Document toolboxDocument toolbox

securityData

Owned by Heikki Henriksen
12 Dec 2018
3 min read
URLhttps://<fraud-data-baseurl>/securityData/<tid>
Request

GET with URL path parameter tid for the authentication session is question (Transaction ID from the ID Token)

AuthenticationAccess Token as Bearer Token in Authorization Header
Response
202AcceptedA new process for retrieval of fraud data for tid  is accepted
204No ContentA process for retrieval of fraud data for tid  is still ongoing (not yet completed)
200OKA process for retrieval of fraud data for tid has completed. The body contains a JSON with fraud data response elements.
400Bad requestThe tid value does not correspond to a session associated with the requesting OIDC client
401Unauthorized Bearer token is missing or not accepted for any reason
403ForbiddenBearer token has insufficient scope
404Not foundThe tid  is an unknown value for the OIDC Provider.
410GoneFraud data for tid is no longer available
429Too many requests The fraud data service is currently too busy to serve the request
500Internal server error Any other error condition

Error responses contains further information on the reason according to standard.

ExampleSee below

This method provides data (security data / fraud data) that can be used for risk scoring on a recent authentication session via the OIDC Provider. The  tid claim from the ID Token works as the reference to the session in question. At first invocation of this method for a given tid, the Fraud Data service starts a process to retrieve all relevant data for the transaction in question. When all available fraud data for the given transaction has been retrieved, the set of available data may be returned to the requesting OIDC Client upon request. The typical usage pattern for an OIDC Client is to receive a 202 in response to the initial request, followed by one or more 204 responses on subsequent polling requests, before the service eventually responds with a 200 along with the actual fraud data in the body. 

The Fraud Data service is classified as a near-realtime service. Retrieval of a full set of fraud data may take up to 10 seconds to complete. After completion fraud data will be available for an extended time period of 3600 seconds. The polling interval while waiting for data should not be more frequent that once every 1-5 seconds.

Response elements

The set of fraud data is returned as JSON containing supported fraud data claims for the Identity Provider in question.

Example

The following is an example for a request to the Fraud Data service for a given tid value

seurityData request
TBC

The following is a truncated JSON example from the response from the Fraud Data service for an authentication session with BankID netcentric. A complete JSON example is not included in this documentation for security reasons. A complete example can be provided upon request.

seurityData JSON response
{
  "tid": "754a1771-8f6a-4fa5-b6d7-47d81dda493d",
  "transaction_data": {
    ...
    "BankID_browserName": "Chrome",
    "BankID_timeZone": "Europe/Oslo",
    "BankID_osName": "Linux",
    "BankID_osVersion": "Unknown",
    "BankID_userAgent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.186 Safari/537.36",
    "BankID_language": "\"en-US\"",
	...
   },
  "derived_data": {
	...
    "BankID_User_IP": "195.18.161.2",
    "BankID_Alarm_IDx": "No alarms",
    "BankID_fpf": "0",
    "BankID_fpf_classification": "Unknown",
    "BankID_env": "0",
    "BankID_env_classification": "Unknown",
    "BankID_irs": "0",
    "BankID_irs_classification": "Unknown",
    "BankID_dms": "0",
    "BankID_dms_classification": "Unknown",
    "BankID_ips": "0",
    "BankID_ips_classification": "Unknown",
	...
  }
}