Evaluation
This section describes the steps to test the integration of Risk Management SDK in cases where the application back end is not ready to communicate with the policy manager residing at the Risk Management back end.
Communication between the application back end and the policy manager can be mocked using any toll, such as SoupUI or Postman for validation purpose. When the application receives the visitID from the Risk Management SDK, it can be passed to the policy manager using API specifications as mentioned in the following table.
URL: https://thales-backend-url/api/v1/tenants/tenantID/visits/the_generated_visit_id/decision: API to request the decision for a particular visitID
Contact Thales to get the Thales-backend-url and tenantID values for your organization.
Request parameters for communication with the policy manager
| Parameter | Description | Parameter type | Data type |
|---|---|---|---|
| Authorization | A JWT using the Bearer schema. The server checks the validity of the token provided to control access to this protected resource. The claim 'role' must include 'tenant-oper'. |
header | string |
| Data Type | A unique identifier of a tenant matching the regular expression: [A-Za-z0-9_-] | ||
| visitId | A unique identifier of a visit matching the regular expression: m?[A-Fa-f0-9_-] | ||
| body | content-type: application/json Some properties of type 'string', ‘integer’, boolean or 'array of strings' representing the context of the evaluation. They are used to match the scope of the policy. PolicyEvalBody{ userId (string): A unique identifier of a user. actions: Either “Login”, “Transfer”, or “New beneficiary”. This value matches a corresponding event in a policy. usergroups: Groups that the user belongs to. This is an array if the user belongs to several groups, or a single string if the user belongs to one group. This value(s) matches the usergroups defined in policy context. levelOfSensitivity: Either “low”, “medium” or “high”. This value matches the levelOfSensitivity defined in policy context destinationAccountNumber (string, optional):(Only when ThreatMetrix assurance engine is used).The destination account number used for a fund transfer. emailAccount (string, optional): The email account of the user with a valid format. flag001 …flag100 (boolean, optional): An optional custom flag. These flags can be used to match a custom boolean condition in the policy. score001 …score100 (integer, optional): An optional custom score. These scores can be used to match a custom integer condition in the policy. … third party keys … When ThreatMetrix assurance engine is used, you can set one or several third-party keys according to your needs.} |
body | object |
Example of a request body
{
"userId": "11456788836",
"actions": "login",
"usergroups": "VIP",
"levelOfSensitivity": "medium"
"destinationAccountNumber": "RO49AAAA1B31007593840000",
"emailAccount": john.doe@mail.com ,
"flag005": true ,
"score058": 50
}
Direct communication between the policy manager and the application, or between the policy manager and some other tool (Postman, SoapUI etc.) should be used only for testing purposes. For any production level integration, your back end should be the only entity communicating directly with the policy manager.
