--- title: PingOneProtectThreatLevelRoutingHandler description: Uses a PingOneProtectEvaluationContext representing a risk evaluation to route the inbound request according to the risk level. component: pinggateway version: 2026 page_id: pinggateway:reference:PingOneProtectThreatLevelRoutingHandler canonical_url: https://docs.pingidentity.com/pinggateway/2026/reference/PingOneProtectThreatLevelRoutingHandler.html revdate: 2025-07-03T16:53:36Z section_ids: usage: Usage configuration: Configuration example: Example threat_level_routing_handler: Threat-level routing handler alt-example-dispatch-handler: Alternative with dispatch handler more_information: More information --- # PingOneProtectThreatLevelRoutingHandler Uses a [PingOneProtectEvaluationContext](PingOneProtectEvaluationContext.html) representing a risk evaluation to route the inbound request according to the risk level. You use a PingOneProtectEvaluationFilter to make a risk assessment request to PingOne Protect. The filter records the evaluation in a [PingOneProtectEvaluationContext](PingOneProtectEvaluationContext.html) object. The PingOneProtectThreatLevelRoutingHandler acts on the risk level set in the context. After completing additional actions to verify the identity of a user following a risk evaluation, record the outcome using a [PingOneProtectFeedbackSuccessFilter](PingOneProtectFeedbackSuccessFilter.html) or a [PingOneProtectFeedbackFailureFilter](PingOneProtectFeedbackFailureFilter.html). For complex scenarios where you don't want to base the decision on the risk level, you can [use a DispatchHandler instead](#alt-example-dispatch-handler). ## Usage ```json { "name": string, "type": "PingOneProtectThreatLevelRoutingHandler", "config": { "levels": { "low": Handler reference, "medium": Handler reference, "high": Handler reference } } } ``` ## Configuration * `"levels"`: *array of [objects](preface.html#definition-object), required* Object mapping a risk level to a handler. * `"low"`: *Handler [reference](preface.html#definition-reference), required* The handler responsible for low-risk requests. * `"medium"`: *Handler [reference](preface.html#definition-reference), required* The handler responsible for medium-risk requests. * `"high"`: *Handler [reference](preface.html#definition-reference), required* The handler responsible for high-risk requests. ## Example ### Threat-level routing handler The following example sends low-risk requests straight through, medium-risk requests to a handler for additional authentication, for example, and high-risk requests to a handler that denies access and takes additional action: ```json { "name": "PingOneProtectThreatLevelRoutingHandler-1", "type": "PingOneProtectThreatLevelRoutingHandler", "config": { "levels": { "low": "passthroughHandler", "medium": "mediumRiskHandler", "high": "highRiskHandler" } } } ``` ### Alternative with dispatch handler This example uses a [DispatchHandler](DispatchHandler.html) to route requests based on the risk evaluation score rather than the levels: ```json { "name": "scoreBasedRoutingHandler", "type": "DispatchHandler", "config": { "bindings": [ { "condition": "${contexts.pingOneProtect.score <= 30}", "handler": "passthroughHandler" }, { "condition": "${contexts.pingOneProtect.score > 30 && contexts.pingOneProtect.score <= 70}", "handler": "mediumRiskHandler" }, { "condition": "${contexts.pingOneProtect.score > 70}", "handler": "highRiskHandler" } ] } } ``` The conditions depend on the [PingOne Protect risk evaluation response API](https://docs.pingidentity.com/pingone/threat_protection_using_pingone_protect/p1_protect_risk_evaluations.html) and the [PingOneProtectEvaluationContext](PingOneProtectEvaluationContext.html). ## More information [org.forgerock.openig.ping.protect.PingOneProtectThreatLevelRoutingHandler](../_attachments/apidocs/org/forgerock/openig/ping/protect/PingOneProtectThreatLevelRoutingHandler.html)