
              type: string
              format: date-time
              maxLength: 50
            air_segments:
              description: Additional airline and flight details for each of the trip
                segments.
              type: array
              minItems: 1
              items:
                $ref: "#/components/schemas/AirSegment"
              maxItems: 30
            flight_type:
              description: Identifies the type of air trip based on the air destinations.
              type: string
              enum:
                - ROUNDTRIP
                - ONEWAY
                - MULTIPLE_DESTINATION
            passenger_name_record:
              description: Airline booking confirmation code for the trip.
              type: string
              maxLength: 100
            global_distribution_system_type:
              description: Associated with Passenger Name Record (PNR).
              type: string
              maxLength: 100
    AirSegment:
      title: AirSegment
      type: object
      required:
        - airline_code
        - departure_airport_code
        - arrival_airport_code
      properties:
        airline_code:
          description: Airline code of the trip segment
          type: string
          maxLength: 10
        departure_airport_code:
          description: Departure airport of the trip segment
          type: string
          maxLength: 10
        arrival_airport_code:
          description: Arrival airport of the trip segment
          type: string
          maxLength: 10
        departure_time:
          description: Local date and time of departure from departure location, in
            ISO-8601 date and time format `yyyy-MM-ddTHH:mm:ss.SSSZ`.
          type: string
          format: date-time
          maxLength: 50
        arrival_time:
          description: Local date and time of arrival to destination location, in ISO-8601
            date and time format `yyyy-MM-ddTHH:mm:ss.SSSZ`.
          type: string
          format: date-time
          maxLength: 50
    Cruise:
      title: Cruise
      allOf:
        - $ref: "#/components/schemas/TravelProduct"
        - type: object
          required:
            - type
            - departure_time
            - arrival_time
            - embarkation_port
            - disembarkation_port
            - ship_name
          properties:
            departure_time:
              description: Local date and time of departure from original departure location,
                in ISO-8601 date and time format `yyyy-MM-ddTHH:mm:ss.SSSZ`.
              type: string
              format: date-time
              maxLength: 50
            arrival_time:
              description: Local date and time of arrival from original arrival location, in
                ISO-8601 date and time format `yyyy-MM-ddTHH:mm:ss.SSSZ`.
              type: string
              format: date-time
              maxLength: 50
            embarkation_port:
              description: Location from where cruise will depart.
              type: string
              maxLength: 200
            disembarkation_port:
              description: The cruise's final destination.
              type: string
              maxLength: 200
            ship_name:
              description: Name of the cruise ship.
              type: string
              maxLength: 200
    Car:
      title: Car
      allOf:
        - $ref: "#/components/schemas/TravelProduct"
        - type: object
          required:
            - type
            - pick_up_location
            - drop_off_location
            - pickup_time
            - return_time
          properties:
            pick_up_location:
              description: Location where the automobile will be picked up.
              type: string
              maxLength: 200
            drop_off_location:
              description: Location at which the automobile will be returned.
              type: string
              maxLength: 200
            pickup_time:
              description: Local date and time the automobile will be picked-up, in ISO-8601
                date and time format `yyyy-MM-ddTHH:mm:ss.SSSZ`.
              type: string
              format: date-time
              maxLength: 50
            return_time:
              description: Local date and time the automobile will be returned, in ISO-8601
                date and time format `yyyy-MM-ddTHH:mm:ss.SSSZ`.
              type: string
              format: date-time
              maxLength: 50
    Hotel:
      title: Hotel
      allOf:
        - $ref: "#/components/schemas/TravelProduct"
        - type: object
          required:
            - type
            - hotel_id
            - hotel_name
            - address
            - checkin_time
            - checkout_time
          properties:
            hotel_id:
              description: Unique hotel identifier assigned by the partner.
              type: string
              maxLength: 200
              example: "8883333999221"
            price_withheld:
              description: Identifies if the product price was withheld from the customer
                during the booking process.
              type: boolean
            hotel_name:
              description: Name of the hotel.
              type: string
              maxLength: 200
              example: Hotel Expedia
            room_count:
              description: Total number of rooms booked within the hotel product collection.
              type: integer
              format: int32
            address:
              $ref: "#/components/schemas/HotelAddress"
            checkin_time:
              description: Local date and time of the hotel check-in, in ISO-8601 date and
                time format `yyyy-MM-ddTHH:mm:ss.SSSZ`.
              type: string
              format: date-time
              maxLength: 50
            checkout_time:
              description: Local date and time of the hotel check-out, in ISO-8601 date and
                time format `yyyy-MM-ddTHH:mm:ss.SSSZ`.
              type: string
              format: date-time
              maxLength: 50
    HotelAddress:
      description: Address of a hotel.
      allOf:
        - $ref: "#/components/schemas/Address"
        - required:
            - address_line1
            - city
            - state
            - zip_code
            - country_code
    Payment:
      title: Payment
      description: >
        The `method` field value is used as a discriminator, with the following
        mapping:

        * `CREDIT_CARD`: `CreditCard`

        * `PAYPAL`: `PayPal`

        * `POINTS`: `Points`

        * `GIFT_CARD`: `GiftCard`

        * `INTERNET_BANK_PAYMENT`: `InternetBankPayment`

        * `DIRECT_DEBIT`: `DirectDebit`
      type: object
      required:
        - brand
        - method
        - billing_name
        - billing_email_address
        - billing_address
      discriminator:
        propertyName: method
        mapping:
          CREDIT_CARD: "#/components/schemas/CreditCard"
          PAYPAL: "#/components/schemas/PayPal"
          POINTS: "#/components/schemas/Points"
          GIFT_CARD: "#/components/schemas/GiftCard"
          INTERNET_BANK_PAYMENT: "#/components/schemas/InternetBankPayment"
          DIRECT_DEBIT: "#/components/schemas/DirectDebit"
      properties:
        brand:
          description: >
            The `brand` field value is the payment brand used for payment on
            this transaction.

            For credit card payment method ensure attributes mentioned in dictionary below are set to corresponding values only.

            Ensure to comply with the naming standards provided in below dictionary. For example, some Payment processors use “Japan Credit Bureau” but “JCB” should be used when calling Fraud API.

            Incorrect `brand` - `card_type` combination will result in data quality issues and result in degraded risk recommendation.

            'brand' is an enum value with the following mapping with CreditCard 'card_type' attribute:

            *       brand                 :      card_type

            * -------------------------------------------------------

            * `AMERICAN_EXPRESS`          : `AMERICAN_EXPRESS`

            * `DINERS_CLUB_INTERNATIONAL` : `DINERS_CLUB`

            * `BC_CARD`                   : `DINERS_CLUB`

            * `DISCOVER`                  : `DISCOVER`

            * `BC_CARD`                   : `DISCOVER`

            * `DINERS_CLUB_INTERNATIONAL` : `DISCOVER`

            * `JCB`                       : `DISCOVER`

            * `JCB`                       : `JCB`

            * `MASTER_CARD`               : `MASTER_CARD`

            * `MAESTRO`                   : `MASTER_CARD`

            * `POSTEPAY_MASTERCARD`       : `MASTER_CARD`

            * `SOLO`                      : `SOLO`

            * `SWITCH`                    : `SWITCH`

            * `MAESTRO`                   : `MAESTRO`

            * `CHINA_UNION_PAY`           : `CHINA_UNION_PAY`

            * `UATP`                      : `UATP`

            * `UATP_SUPPLY`               : `UATP`

            * `AIR_PLUS`                  : `UATP`

            * `UA_PASS_PLUS`              : `UATP`

            * `VISA`                      : `VISA`

            * `VISA_DELTA`                : `VISA`

            * `VISA_ELECTRON`             : `VISA`

            * `CARTA_SI`                  : `VISA`

            * `CARTE_BLEUE`               : `VISA`

            * `VISA_DANKORT`              : `VISA`

            * `POSTEPAY_VISA_ELECTRON`    : `VISA`

            * `PAYPAL`                    :


            'brand' with 'Points' payment_type is an enum value with following:

            * `EXPEDIA_REWARDS`

            * `AMEX_POINTS`

            * `BANK_OF_AMERICA_REWARDS`

            * `DISCOVER_POINTS`

            * `MASTER_CARD_POINTS`

            * `CITI_THANK_YOU_POINTS`

            * `MERRILL_LYNCH_REWARDS`

            * `WELLS_FARGO_POINTS`

            * `DELTA_SKY_MILES`

            * `UNITED_POINTS`

            * `DISCOVER_MILES`

            * `ALASKA_MILES`

            * `RBC_REWARDS`

            * `BILT_REWARDS`

            * `ORBUCKS`

            * `CHEAP_CASH`

            * `BONUS_PLUS`

            * `ULTIMATE_REWARDS`


            'brand' with 'GiftCard' payment_type is an enum value with following:

            * `GIFT_CARD`


            'brand' with 'InternetBankPayment' payment_type is an enum value with following:

            * `IBP`

            * `LOCAL_DEBIT_CARD`

            * `SOFORT`

            * `YANDEX`

            * `WEB_MONEY`

            * `QIWI`

            * `BITCOIN`


            'brand' with 'DirectDebit' payment_type is an enum value with following:

            * `ELV`

            * `INTER_COMPANY`

            * `SEPA_ELV`
          type: string
          enum:
            - AMERICAN_EXPRESS
            - DINERS_CLUB_INTERNATIONAL
            - BC_CARD
            - DISCOVER
            - JCB
            - MASTER_CARD
            - MAESTRO
            - POSTEPAY_MASTERCARD
            - SOLO
            - SWITCH
            - CHINA_UNION_PAY
            - UATP
            - UATP_SUPPLY
            - AIR_PLUS
            - UA_PASS_PLUS
            - VISA
            - VISA_DELTA
            - VISA_ELECTRON
            - CARTA_SI
            - CARTE_BLEUE
            - VISA_DANKORT
            - POSTEPAY_VISA_ELECTRON
            - PAYPAL
            - EXPEDIA_REWARDS
            - AMEX_POINTS
            - BANK_OF_AMERICA_REWARDS
            - DISCOVER_POINTS
            - MASTER_CARD_POINTS
            - CITI_THANK_YOU_POINTS
            - MERRILL_LYNCH_REWARDS
            - WELLS_FARGO_POINTS
            - DELTA_SKY_MILES
            - UNITED_POINTS
            - DISCOVER_MILES
            - ALASKA_MILES
            - RBC_REWARDS
            - BILT_REWARDS
            - ORBUCKS
            - CHEAP_CASH
            - BONUS_PLUS
            - ULTIMATE_REWARDS
            - GIFT_CARD
            - IBP
            - LOCAL_DEBIT_CARD
            - SOFORT
            - YANDEX
            - WEB_MONEY
            - QIWI
            - BITCOIN
            - ELV
            - INTER_COMPANY
            - SEPA_ELV
        method:
          $ref: "#/components/schemas/PaymentMethod"
        reason:
          $ref: "#/components/schemas/PaymentReason"
        billing_name:
          $ref: "#/components/schemas/Name"
        billing_address:
          allOf:
            - $ref: "#/components/schemas/Address"
            - required:
                - zip_code
                - address_line1
                - city
                - country_code
        billing_email_address:
          description: Email address associated with the payment.
          type: string
          format: email
          maxLength: 200
        authorized_amount:
          $ref: "#/components/schemas/Amount"
        verified_amount:
          $ref: "#/components/schemas/Amount"
        three_digits_secure_criteria:
          $ref: "#/components/schemas/PaymentThreeDSCriteria"
        operations:
          $ref: "#/components/schemas/Operations"
        extensions:
          type: object
          additionalProperties:
            type: string
          description: A key-value pair map to hold additional attributes.
    PaymentThreeDSCriteria:
      title: PaymentThreeDSCriteria
      description: Payment ThreeDS criteria attributes.
      type: object
      properties:
        probable_flag:
          description: This is a flag passed that indicates that this transaction could
            potentially go through 3DS.
          type: boolean
        transaction_model:
          description: Model used to process payment transaction.
          type: string
          maxLength: 200
    Operations:
      title: Operations
      description: >
        All operations related to a payment throughout its lifespan. An
        operation represents an event external to Fraud Prevention Service that
        specifies to perform a payment operation. Possible operation types
        include:


        - `Verify`


        - `Authorize`


        - `AuthorizeReversal`


        - `Capture`


        - `Refund`
      type: object
      properties:
        verify:
          $ref: "#/components/schemas/Verify"
        authorize:
          $ref: "#/components/schemas/Authorize"
        authorize_reversal:
          $ref: "#/components/schemas/AuthorizeReversal"
        capture:
          $ref: "#/components/schemas/Capture"
        refunds:
          type: array
          items:
            $ref: "#/components/schemas/Refund"
          maxItems: 20
    Verify:
      title: Verify
      description: A verify operation represents the intent to verify the payment
        associated with this transaction.
      allOf:
        - $ref: "#/components/schemas/PaymentOperation"
        - type: object
          properties:
            type:
              $ref: "#/components/schemas/VerificationType"
    PaymentReason:
      title: PaymentReason
      description: >
        The reason of payment. Possible values:

        - `FULL` - If the amount is paid i full for the order

        - `DEPOSIT` - The initial payment. Amount to be paid up front.

        - `SCHEDULED` - The amount to be payment based on a schedule for the remaining portion of the booking amount.

        - `SUBSEQUENT` - An additional amount paid that was not originally scheduled.

        - `DEFERRED`
      type: string
      enum:
        - FULL
        - DEPOSIT
        - SCHEDULED
        - SUBSEQUENT
        - DEFERRED
    VerificationType:
      title: VerificationType
      description: The type of the verification used to verify the instrument. If the
        Card Verfication Value was provided to verify the credit card used for
        the transaction, `type = CVV`.
      type: string
      enum:
        - CVV
        - 3DS
    Authorize:
      title: Authorize
      description: Authorize operation on the payment. An authorize operation
        represents placing the funds on hold with the specified form of payment.
      allOf:
        - $ref: "#/components/schemas/PaymentOperation"
        - type: object
    AuthorizeReversal:
      title: AuthorizeReversal
      description: Authorize Reversal operation on the payment. An authorize reversal
        operation represents a notification received usually from a 3rd party
        payment processor to indicate that an authorization hold should be
        released as a result of a sale being partially or completely cancelled.
      allOf:
        - $ref: "#/components/schemas/PaymentOperation"
        - type: object
    Capture:
      title: Capture
      description: Capture operation on the payment. A capture operation represents a
        notification received usually from a 3rd party payment processor to
        indicate that the funds placed on hold will be captured and the funds
        transfer process will occur from the customer's funds to the merchant's
        funds.
      allOf:
        - $ref: "#/components/schemas/PaymentOperation"
        - type: object
    Refund:
      title: Refund
      description: Refund operation on the payment. A refund operation represents the
        intent to refund a previous charge.
      allOf:
        - $ref: "#/components/schemas/PaymentOperation"
        - type: object
    PaymentOperation:
      title: PaymentOperation
      type: object
      properties:
        id:
          type: string
          maxLength: 200
        amount:
          $ref: "#/components/schemas/Amount"
        outcome:
          $ref: "#/components/schemas/PaymentOutcome"
    PaymentOutcome:
      title: PaymentOutcome
      type: object
      properties:
        status:
          $ref: "#/components/schemas/PaymentStatus"
        code:
          description: A mnemonic code for the payment processing.
          type: string
          maxLength: 200
        description:
          description: A short description providing additional explanation regarding the
            mnemonic code.
          type: string
          maxLength: 200
    PaymentStatus:
      title: PaymentStatus
      description: The status of the payment operation.
      type: string
      enum:
        - COMPLETED
        - FAILED
    PaymentMethod:
      title: PaymentMethod
      description: "The payment method used at the time of purchase for the
        transaction. Supported `method`'s are: `CREDIT_CARD`, `PAYPAL`,
        `POINTS`, `GIFT_CARD`, `INTERNET_BANK_PAYMENT`, `DIRECT_DEBIT`."
      type: string
      enum:
        - CREDIT_CARD
        - PAYPAL
        - POINTS
        - GIFT_CARD
        - INTERNET_BANK_PAYMENT
        - DIRECT_DEBIT
    TravelProductType:
      title: TravelProductType
      description: Type of product.
      type: string
      enum:
        - CRUISE
        - AIR
        - CAR
        - INSURANCE
        - HOTEL
        - RAIL
        - ACTIVITY
    Insurance:
      title: Insurance
      allOf:
        - $ref: "#/components/schemas/TravelProduct"
        - type: object
          required:
            - type
    CreditCard:
      title: CreditCard
      allOf:
        - $ref: "#/components/schemas/Payment"
        - type: object
          required:
            - billing_address
            - method
            - card_type
            - card_number
            - expiry_date
            - telephones
          properties:
            card_type:
              description: >
                The 'card_type' field value is an enum value which is associated
                with the payment method of the specific payment instrument.

                For credit card payment method ensure attributes mentioned in dictionary below are set to corresponding values only.

                Ensure to comply with the naming standards provided in below dictionary. For example, some Payment processors use “Japan Credit Bureau” but “JCB” should be used when calling Fraud API.

                Incorrect `card_type` - `brand` combination will result in data quality issues and result in degraded risk recommendation.

                'card_type' is an enum value with the following mapping with Payment `brand` attribute:

                *       card_type            :          brand

                * --------------------------------------------------------

                * `AMERICAN_EXPRESS`         : `AMERICAN_EXPRESS`

                * `DINERS_CLUB`              : `DINERS_CLUB_INTERNATIONAL`

                * `DINERS_CLUB`              : `BC_CARD`

                * `DISCOVER`                 : `DISCOVER`

                * `DISCOVER`                 : `BC_CARD`

                * `DISCOVER`                 : `DINERS_CLUB_INTERNATIONAL`

                * `DISCOVER`                 : `JCB`

                * `JCB`                      : `JCB`

                * `MASTER_CARD`              : `MASTER_CARD`

                * `MASTER_CARD`              : `MAESTRO`

                * `MASTER_CARD`              : `POSTEPAY_MASTERCARD`

                * `SOLO`                     : `SOLO`

                * `SWITCH`                   : `SWITCH`

                * `MAESTRO`                  : `MAESTRO`

                * `CHINA_UNION_PAY`          : `CHINA_UNION_PAY`

                * `UATP`                     : `UATP`

                * `UATP`                     : `UATP_SUPPLY`

                * `UATP`                     : `AIR_PLUS`

                * `UATP`                     : `UA_PASS_PLUS`

                * `VISA`                     : `VISA`

                * `VISA`                     : `VISA_DELTA`

                * `VISA`                     : `VISA_ELECTRON`

                * `VISA`                     : `CARTA_SI`

                * `VISA`                     : `CARTE_BLEUE`

                * `VISA`                     : `VISA_DANKORT`

                * `VISA`                     : `POSTEPAY_VISA_ELECTRON`
              type: string
              enum:
                - AMERICAN_EXPRESS
                - DINERS_CLUB
                - DISCOVER
                - JCB
                - MASTER_CARD
                - SOLO
                - SWITCH
                - MAESTRO
                - CHINA_UNION_PAY
                - UATP
                - VISA
            card_number:
              description: All the digits (unencrypted) of the credit card number associated
                with the payment.
              type: string
              maxLength: 200
            expiry_date:
              description: Expiration date of the credit card used for payment, in ISO-8601
                date and time format `yyyy-MM-ddTHH:mm:ss.SSSZ`.
              type: string
              format: date-time
              maxLength: 50
            electronic_commerce_indicator:
              description: Electronic Commerce Indicator, a two or three digit number usually
                returned by a 3rd party payment processor in regards to the
                authentication used when gathering the cardholder's payment
                credentials.
              type: string
              maxLength: 200
            virtual_credit_card_flag:
              description: A flag to indicate that the bank card being used for the charge is
                a virtual credit card.
              type: boolean
            wallet_type:
              description: "If a virtual/digital form of payment was used, the type of digital
                wallet should be specified here. Possible `wallet_type`'s
                include: `Google` or `ApplePay`."
              type: string
              maxLength: 200
            card_avs_response:
              type: string
              maxLength: 50
              description: A field used to confirm if the address provided at the time of
                purchase matches what the bank has on file for the Credit Card.
            card_cvv_response:
              type: string
              maxLength: 20
              description: A field used to confirm the Card Verification Value on the Credit
                Card matches the Credit Card used at the time of purchase.
            telephones:
              description: Telephone(s) associated with card holder and credit card.
              type: array
              minItems: 1
              maxItems: 20
              items:
                $ref: "#/components/schemas/Telephone"
            merchant_order_code:
              description: Reference code passed to acquiring bank at the time of payment.
                This code is the key ID that ties back to payments data at the
                payment level.
              type: string
              maxLength: 200
            card_authentication_failure_count:
              description: Total authentication failure count for given card.
              type: integer
    PayPal:
      title: PayPal
      allOf:
        - $ref: "#/components/schemas/Payment"
        - type: object
          required:
            - method
            - payer_id
            - transaction_id
          properties:
            payer_id:
              description: Unique PayPal Customer Account identification number.
              type: string
              maxLength: 200
            transaction_id:
              description: Unique transaction number to identify Auth calls at PayPal.
              type: string
              maxLength: 200
            merchant_order_code:
              description: Reference code passed to acquiring bank at the time of payment.
                This code is the key ID that ties back to payments data at the
                payment level.
              type: string
              maxLength: 200
    Points:
      title: Points
      allOf:
        - $ref: "#/components/schemas/Payment"
        - type: object
          required:
            - method
            - account_id
          properties:
            account_id:
              description: Points account id.
              type: string
              maxLength: 200
    GiftCard:
      title: GiftCard
      allOf:
        - $ref: "#/components/schemas/Payment"
        - type: object
          required:
            - method
            - card_number
            - card_holder_name
            - pin
          properties:
            card_number:
              description: Gift card number.
              type: string
              pattern: ^[0-9A-Za-z]{4,16}$
              maxLength: 16
              example: 123456ABCDabcd
            card_holder_name:
              description: The name of gift card holder.
              type: string
              maxLength: 200
            pin:
              description: The PIN of gift card.
              type: string
              pattern: ^[0-9]{4,8}$
              maxLength: 8
              example: "123456"
    InternetBankPayment:
      title: InternetBankPayment
      allOf:
        - $ref: "#/components/schemas/Payment"
        - type: object
          required:
            - method
            - bank_id
            - bank_branch_code
            - telephones
          properties:
            bank_id:
              description: The bank_id provided by the internet bank payment(IBP) provider
                (DRWP aka NetGiro) for the bank used for processing the payment.
              type: string
              maxLength: 15
            bank_branch_code:
              description: A code that identifies the bank branch for internet bank
                payment(IBP).
              type: string
              maxLength: 15
            telephones:
              description: Telephone(s) associated with internet bank payment(IBP) provider.
              type: array
              minItems: 1
              maxItems: 20
              items:
                $ref: "#/components/schemas/Telephone"
    DirectDebit:
      title: DirectDebit
      allOf:
        - $ref: "#/components/schemas/Payment"
        - type: object
          required:
            - method
            - account_number
            - telephones
          properties:
            routing_number:
              description: A code that identifies the financial institution for a specific
                bank account. `routing_number` is required if given
                `INTER_COMPANY` or `ELV` as `brand`.
              type: string
              maxLength: 15
              example: "100000000"
            account_number:
              description: Cleartext (unencrypted) DirectDebit bank account number associated
                with the payment instrument.
              type: string
              maxLength: 100
            mandate_type:
              description: >
                The `mandate_type` is required if given `brand` as `SEPA_ELV`
                under `DirectDebit`. 

                It is used for the wire transfer or direct debit transaction whose `routing_number` could not be provided or not supported.  

                Allows values: 

                - `ONE_OFF` 

                - `RECURRING`
              type: string
              enum:
                - ONE_OFF
                - RECURRING
            telephones:
              description: Telephone(s) associated with direct debit payment provider.
              type: array
              minItems: 1
              maxItems: 20
              items:
                $ref: "#/components/schemas/Telephone"
    Name:
      title: Name
      description: Group of attributes intended to hold information about a customer
        or traveler's name for the order.
      type: object
      required:
        - first_name
        - last_name
      properties:
        last_name:
          description: Surname, or last name, of the person.
          type: string
          maxLength: 200
        first_name:
          description: Given, or first name, of the person.
          type: string
          maxLength: 200
        middle_name:
          description: Middle name of the person.
          type: string
          maxLength: 200
        title:
          description: Title of the person for name (e.g. Mr., Ms. etc).
          type: string
          maxLength: 200
        suffix:
          description: Generational designations (e.g. Sr, Jr, III) or values that
            indicate the individual holds a position, educational degree,
            accreditation, office, or honor (e.g. PhD, CCNA, OBE).
          type: string
          maxLength: 50
    Telephone:
      title: Telephone
      description: Group of attributes intended to hold information about phone number
        associated with the transaction.  A user can have one to many phone
        numbers (home, work, mobile, etc.).
      type: object
      required:
        - country_access_code
        - area_code
        - phone_number
      properties:
        type:
          $ref: "#/components/schemas/TelephoneType"
        platform_type:
          $ref: "#/components/schemas/TelephonePlatformType"
        country_access_code:
          description: Numeric digit between 1 to 3 characters used to represent the
            country code for international dialing.  Does not include symbols,
            spaces, or leading zeros.
          type: string
          pattern: ^[0-9]{1,3}$
          maxLength: 3
          example: "1"
        area_code:
          description: "A number prefixed to an individual telephone number: used in
            making long-distance calls.  Does not include symbols, spaces, or
            leading zeros."
          type: string
          pattern: ^[0-9]{1,20}$
          maxLength: 20
          example: "1"
        phone_number:
          description: A number that is dialed on a telephone, without the country or area
            codes, to reach a particular person, business, etc.  Does not
            include symbols, spaces, or leading zeros.
          type: string
          pattern: ^[0-9]{1,50}$
          maxLength: 50
          example: "1234567"
        extension_number:
          description: The number used to reach an individual once a phone connection is
            established.  Does not include symbols, spaces, or leading zeros.
          type: string
          pattern: ^[0-9]{1,20}$
          maxLength: 20
          example: "89"
        preference_rank:
          description: Ranking of order of user preference for contact via text (if type
            is Mobile) or voice.  `0` means no preference.  `1` is the primary
            phone, `2` is the secondary phone, etc.
          type: number
        last_verified_date_time:
          description: Local date and time user validated possession of their phone number
            via a text or voice multi factor authentication challenge, in
            ISO-8601 date and time format `yyyy-MM-ddTHH:mm:ss.SSSZ`.
          type: string
          format: date-time
          maxLength: 50
        verified_flag:
          description: Flag indicating whether user passed validation of possession of
            their phone number via a text or voice multi factor authentication
            challenge.
          type: boolean
    TelephoneType:
      title: TelephoneType
      description: "Classification of the phone (e.g. `Home`, `Mobile`). "
      type: string
      enum:
        - HOME
        - MOBILE
        - BUSINESS
        - FAX
        - OTHER
    TelephonePlatformType:
      title: TelephonePlatformType
      description: Classification of the phone platform.
      type: string
      enum:
        - MOBILE
        - LANDLINE
        - VOIP
    Email:
      title: Email
      description: Group of attributes intended to hold information about email
        address associated with the transaction.
      type: object
      properties:
        email_address:
          description: Full email address including the alias, @ symbol, domain, and root
            domain.
          type: string
          format: email
          maxLength: 200
    Amount:
      title: Amount
      type: object
      required:
        - value
        - currency_code
      properties:
        value:
          description: The amount required in payment for the product/order in local
            currency (including any taxes and fees).
          type: number
          format: double
        currency_code:
          description: The ISO  alpha-3 country code for the amount currency.
          type: string
          pattern: ^[A-Z]{3}$
          maxLength: 3
    AccountTakeoverError:
      description: The object used to describe an error, containing both
        human-readable and machine-readable information.
      type: object
      properties:
        code:
          description: Snake cased all caps error code interpreted from the HTTP status
            code that can programmatically be acted upon.
          type: string
          example: BAD_REQUEST
          enum:
            - UNAUTHORIZED
            - FORBIDDEN
            - NOT_FOUND
            - ACCOUNT_UPDATE_NOT_FOUND
            - TOO_MANY_REQUESTS
            - INTERNAL_SERVER_ERROR
            - BAD_GATEWAY
            - RETRYABLE_ACCOUNT_SCREEN_FAILURE
            - RETRYABLE_ACCOUNT_UPDATE_FAILURE
            - GATEWAY_TIMEOUT
            - BAD_REQUEST
        message:
          description: A human-readable explanation of the error, specific to this error
            occurrence.
          type: string
          example: An input validation error was encountered. Please see causes for more
            details.
      required:
        - code
        - message
    AccountTakeoverUnauthorizedError:
      description: Indicates that the token sent in the 'Authorization' header is
        either invalid or missing. Please check the value in the token field
        along with the token expiration time before retrying.
      example:
        code: UNAUTHORIZED
        message: Invalid EG token provided. Please provide a valid token in the
          Authorization header.
      allOf:
        - $ref: "#/components/schemas/AccountTakeoverError"
    AccountUpdateNotFoundError:
      description: Indicates that the API cannot find the resource that is either
        being requested or against which the operation is being performed.
      example:
        code: ACCOUNT_UPDATE_NOT_FOUND
        message: The request failed because the Account Screen event for this account is
          missing. Please send a new Account Screen event again.
      allOf:
        - $ref: "#/components/schemas/AccountTakeoverError"
    ServiceUnavailableError:
      description: >
        Indicates that the API is either down for maintenance or overloaded and
        cannot fulfill the request at the current time. This is a temporary
        error and retrying the same request after a certain delay could
        eventually result in success.

        There will be a Retry-After HTTP header in API response specifying how long to wait to retry the request. If there is no Retry-After HTTP header then retry can happen immediately. If the error persists after retrying with delay, please reach out to <support team>."
      example:
        code: RETRYABLE_ACCOUNT_SCREEN_FAILURE
        message: A temporary internal error occurred. You can safely retry your call
          using the same account details.
      allOf:
        - $ref: "#/components/schemas/AccountTakeoverError"
    AccountTakeoverBadRequestError:
      description: Indicates that a bad request occurred. Typically it is an invalid
        parameter.
      example:
        code: BAD_REQUEST
        message: An input validation error was encountered. Please see causes for more
          details.
        causes:
          code: MISSING_MANDATORY_PARAM
          field: $.transaction.device_details.device_box
          message: The value of a field was missed or not valid.
      allOf:
        - $ref: "#/components/schemas/AccountTakeoverError"
        - type: object
          properties:
            causes:
              type: array
              items:
                type: object
                properties:
                  code:
                    type: string
                    example: MISSING_MANDATORY_PARAM
                    enum:
                      - MISSING_MANDATORY_PARAM
                      - INVALID_PARAM
                      - INVALID_FORMAT
                  field:
                    type: string
                    description: A JSON Path expression indicating which field, in the request body,
                      caused the error.
                    example: $.transaction.device_details.device_box
                  message:
                    type: string
                    example: The value of a field was missed or not valid.
    AccountUpdateRequest:
      title: AccountUpdateRequest
      type: object
      description: >
        The `type` field value is used as a discriminator, with the following
        mapping:

        * `MULTI_FACTOR_AUTHENTICATION_UPDATE`: `MultiFactorAuthenticationUpdate`

        * `REMEDIATION_UPDATE`: `RemediationUpdate`
      discriminator:
        propertyName: type
        mapping:
          MULTI_FACTOR_AUTHENTICATION_UPDATE: MultiFactorAuthenticationUpdate
          REMEDIATION_UPDATE: RemediationUpdate
      required:
        - type
        - risk_id
      properties:
        type:
          type: string
          description: The categorized type of account update event from the Partner's
            system.
          enum:
            - MULTI_FACTOR_AUTHENTICATION_UPDATE
            - REMEDIATION_UPDATE
        risk_id:
          description: The `risk_id` provided by Expedia's Fraud Prevention Service in the
            `AccountScreenResponse`.
          type: string
          maxLength: 200
          example: "123456789"
    MultiFactorAuthenticationUpdate:
      title: MultiFactorAuthenticationUpdate
      description: Information specific to a user's response to a Multi-Factor
        Authentication initiated by the Partner's system as a result of a fraud
        recommendation.
      allOf:
        - $ref: "#/components/schemas/AccountUpdateRequest"
        - type: object
          required:
            - multi_factor_authentication_attempts
          properties:
            multi_factor_authentication_attempts:
              type: array
              minItems: 1
              maxItems: 20
              items:
                $ref: "#/components/schemas/MultiFactorAuthenticationAttempt"
    MultiFactorAuthenticationAttempt:
      title: MultiFactorAuthenticationAttempt
      type: object
      description: Information specific to the update event by a user.
      required:
        - delivery_method
        - status
        - reference_id
        - provider_name
        - attempt_count
      properties:
        delivery_method:
          type: string
          description: The delivery method of the Multi-Factor Authentication to a user.
          enum:
            - EMAIL
            - SMS
            - VOICE
            - PUSH
        status:
          type: string
          description: >
            The status of a user''s response to the Multi-Factor Authentication
            initiated by the Partner''s system to the user.'

            - `SUCCESS` - Applicable if the user successfully passed the challenge.

            - `ABANDON` - Applicable if the user did not complete the challenge.

            - `FAILED` - Applicable if the user failed the challenge.
          enum:
            - SUCCESS
            - ABANDON
            - FAILED
        reference_id:
          type: string
          description: The identifier related to a Multi-Factor Authentication attempt by
            the Partner's system to the Multi-Factor Authentication provider.
          maxLength: 200
        provider_name:
          type: string
          description: The vendor providing the Multi-Factor Authentication verification.
          maxLength: 200
        attempt_count:
          type: number
          description: The number of attempts a user tried for this Multi-Factor
            Authentication.
        update_start_date_time:
          type: string
          description: The local date and time the Multi-Factor Authentication was
            initiated to a user from the Partner's system, in ISO-8601 date and
            time format `yyyy-MM-ddTHH:mm:ss.SSSZ`.
          format: date-time
          maxLength: 50
        update_end_date_time:
          type: string
          description: The local date and time the Multi-Factor Authentication to a user
            ended in the Partner's system, in ISO-8601 date and time format
            `yyyy-MM-ddTHH:mm:ss.SSSZ`.
          format: date-time
          maxLength: 50
        telephone:
          $ref: "#/components/schemas/Telephone"
        email_address:
          type: string
          description: Email address used for the Multi-Factor Authentication by a user.
          format: email
          maxLength: 200
    RemediationUpdate:
      title: RemediationUpdate
      description: Information specific to remediation actions initiated by the
        Partner's system to a user as a result of a fraud recommendation.
      allOf:
        - $ref: "#/components/schemas/AccountUpdateRequest"
        - type: object
          required:
            - remediation_update_actions
          properties:
            remediation_update_actions:
              type: array
              minItems: 1
              maxItems: 20
              items:
                $ref: "#/components/schemas/RemediationUpdateAction"
    RemediationUpdateAction:
      title: RemediationUpdateAction
      type: object
      description: Information specific to the remediation action initiated by the
        Partner's system to a user.
      required:
        - action_name
        - status
      properties:
        action_name:
          type: string
          description: >
            The categorized remediation action initiated by the Partner''s
            system to a user. Possible values are:

            - `PASSWORD_RESET` - Applicable if this event is the result of a password reset by the Partner''s system.

            - `DISABLE_ACCOUNT` - Applicable if this event is the result of disabling an account by the Partner''s system.

            - `TERMINATE_ALL_SESSIONS` - Applicable if this event is the result of terminating all active user sessions of an account by the Partner''s system.
          enum:
            - PASSWORD_RESET
            - DISABLE_ACCOUNT
            - TERMINATE_ALL_SESSIONS
        status:
          type: string
          description: >
            The status of the remediation action.
              - `SUCCESS` - Applicable if the Partner''s system was successfully able to perform the remediation action.
              - `FAILED` - Applicable if the Partner''s system failed to perform the remediation action.
          enum:
            - SUCCESS
            - FAILED
        update_end_date_time:
          type: string
          description: The local date and time the remediation action to a user ended in
            the Partner's system, in ISO-8601 date and time format
            `yyyy-MM-ddTHH:mm:ss.SSSZ`.
          format: date-time
          maxLength: 50
    AccountUpdateResponse:
      title: AccountUpdateResponse
      type: object
      properties:
        risk_id:
          type: string
          description: Unique identifier of transaction that was updated.
          maxLength: 200
          example: "1234567"
    AccountScreenRequest:
      title: AccountScreenRequest
      type: object
      description: Information for account screening by Expedia's Fraud Prevention Service.
      required:
        - transaction
      properties:
        transaction:
          $ref: "#/components/schemas/AccountTransaction"
    AccountScreenResponse:
      title: AccountScreenResponse
      type: object
      description: Response for an account transaction provided by Expedia's Fraud
        Prevention Service.
      properties:
        risk_id:
          type: string
          description: Unique identifier assigned to the transaction by Expedia's Fraud
            Prevention Service.
          maxLength: 200
          example: "1234567"
        decision:
          $ref: "#/components/schemas/AccountTakeoverFraudDecision"
    AccountTakeoverFraudDecision:
      title: FraudDecision
      type: string
      description: >
        Fraud recommendation for an account transaction. A recommendation can be
        ACCEPT, CHALLENGE, or REJECT.

        - `ACCEPT` - Represents an account transaction where the user’’s account activity is accepted.

        - `CHALLENGE` - Represents an account transaction that requires additional verification or challenges the user’’s identity (example: CAPTCHA, MULTI_FACTOR_AUTHENTICATION, etc).

        - `REJECT` - Represents a suspicious account transaction where the user’’s credentials or their behavior requires us to block the account activity.
      enum:
        - ACCEPT
        - CHALLENGE
        - REJECT
    AccountTransaction:
      title: AccountTransaction
      type: object
      description: Information for an account transaction.
      required:
        - site_info
        - device_details
        - customer_account
        - transaction_details
      properties:
        site_info:
          $ref: "#/components/schemas/AccountTakeoverSiteInfo"
        device_details:
          $ref: "#/components/schemas/AccountTakeoverDeviceDetails"
        customer_account:
          $ref: "#/components/schemas/AccountTakeoverCustomerAccount"
        transaction_details:
          $ref: "#/components/schemas/AccountTakeoverTransactionDetails"
    AccountTakeoverSiteInfo:
      title: SiteInfo
      type: object
      description: Information specific to the Partner's website through which a
        transaction was made.
      required:
        - brand_name
      properties:
        locale:
          type: string
          description: The locale of the website a user is accessing, which is separate
            from the user configured browser locale, in ISO 639-2 language code
            format and in ISO 3166-1 country code format.
          pattern: ^([a-z]{2}-[A-Z]{2})$
          example: en-US
        name:
          type: string
          description: Name of the website from which the event is generated.
          example: expedia.com
          maxLength: 200
        brand_name:
          type: string
          description: The trademark brand name that is displayed to a user on the website.
          maxLength: 200
        placement_name:
          type: string
          description: >
            The categorized name of the page where a user initiated event is
            being evaluated.

            - `LOGIN` - Applicable if the user initiated this account event from a login web page.

            - `PASSWORD_RESET` - Applicable if the user initiated this account event from a password reset web page.
          enum:
            - LOGIN
            - PASSWORD_RESET
    AccountTakeoverDeviceDetails:
      title: DeviceDetails
      type: object
      description: Information specific to the Partner's device through which a
        transaction was made.
      required:
        - device_box
        - ip_address
        - user_agent
      properties:
        source:
          type: string
          maxLength: 50
          description: Source of the device_box. Default value is `TrustWidget`.
        device_box:
          type: string
          description: Device related information retrieved from TrustWidget.
        ip_address:
          type: string
          description: IP address of the device used for this event.
          pattern: ^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$|^(?:[A-F0-9]{1,4}:){7}[A-F0-9]{1,4}$
          example: 192.168.32.48
        user_agent:
          type: string
          description: The application type, operating system, software vendor, or
            software version of the originating request.
          example: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,
            like Gecko) Chrome/114.0.0.0 Safari/537.36
        type:
          type: string
          description: >
            The categorized type of device used by a user. Possible values are:

            - `WEBSITE` - Applicable if the user initiated this event from a web browser on a desktop computer.

            - `PHONE_WEB` - Applicable if the user initiated this event from a web browser on a phone.

            - `TABLET_WEB` - Applicable if the user initiated this event from a web browser on a tablet.

            - `PHONE_APP` - Applicable if the user initiated this event from an app on a phone.

            - `TABLET_APP` - Applicable if the user initiated this event from an app on a tablet.
          enum:
            - WEBSITE
            - PHONE_WEB
            - TABLET_WEB
            - PHONE_APP
            - TABLET_APP
    AccountTakeoverCustomerAccount:
      title: CustomerAccount
      type: object
      description: Information about a user's account.
      required:
        - user_id
        - account_type
        - username
        - email_address
        - registered_time
        - active_flag
      properties:
        user_id:
          type: string
          description: Unique account identifier provided by the Partner's Identity
            Provider/System assigned to the account owner by the partner.
            `user_id` is specific to the Partner's namespace. Used to track
            repeat account activity by the same user.
          maxLength: 200
        account_type:
          type: string
          description: >
            Identifies the account type of a user''s account. Possible values
            are:

            - `INDIVIDUAL` - Applicable if this account is for an individual traveler.

            - `BUSINESS` - Applicable if this account is for a business or organization account used by suppliers or Partners.
          enum:
            - INDIVIDUAL
            - BUSINESS
        account_role:
          type: string
          description: >
            Identifies the account role and associated permissions of a user''s
            account. Possible values are:

            - `USER`: Basic account with no special privileges.

            - `MANAGER`: Account with additional privileges, such as the ability to make bookings for others.

            - `ADMIN`: Account with higher privileges than a manager, including the ability to grant manager access to other users.
          enum:
            - USER
            - MANAGER
            - ADMIN
        name:
          $ref: "#/components/schemas/AccountTakeoverName"
        username:
          type: string
          description: Username of the account.
          maxLength: 200
        email_address:
          description: Email address for the account owner.
          type: string
          format: email
        telephones:
          type: array
          maxItems: 20
          items:
            $ref: "#/components/schemas/Telephone"
        address:
          allOf:
            - $ref: "#/components/schemas/Address"
            - required:
                - address_line1
                - city
                - state
                - zip_code
                - country_code
        registered_time:
          description: The local date and time that the customer first registered on the
            Partner's site, in ISO-8601 date and time format
            `yyyy-MM-ddTHH:mm:ss.SSSZ`.
          type: string
          format: date-time
          maxLength: 50
        active_flag:
          type: boolean
          description: Indicator for if this account is an active account or not.
        loyalty_member_id:
          type: string
          description: Unique loyalty identifier for a user.
          maxLength: 200
    AccountTakeoverName:
      title: Name
      description: Group of attributes intended to hold information about a customer
        or traveler''s name for the account.
      type: object
      required:
        - first_name
        - last_name
      properties:
        last_name:
          description: Surname, or last name, of the person.
          type: string
          maxLength: 200
        first_name:
          description: Given, or first name, of the person.
          type: string
          maxLength: 200
        middle_name:
          description: Middle name of the person.
          type: string
          maxLength: 200
        title:
          description: Title of the person for name (e.g. Mr., Ms. etc).
          type: string
          maxLength: 200
        suffix:
          description: Generational designations (e.g. Sr, Jr, III) or values indicate
            that the individual holds a position, educational degree,
            accreditation, office, or honor (e.g. PhD, CCNA, OBE).
          type: string
          maxLength: 50
    AccountTakeoverTransactionDetails:
      title: TransactionDetails
      type: object
      description: >
        The `transaction_type` field value is used as a discriminator, with the
        following mapping:

        * `LOGIN`: `LoginTransactionDetails`
      required:
        - type
        - transaction_date_time
        - transaction_id
      discriminator:
        propertyName: type
        mapping:
          LOGIN: "#/components/schemas/LoginTransactionDetails"
      properties:
        type:
          type: string
          description: The categorized type of account event related to a user's action.
          enum:
            - LOGIN
        transaction_date_time:
          type: string
          description: The local date and time the transaction occured in the Partner's
            system, in ISO-8601 date and time format `yyyy-MM-ddTHH:mm:ss.SSSZ`.
          format: date-time
          maxLength: 50
        transaction_id:
          type: string
          description: Unique identifier to identify a transaction attempt in the
            Partner's system.
          maxLength: 200
        current_user_session:
          $ref: "#/components/schemas/CurrentUserSession"
    LoginTransactionDetails:
      title: LoginTransactionDetails
      allOf:
        - $ref: "#/components/schemas/AccountTakeoverTransactionDetails"
        - type: object
          description: Specific information about a login transaction for a user.
          required:
            - authentication_type
            - successful_login_flag
          properties:
            authentication_type:
              type: string
              description: >
                The type of login authentication method used by a user.

                For `authentication_type` ensure attributes mentioned in dictionary below are set to corresponding values only.

                `authentication_type` is an enum value with the following mapping with `authentication_sub_type` attribute:

                *       authentication_type       :     authentication_sub_type

                * -------------------------------------------------------------------------------

                * `CREDENTIALS`                         : `EMAIL`

                * `CREDENTIALS`                         :

                * `PASSWORD_RESET`                      : `EMAIL`

                * `SINGLE_SIGN_ON`                      : `EMAIL`

                * `MULTI_FACTOR_AUTHENTICATION`         : `EMAIL`

                * `MULTI_FACTOR_AUTHENTICATION`         : `PHONE`

                * `SOCIAL`                              : `GOOGLE`

                * `SOCIAL`                              : `FACEBOOK`

                * `SOCIAL`                              : `APPLE`
              enum:
                - CREDENTIALS
                - PASSWORD_RESET
                - SOCIAL
                - SINGLE_SIGN_ON
                - MULTI_FACTOR_AUTHENTICATION
            authentication_sub_type:
              type: string
              description: >
                The sub type of login authentication method used by a user.

                For `authentication_sub_type` ensure attributes mentioned in dictionary below are set to corresponding values only.

                `authentication_sub_type` is an enum value with the following mapping with `authentication_type` attribute:

                *       authentication_sub_type   :     authentication_type

                * -------------------------------------------------------------------------------

                * `EMAIL`                               : `CREDENTIALS`

                * `EMAIL`                               : `PASSWORD_RESET`

                * `EMAIL`                               : `SINGLE_SIGN_ON`

                * `EMAIL`                               : `MULTI_FACTOR_AUTHENTICATION`

                * `PHONE`                               : `MULTI_FACTOR_AUTHENTICATION`

                * `GOOGLE`                              : `SOCIAL`

                * `FACEBOOK`                            : `SOCIAL`

                * `APPLE`                               : `SOCIAL`

                *                                       : `CREDENTIALS`
              enum:
                - EMAIL
                - PHONE
                - GOOGLE
                - FACEBOOK
                - APPLE
            successful_login_flag:
              type: boolean
              description: Identifies if a login attempt by a user was successful or not.
            failed_login_reason:
              type: string
              description: >
                The reason for the failed login attempt in the Partner''s
                system, related to user failure or Partner''s system failure.

                - `INVALID_CREDENTIALS` - Applicable if the user provided invalid login credentials for this login attempt.

                - `ACCOUNT_NOT_FOUND` - Applicable if the user attempted to login to an account that doesn't exist.

                - `VERIFICATION_FAILED` - Applicable if the user failed the verification for this login, or any authentication exception occured in the Partner system for this login attempt.

                - `ACCOUNT_LOCKED` - Applicable if the user attempted to login to an account that is locked.
              enum:
                - INVALID_CREDENTIALS
                - ACCOUNT_NOT_FOUND
                - VERIFICATION_FAILED
                - ACCOUNT_LOCKED
    CurrentUserSession:
      title: CurrentUserSession
      type: object
      description: >
        The current user session prior to this transaction, which contains
        details related to any challenge initiated by the Partner''s system to a
        user before calling Expedia''s Fraud Prevention Service.

        An example is if the Partner''s system sent a Captcha challenge to the user before calling Expedia''s Fraud Prevention Service.
      properties:
        session_id:
          type: string
          description: Unique identifier for a user's session on their device
          maxLength: 200
        start_date_time:
          type: string
          description: The local date and time a user's session started, in ISO-8601 date
            and time format `yyyy-MM-ddTHH:mm:ss.SSSZ`.
          format: date-time
          maxLength: 50
        challenge_detail:
          $ref: "#/components/schemas/ChallengeDetail"
    ChallengeDetail:
      title: ChallengeDetail
      type: object
      description: Information related to challenges initiated by the Partner's system
        to a user before calling Expedia's Fraud Prevention Service.
      required:
        - displayed_flag
        - type
        - status
      properties:
        displayed_flag:
          type: boolean
          description: Indicates that there was a challenge initiated by the Partner's
            system to a user before calling Expedia's Fraud Prevention Service.
        type:
          type: string
          description: >
            The kind of challenge served by the Partner''s system to a user
            prior to calling Expedia''s Fraud Prevention Service.

            - `CAPTCHA` - Applicable if the challenge served by the Partner''s system was a Captcha challenge.

            - `TWO_FACTOR` - Applicable if the challenge served by the Partner''s system was a two-factor challenge including (Email verification, One Time Password, Okta, etc).
          enum:
            - CAPTCHA
            - TWO_FACTOR
        status:
          type: string
          description: >
            The status of the challenge served by the Partner''s system to a
            user before calling Expedia''s Fraud Prevention Service.

            - `SUCCESS` - Applicable if the user successfully passed the challenge.

            - `FAILED` - Applicable if the user failed the challenge.
          enum:
            - SUCCESS
            - FAILED
  securitySchemes:
    orderPurchaseScreenAuth:
      type: oauth2
      flows:
        clientCredentials:
          tokenUrl: https://api.expediagroup.com/identity/oauth2/v3/token?grant_type=client_credentials
          scopes:
            fraudandrisk.fraud.order-purchase-screen: Use Fraud Systems for screening orders
    orderPurchaseUpdateAuth:
      type: oauth2
      flows:
        clientCredentials:
          tokenUrl: https://api.expediagroup.com/identity/oauth2/v3/token?grant_type=client_credentials
          scopes:
            fraudandrisk.fraud.order-purchase-update: Use Fraud Systems for updating orders