Step-up and redaction

Step-up

Step-up means the action needs stronger proof before it can continue. TxnShield can return step_up_required when risk is elevated but not high enough to deny outright.

Your app remains responsible for the user experience: show the challenge, verify it, then retry or continue the protected action with the new signal.

allow_redacted

allow_redacted means the transaction can proceed, but sensitive fields should be masked or dropped. This is useful for support and analytics workflows where partial access is safer than full access.

Policy redaction is a plan-gated feature because it affects data exposure controls in live workflows.

Complements auth

TxnShield does not replace authentication or authorization. It adds transaction-aware controls after login, using operation key, actor, resource, request shape, policy, and risk signals.