# Retrieve Risk Control Details
source: https://developer.mastercard.com/mastercard-processing-fraud/documentation/use-cases/retrieve-risk-control-details/index.md

## Overview {#overview}

This use case describes how an issuer's fraud and risk management team wants to display the current risk control configuration defined in the CMS for a specified card and its counters usage in their internal fraud and risk management platform.

## Sequence diagram {#sequence-diagram}

Diagram retrieve-risk-control-details

### Explanation {#explanation}

1. The fraud and risk team browses transactions in their internal back-office system and selects to display risk rule details for one of a card that generates transactions. The back-office system sends the request to the server to display risk rule details for a specified card generating suspicious activities.

2. The server sends a GET request to the `/contracts/{contract_id}/risk-controls` endpoint by passing a list of risk controls to be returned in the `risk_control_codes` query parameter.

   Tip: The risk_control_codes is serialized with explode: false, so it must be separated with a comma. For example, `/contracts/{contract_id}/risk-controls?risk_control_codes= COUNTRY_VELOCITY_CONTROL,ATM_FRENCH_USERS_RULE`. Note: For the standard product, the server must put the `cardContractId` value in place of the `contract_id` in the path. Possible values for the `risk_control_codes` parameter are defined during the onboarding process.

   <br />

3. The API sends a response to the server confirming that the risk control has been redefined.
   The API returns details for each of the requested risk controls. The response contains the following:

   * Risk controls parameters
   * The current (at the time of the request) usage information that includes `usedAmount` and `usedNumber` -- (amount and the number of already performed transactions, respectively).

Refer to [Endpoint](https://developer.mastercard.com/mastercard-processing-fraud/documentation/use-cases/retrieve-risk-control-details/index.md#endpoint) to check the complete list of data returned by the endpoint.

Note: If you do not specify any `risk_control_codes` in the query parameter, the API will return HTTP code 200 without any data. 4. The server sends a response to the back-office system that displays the risk control parameters to the fraud and risk team members.

<br />

Refer to [Sandbox testing](https://developer.mastercard.com/mastercard-processing-fraud/documentation/sandbox-testing/index.md) for more information on how to execute the use case in the Sandbox environment.

## Endpoint {#endpoint}


API Reference: `GET /contracts/{contract_id}/risk-controls`