Glossary

Core terms

• Actor: the user, service, or principal attempting a protected action.
• Resource: the object being accessed or changed, such as a customer, account, record, or payment method.
• Protected operation: the concrete sensitive business action being evaluated, identified by an operation key.
• Policy: the versioned rules assigned to protected operations.
• Decision: the outcome for a protected transaction, such as allow, allow_redacted, step_up_required, throttle, or deny.
• Step-up: a required stronger proof before a risky action can continue.
• Evaluated transaction: one protected runtime action recorded by TxnShield.
• AI BYOK: bring your own AI provider key for advisory workflows.
• Webhook endpoint: a signed outbound receiver for TxnShield events.