How to test the REST API of CA Risk Authentication?

book

Article ID: 40264

calendar_today

Updated On:

Products

CA Rapid App Security CA Advanced Authentication CA API Gateway

Issue/Introduction

Introduction

This is an example that demonstrates:

1. How to test the REST-based API provided by  CA Risk Authentication

2. Sample requests and responses received for evaluate risk and post evaluate calls.

 

Environment

 CA Risk Authentication 8.1

 

Instructions

Precondition: CA Risk Authentication Server is up and running. REST API application(risk-restapi) is configured and working properly.

[A] Add “Postman” extension in chrome browser

<Please see attached file for image>

add_postman.png

Image: adding a Postman extension

[B] Send Evaluate Risk Request:

Request URL→ http://<hostname>:<port>/risk-restapi/ca/advanced-auth/risk/evaluate

Method→ Post

Header→ Content-Type: application/ld+json

PayLoad→

{

    "callerId": "",

    "ipAddress": "10.131.75.107",

    "action": "login",

    "orgName": "defaultorg",

    "userId": "test",

    "channel": "",

    "additionalInput": [],

    "deviceId": {"type" : "HTTP_COOKIE","value": "gtPNLetDdDkMb4RZFAj5dUY2KO7DtmNxoFHYUQZZbp2H7FQkuqLXNQ=="},

    "deviceSignature": "{\"VERSION\":\"2.1.2\",\"MFP\":{\"Browser\":{\"UserAgent\":\"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.87 Safari/537.36\",\"Vendor\":\"Google Inc.\",\"VendorSubID\":\"\",\"BuildID\":\"20030107\",\"CookieEnabled\":true},\"IEPlugins\":{},\"NetscapePlugins\":{\"Widevine Content Decryption Module\":\"1.4.8.866\",\"Shockwave Flash\":\"21.0\",\"Chrome PDF Viewer\":\"\",\"Native Client\":\"\"},\"Screen\":{\"FullHeight\":863,\"AvlHeight\":819,\"FullWidth\":1536,\"AvlWidth\":1536,\"ColorDepth\":24,\"PixelDepth\":24},\"System\":{\"Platform\":\"Win32\",\"systemLanguage\":\"en-US\",\"Timezone\":-330}},\"ExternalIP\":\"10.131.75.107\",\"MESC\":{\"mesc\":\"mi=2;cd=150;id=30;mesc=168478;mesc=177012\"},\"Flash Attributes\":{\"Fonts\":[\"Aharoni\",\"Andalus\",\"Angsana New\",\"AngsanaUPC\",\"Aparajita\",\"Arabic Typesetting\",\"Arial\",\"Arial Black\",\"Arial Unicode MS\",\"Batang\",\"BatangChe\",\"Browallia New\",\"BrowalliaUPC\",\"Calibri\",\"Calibri Light\",\"Cambria\",\"Cambria Math\",\"Candara\",\"Century\",\"Comic Sans MS\",\"Consolas\",\"Constantia\",\"Corbel\",\"Cordia New\",\"CordiaUPC\",\"Courier\",\"Courier New\",\"DaunPenh\",\"David\",\"DFKai-SB\",\"DilleniaUPC\",\"DokChampa\",\"Dotum\",\"DotumChe\",\"Ebrima\",\"Estrangelo Edessa\",\"EucrosiaUPC\",\"Euphemia\",\"FangSong\",\"Fixedsys\",\"Franklin Gothic Medium\",\"FrankRuehl\",\"FreesiaUPC\",\"Gabriola\",\"Gadugi\",\"Gautami\",\"Georgia\",\"Gisha\",\"Gulim\",\"GulimChe\",\"Gungsuh\",\"GungsuhChe\",\"Impact\",\"IrisUPC\",\"Iskoola Pota\",\"JasmineUPC\",\"KaiTi\",\"Kalinga\",\"Kartika\",\"Khmer UI\",\"KodchiangUPC\",\"Kokila\",\"Lao UI\",\"Latha\",\"Leelawadee\",\"Levenim MT\",\"LilyUPC\",\"Lucida Console\",\"Lucida Sans Unicode\",\"Malgun Gothic\",\"Mangal\",\"Marlett\",\"Meiryo\",\"Meiryo UI\",\"Microsoft Himalaya\",\"Microsoft JhengHei\",\"Microsoft JhengHei UI\",\"Microsoft New Tai Lue\",\"Microsoft PhagsPa\",\"Microsoft Sans Serif\",\"Microsoft Tai Le\",\"Microsoft Uighur\",\"Microsoft YaHei\",\"Microsoft YaHei UI\",\"Microsoft Yi Baiti\",\"MingLiU\",\"MingLiU-ExtB\",\"MingLiU_HKSCS\",\"MingLiU_HKSCS-ExtB\",\"Miriam\",\"Miriam Fixed\",\"Modern\",\"Mongolian Baiti\",\"MoolBoran\",\"MS Gothic\",\"MS Mincho\",\"MS PGothic\",\"MS PMincho\",\"MS Sans Serif\",\"MS Serif\",\"MS UI Gothic\",\"MT Extra\",\"MV Boli\",\"Narkisim\",\"Nirmala UI\",\"NSimSun\",\"Nyala\",\"Palatino Linotype\",\"Plantagenet Cherokee\",\"PMingLiU\",\"PMingLiU-ExtB\",\"Raavi\",\"Rod\",\"Roman\",\"Sakkal Majalla\",\"Script\",\"Segoe Print\",\"Segoe Script\",\"Segoe UI\",\"Segoe UI Light\",\"Segoe UI Semibold\",\"Segoe UI Semilight\",\"Segoe UI Symbol\",\"Shonar Bangla\",\"Shruti\",\"SimHei\",\"Simplified Arabic\",\"Simplified Arabic Fixed\",\"SimSun\",\"SimSun-ExtB\",\"Small Fonts\",\"Sylfaen\",\"Symbol\",\"System\",\"Tahoma\",\"Terminal\",\"Times New Roman\",\"Traditional Arabic\",\"Trebuchet MS\",\"Tunga\",\"Utsaah\",\"Vani\",\"Verdana\",\"Vijaya\",\"Vrinda\",\"Webdings\",\"Wingdings\",\"Wingdings 2\",\"Wingdings 3\",\"ZWAdobeF\"],\"Camera\":[],\"Microphone\":[],\"Capabilities\":\"A=t&SA=t&SV=t&EV=t&MP3=t&AE=t&VE=t&ACC=t&PR=t&SP=f&SB=f&DEB=f&V=WIN%2021%2C0%2C0%2C182&M=Google%20Pepper&R=1536x863&COL=color&AR=1.0&OS=Windows%207&ARCH=x86&L=en&IME=t&PR32=t&PR64=f&PT=PlugIn&AVD=f&LFD=f&WD=f&TLS=t&ML=5.1&DP=72\"}}"

}

<Please see attached file for image>

send_risk_eval_1.png

<Please see attached file for image>

Postman ExtentionImage: sending evaluate risk request and receiving response

<Please see attached file for image>

send_risk_eval_2.png

Image: header part of evaluate risk response

[C] Response Received for Evaluate Risk

Response Header:

Content-Type →application/hal+json;charset=UTF-8

Date →Fri, 25 Mar 2016 10:58:55 GMT

Server →Apache-Coyote/1.1

Transfer-Encoding →chunked

pss →NBtPOVmuw3vPVs2FD0JxompLk……………YUy1yXmNfuzgJ11VwLkiVadQ=

 

Response Body:

{

    "transactionId": "2:8005",

    "deviceId": "gtPNLetDdDkMb4RZFAj5dUY2KO7DtmNxoFHYUQZZbp2H7FQkuqLXNQ==",

    "riskAdvice": "INCREASEAUTH",

    "riskScore": 65,

    "ruleAnnotation": "UNKNOWNUSER=N;MFPMISMATCH=Y;UNKNOWNDEVICEID=N;USERDEVICENOTASSOCIATED=Y;EXCEPTION=N;TRUSTEDIP=N;UNTRUSTEDIP=N;USERVELOCITY=N;DEVICEVELOCITY=N;TEST_RULE=N;NEGATIVE_DEVICEID=N;",

    "matchedRuleMnemonic": "USERDEVICENOTASSOCIATED",

    "_links": {

        "self": {

            "href": "http://<host>:<port>/risk-restapi/ca/advanced-auth/risk/evaluate"

        },

        "postEvaluate": {

            "href": "http://<host>:<port>/risk-restapi/ca/advanced-auth/risk/postEvaluate"

        }

    }

 

}

[D] Send Post Evaluate request

Request URL: http://<host>:<port>/risk-restapi/ca/advanced-auth/risk/postEvaluate

Method→ Post

Header→

      Content-Type: application/ld+json

      Pss: NBtPOVmuw3vPVs2FD0JxompLk……………YUy1yXmNfuzgJ11VwLkiVadQ=

 

PayLoad

{

    "secondaryAuthenticationStatus": "true",

    "associationName": "test1",

    "transactionId": "2:8005",

    "additionalInput": []

 

}

<Please see attached file for image>

send_post_eval.png

Image: post evaluate request and response

Additional Information

For more details see HATEOAS usage in the REST APIs

 

Environment

Release: ARCWFT05900-8.1-Arcot-WebFort-for Windows
Component:

Attachments

1558719781726000040264_sktwi1f5rjvs16vfj.png get_app
1558719779811000040264_sktwi1f5rjvs16vfi.png get_app
1558719778143000040264_sktwi1f5rjvs16vfg.png get_app
1558719776056000040264_sktwi1f5rjvs16vff.png get_app