Appendix A: Evaluation
This section describes the steps to test the integration of OIP Risk Management SDK in cases where the bank backend is not ready to communicate with the policy manager residing at OIP Risk Management backend.
Bank backend to policy manager communication can be mocked using any toll such as SoupUI or Postman for validation purpose. Once the application receives the visitID from OIP Risk Management SDK, it can be passed to policy manager by using API specifications as mentioned in the following table.
URL: https://thales-backend-url/api/v1/tenants/tenantID/visits/the_generated_visit_id/decision - API to request the decision for a given visitID.
Note: Please request Thales to get Thales-backend-url and tenantID values for your organization.
Note
Please contact Thales to get the Thales-backend-url and tenantID values for your organization.
List of Request parameters for communication with Policy Manager
| Parameter | Description | Parameter type | Data type |
|---|---|---|---|
| Authorization | A JWT using the Bearer schema. The server checks the validity of the token provided to control access to this protected resource. The claim 'role' must include 'tenant-oper'. |
header | string |
| Data Type | A unique identifier of a tenant matching the regular expression: [A-Za-z0-9_-] | ||
| visitId | A unique identifier of a visit matching the regular expression: m?[A-Fa-f0-9_-] | ||
| body | content-type: application/json Some properties of type 'string', ‘integer’, boolean or 'array of strings' representing the context of the evaluation. They are used to match the scope of the policy. PolicyEvalBody{ userId (string): A unique identifier of a user. actions: Either “Login”, “Transfer”, or “New beneficiary”. This value matches a corresponding event in a policy. usergroups: Groups that the user belongs to. This is an array if the user belongs to several groups, or a single string if the user belongs to one group. This value(s) matches the usergroups defined in policy context. levelOfSensitivity: Either “low”, “medium” or “high”. This value matches the levelOfSensitivity defined in policy context destinationAccountNumber (string, optional):(Only when ThreatMetrix assurance engine is used).The destination account number used for a fund transfer. emailAccount (string, optional): The email account of the user with a valid format. flag001 …flag100 (boolean, optional): An optional custom flag. These flags can be used to match a custom boolean condition in the policy. score001 …score100 (integer, optional): An optional custom score. These scores can be used to match a custom integer condition in the policy. … third party keys … When ThreatMetrix assurance engine is used, you can set one or several third-party keys according to your needs.} |
body | object |
Example of a request body:
{
"userId": "11456788836",
"actions": "login",
"usergroups": "VIP",
"levelOfSensitivity": "medium"
"destinationAccountNumber": "RO49AAAA1B31007593840000",
"emailAccount": john.doe@mail.com ,
"flag005": true ,
"score058": 50
}
Note
Direct communication between the Policy Manager and the application, or between the Policy Manager and some other tool (Postman, SoapUI etc.) should be used only for testing purposes. For any production level integration the customer backend should be the only entity communicating directly with the Policy Manager.
