--- title: Gift Card Redemption - Threat Detection - Subflow description: The Gift Card Redemption - Threat Detection - Subflow uses PingOne Protect to provide a risk assessment of the current user. component: pingone-solutions page_id: pingone-solutions:gift-card-auth:flow_reference/gift_card_threat_detection_subflow canonical_url: https://docs.pingidentity.com/pingone-solutions/gift-card-auth/flow_reference/gift_card_threat_detection_subflow.html revdate: January 1, 2025 section_ids: purpose: Purpose structure: Structure input-schema: Input schema output-schema: Output schema variables-and-parameters: Variables and parameters --- # Gift Card Redemption - Threat Detection - Subflow The **Gift Card Redemption - Threat Detection - Subflow** uses PingOne Protect to provide a risk assessment of the current user. ## Purpose The **Gift Card Redemption - Threat Detection - Subflow** passes user information to PingOne Protect to perform a risk assessment. The assessment results are made available to other flows. ## Structure This flow is divided into sections using teleport nodes: * **Detect Threat using PingOne Protect** A function node verifies that the username, flow type, and `skriskcomponent` are all present. If all values are present, a PingOne Protect node creates a risk evaluation. If the evaluation succeeds, comparison nodes verify that no bot, AITM, or disposable email was detected. If a bot is detected, the flow progresses to the **Return Error** section. If an AITM or disposable email is detected, the flow progresses to the **Disable User, Notify User With Password Reset Link And Return Error If AITM/Disposable Mail Detected** section. If no AITM or disposable email is detected, a function node checks the risk level. If a high risk is detected, function nodes verify that the calling flow is not Gift Card Redemption - Account Registration - Subflow, that the user's PingOne user ID is known, and that the user is active. PingOne nodes then either notify the user of the new device login if a new device was found or notify the user of the high risk if a new device was not found. Regardless of the risk level, function nodes check for a PingOne user ID and verify that the user's account is not disabled. The flow then proceeds to the **Return Success** section. * **Disable User, Notify User With Password Reset Link And Return Error If AITM/Disposable Mail Detected** Function nodes verify that the calling flow is not Gift Card Redemption - Account Registration - Subflow, that the user's PingOne user ID is known, and that the user is active. If these conditions are met, a PingOne node disables the user, then the flow progresses to the **Create And Send Link To User's Email To Reset Password And Enable Account After Password Reset** section. * **Create And Send Link To User's Email To Reset Password And Enable Account After Password Reset** Uses a flow connector node to create a magic link with an out-of-band start while simultaneously progressing to the **Challenge Acceptance By The User By Clicking On The Link From Email** section. The section then uses a PingOne node to notify the user of the account suspesnsion and progresses to the **Return Error** section. * **Challenge Acceptance By The User By Clicking On The Link From Email** Uses function nodes to check the challenge status. When the challenge is approved, invokes the **Gift Card Redemption - Account Recovery - Main Flow**. * **Return Success** Sends a JSON success message. * **Return Error** Uses a function node to enrich the error details, then sends a JSON error message. If the PingOne Protect evaluation ID is not present, a PingOne Protect node updates the PingOne Protect risk evaluation to `Failed`. ## Input schema This flow has the following inputs: | Input name | Required | Description | | ----------------------- | -------- | ----------------------------------------------------------------------------------------------------------- | | `skriskcomponent` | Yes | The `SKRisk` component to be used in the risk evaluation. | | `p1UserId` | No | The user ID to be passed to PingOne Protect. | | `p1UserName` | Yes | The username to be evaluated by PingOne Protect. | | `p1ProtectRiskPolicyId` | No | The risk policy ID to be passed to PingOne Protect. If it is not provided, the default risk policy is used. | | `flowType` | Yes | The flow type to be passed to PingOne Protect. | | `ipAddress` | Yes | The user IP address to be passed to PingOne Protect. | | `isAccountEnabled` | No | A boolean indicating whether the user's account is enabled. | | `applicationID` | No | The application ID to be passed to PingOne Protect. | | `sessionID` | No | The session ID to be passed to PingOne Protect. | | `customAttributes` | No | Any custom PingOne attributes to be passed to PingOne Protect. | | `userAgent` | No | The PingOne Protect user agent. | | `usercookie` | No | The PingOne Protect user cookie. | ## Output schema This flow has the following outputs: | Output name | Description | | ---------------------- | ---------------------------------------------------------------------------------------------------------------------- | | `protectRiskEvalID` | The risk ID of the current user as used by PingOne Protect. | | `protectActivityState` | The user's state or province, as determined by PingOne Protect. | | `protectActivityCity` | The user's city, as determined by PingOne Protect. | | `protectDeviceStatus` | The status of the user's device as determined by PingOne Protect. | | `protectPredictor` | The action recommended by PingOne Protect. | | `protectRiskLevel` | The risk level of the current user as determined by PingOne Protect. | | `errorMessage` | The error message returned by the flow. Sent only if the flow progressed to the **Return Error** section. | | `errorDetails` | The detailed error information returned by the flow. Sent only if the flow progressed to the **Return Error** section. | ## Variables and parameters This flow does not directly use any variable or parameter values.