How to test the REST API of CA Risk Authentication?
Introduction
This is an example that demonstrates:
1. How to test the REST-based API provided by CA Risk Authentication
2. Sample requests and responses received for evaluate risk and post evaluate calls.
Environment
CA Risk Authentication 8.1
Instructions
Precondition: CA Risk Authentication Server is up and running. REST API application(risk-restapi) is configured and working properly.
[A] Add “Postman” extension in chrome browser
<Please see attached file for image>
Image: adding a Postman extension
[B] Send Evaluate Risk Request:
Request URL→ http://<hostname>:<port>/risk-restapi/ca/advanced-auth/risk/evaluate
Method→ Post
Header→ Content-Type: application/ld+json
PayLoad→
{
"callerId": "",
"ipAddress": "10.131.75.107",
"action": "login",
"orgName": "defaultorg",
"userId": "test",
"channel": "",
"additionalInput": [],
"deviceId": {"type" : "HTTP_COOKIE","value": "gtPNLetDdDkMb4RZFAj5dUY2KO7DtmNxoFHYUQZZbp2H7FQkuqLXNQ=="},
"deviceSignature": "{\"VERSION\":\"2.1.2\",\"MFP\":{\"Browser\":{\"UserAgent\":\"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.87 Safari/537.36\",\"Vendor\":\"Google Inc.\",\"VendorSubID\":\"\",\"BuildID\":\"20030107\",\"CookieEnabled\":true},\"IEPlugins\":{},\"NetscapePlugins\":{\"Widevine Content Decryption Module\":\"1.4.8.866\",\"Shockwave Flash\":\"21.0\",\"Chrome PDF Viewer\":\"\",\"Native Client\":\"\"},\"Screen\":{\"FullHeight\":863,\"AvlHeight\":819,\"FullWidth\":1536,\"AvlWidth\":1536,\"ColorDepth\":24,\"PixelDepth\":24},\"System\":{\"Platform\":\"Win32\",\"systemLanguage\":\"en-US\",\"Timezone\":-330}},\"ExternalIP\":\"10.131.75.107\",\"MESC\":{\"mesc\":\"mi=2;cd=150;id=30;mesc=168478;mesc=177012\"},\"Flash Attributes\":{\"Fonts\":[\"Aharoni\",\"Andalus\",\"Angsana New\",\"AngsanaUPC\",\"Aparajita\",\"Arabic Typesetting\",\"Arial\",\"Arial Black\",\"Arial Unicode MS\",\"Batang\",\"BatangChe\",\"Browallia New\",\"BrowalliaUPC\",\"Calibri\",\"Calibri Light\",\"Cambria\",\"Cambria Math\",\"Candara\",\"Century\",\"Comic Sans MS\",\"Consolas\",\"Constantia\",\"Corbel\",\"Cordia New\",\"CordiaUPC\",\"Courier\",\"Courier New\",\"DaunPenh\",\"David\",\"DFKai-SB\",\"DilleniaUPC\",\"DokChampa\",\"Dotum\",\"DotumChe\",\"Ebrima\",\"Estrangelo Edessa\",\"EucrosiaUPC\",\"Euphemia\",\"FangSong\",\"Fixedsys\",\"Franklin Gothic Medium\",\"FrankRuehl\",\"FreesiaUPC\",\"Gabriola\",\"Gadugi\",\"Gautami\",\"Georgia\",\"Gisha\",\"Gulim\",\"GulimChe\",\"Gungsuh\",\"GungsuhChe\",\"Impact\",\"IrisUPC\",\"Iskoola Pota\",\"JasmineUPC\",\"KaiTi\",\"Kalinga\",\"Kartika\",\"Khmer UI\",\"KodchiangUPC\",\"Kokila\",\"Lao UI\",\"Latha\",\"Leelawadee\",\"Levenim MT\",\"LilyUPC\",\"Lucida Console\",\"Lucida Sans Unicode\",\"Malgun Gothic\",\"Mangal\",\"Marlett\",\"Meiryo\",\"Meiryo UI\",\"Microsoft Himalaya\",\"Microsoft JhengHei\",\"Microsoft JhengHei UI\",\"Microsoft New Tai Lue\",\"Microsoft PhagsPa\",\"Microsoft Sans Serif\",\"Microsoft Tai Le\",\"Microsoft Uighur\",\"Microsoft YaHei\",\"Microsoft YaHei UI\",\"Microsoft Yi Baiti\",\"MingLiU\",\"MingLiU-ExtB\",\"MingLiU_HKSCS\",\"MingLiU_HKSCS-ExtB\",\"Miriam\",\"Miriam Fixed\",\"Modern\",\"Mongolian Baiti\",\"MoolBoran\",\"MS Gothic\",\"MS Mincho\",\"MS PGothic\",\"MS PMincho\",\"MS Sans Serif\",\"MS Serif\",\"MS UI Gothic\",\"MT Extra\",\"MV Boli\",\"Narkisim\",\"Nirmala UI\",\"NSimSun\",\"Nyala\",\"Palatino Linotype\",\"Plantagenet Cherokee\",\"PMingLiU\",\"PMingLiU-ExtB\",\"Raavi\",\"Rod\",\"Roman\",\"Sakkal Majalla\",\"Script\",\"Segoe Print\",\"Segoe Script\",\"Segoe UI\",\"Segoe UI Light\",\"Segoe UI Semibold\",\"Segoe UI Semilight\",\"Segoe UI Symbol\",\"Shonar Bangla\",\"Shruti\",\"SimHei\",\"Simplified Arabic\",\"Simplified Arabic Fixed\",\"SimSun\",\"SimSun-ExtB\",\"Small Fonts\",\"Sylfaen\",\"Symbol\",\"System\",\"Tahoma\",\"Terminal\",\"Times New Roman\",\"Traditional Arabic\",\"Trebuchet MS\",\"Tunga\",\"Utsaah\",\"Vani\",\"Verdana\",\"Vijaya\",\"Vrinda\",\"Webdings\",\"Wingdings\",\"Wingdings 2\",\"Wingdings 3\",\"ZWAdobeF\"],\"Camera\":[],\"Microphone\":[],\"Capabilities\":\"A=t&SA=t&SV=t&EV=t&MP3=t&AE=t&VE=t&ACC=t&PR=t&SP=f&SB=f&DEB=f&V=WIN%2021%2C0%2C0%2C182&M=Google%20Pepper&R=1536x863&COL=color&AR=1.0&OS=Windows%207&ARCH=x86&L=en&IME=t&PR32=t&PR64=f&PT=PlugIn&AVD=f&LFD=f&WD=f&TLS=t&ML=5.1&DP=72\"}}"
}
<Please see attached file for image>
<Please see attached file for image>
Image: sending evaluate risk request and receiving response<Please see attached file for image>
Image: header part of evaluate risk response
[C] Response Received for Evaluate Risk
Response Header:
Content-Type →application/hal+json;charset=UTF-8
Date →Fri, 25 Mar 2016 10:58:55 GMT
Server →Apache-Coyote/1.1
Transfer-Encoding →chunked
pss →NBtPOVmuw3vPVs2FD0JxompLk……………YUy1yXmNfuzgJ11VwLkiVadQ=
Response Body:
{
"transactionId": "2:8005",
"deviceId": "gtPNLetDdDkMb4RZFAj5dUY2KO7DtmNxoFHYUQZZbp2H7FQkuqLXNQ==",
"riskAdvice": "INCREASEAUTH",
"riskScore": 65,
"ruleAnnotation": "UNKNOWNUSER=N;MFPMISMATCH=Y;UNKNOWNDEVICEID=N;USERDEVICENOTASSOCIATED=Y;EXCEPTION=N;TRUSTEDIP=N;UNTRUSTEDIP=N;USERVELOCITY=N;DEVICEVELOCITY=N;TEST_RULE=N;NEGATIVE_DEVICEID=N;",
"matchedRuleMnemonic": "USERDEVICENOTASSOCIATED",
"_links": {
"self": {
"href": "http://<host>:<port>/risk-restapi/ca/advanced-auth/risk/evaluate"
},
"postEvaluate": {
"href": "http://<host>:<port>/risk-restapi/ca/advanced-auth/risk/postEvaluate"
}
}
}
[D] Send Post Evaluate request
Request URL: http://<host>:<port>/risk-restapi/ca/advanced-auth/risk/postEvaluate
Method→ Post
Header→
Content-Type: application/ld+json
Pss: NBtPOVmuw3vPVs2FD0JxompLk……………YUy1yXmNfuzgJ11VwLkiVadQ=
PayLoad
{
"secondaryAuthenticationStatus": "true",
"associationName": "test1",
"transactionId": "2:8005",
"additionalInput": []
}
<Please see attached file for image>
Image: post evaluate request and response
Additional Information
For more details see HATEOAS usage in the REST APIs
Release: ARCWFT05900-8.1-Arcot-WebFort-for Windows
Component: