About

this Guide

This guide is targeted at developers who have a basic understanding of concepts and capabilities of GraphQL API technology. To learn more about GraphQL, see https://graphql.org/.

The purpose of this guide is

two-fold:

• introduce the SuperGlue Fraud

• Reporting project,

• including the processes and procedures

• for college and district staff who will be participating in fraud reporting

• operations

• provide the technical information

• , documentation, schema access, and query templates

About GraphQL API

GraphQL is a new API standard that provides a more efficient, powerful, and flexible alternative to REST

API.

Introduction to GraphQL is an excellent primer for understanding the GraphQL language and the primary query operations used by the Fraud Data API.

See the About GraphQL APIpage for an introduction to the basic concepts of GraphQL, the schema, and examples of the functional operations used in the Fraud Data API (query, mutation, subscription).

The SuperGlue Fraud Reporting Data API

The SuperGlue Fraud Reporting data API provides a mechanism for colleges to report locally-identified instances of

fraud to the CCCTC, as well as facilitate the ability to query against that data using an authorized MIS code with an AppID or CCCID. In turn, CCCTC server-side workflows analyze the data to determine if the submitted fraud information impacts other colleges across the system. If impacts are found, Superglue is leveraged to notify

those colleges of the

fraud.

Image Added

By integrating the SuperGlue API to identify and share fraud data, colleges

are able to

extend the functionality of their own SIS systems and resources for increased efficiency. This is essential

for meeting fraud reporting requirements

as well as decreasing overall costs and increasing time savings. Districts are encouraged to use this API

within their own internal

systems.

Reporting Fraud Data Via the API

The reporting of locally identified fraud data from an individual college or district to the CCC Technology Center (CCCTC) is managed via the SuperGlue Fraud

Reporting data API. Everything needed to submit fraud reports is documented in the schema

, as well as through custom Postman files configured specifically for the fraud data operations. More information and detailed examples of the FraudReportSubmit mutation are provided in the Submitting a Fraud Report

section

.

Receive Fraud Notifications to Staging Table

Each instance of application fraud reported to the CCCTC is used to identify other instances submitted by the same CCCID. These findings are then delivered to colleges as notifications to a

fraud-report staging table (for each college) via the SuperGlue College Adaptor.

Each notification response

consists of

:

• application ID (AppID)

• applicant’s CCCID

• (CCID)

• MIS code of the college reporting the fraud (ReportedByMisCode).

Learn more about this process in

Receiving Fraud Notifications to a Staging Table

.

Below is a diagram of the API processes leveraged by SuperGlue and the College Adaptor.

the API

In addition to the streaming of fraud reports via the SuperGlue College Adaptor, the API also facilitates the ability toquery the fraud table directly using aCCCID, an AppID, or an authorized MIS code(withRecipientMisCode). A successful response is returned if the CCCID used in the query matches any other application(s) submitted to the authorized MIS code. The process for querying the API directly is described in the Querying Fraud Report Data

section of this guide.

_{Back to Top}

The SuperGlue Fraud Reporting Data APISchema

The schema is one of the most important concepts when working with

GraphQL API. It specifies the capabilities of the API, the shape of the available data, and the specific queries and mutation functions that can be used to read, write, and make web requests

of a GraphQL server.

The SuperGlue Fraud

Reporting data API schema defines the

query-type operations currently available to execute. The

FraudReportSubmit mutation type

providesthe operation and data structure for submitting a fraud report to the CCCTC for a CCCApply Application (

AppID) or a student ID (CCCID). The FraudReportQuery operation provides the structure for retrieving fraud data via the API.

API Documentation, Tools

, and Sandbox

One of the benefits of

the CCCTC API is its

ability to be self-documenting. This means that when

an interactive tool like GraphiQL is used,

users are able to explore what data is exposed by

this API, including the fields, types, and more. Users can also explore the data through the description field, which provides supplementary notes about the endpoint.

In most cases, this provides

a clear understanding of the API. However, to better understand and visualize the SuperGlue Fraud

Reporting data API, the complete schema documentation and the ability to explore, test, and validate the primary API calls is provided via

a Sandbox tool as well as operation templates provided by the CCCTC

.

The

CCCTC API sandbox supports all

operation types

and allows you to explore the SuperGlue Fraud Reporting Data API schema documentation.

Explore the API in the

CCCTC Sandbox

Access to the SuperGlue Fraud

Reporting data API schema is available in the

CCCTC API Sandbox to college IT staff for:

• exploration of theschema and metrics

• API development

• and testing of the Fraud Report operations

• documentation of the Fraud Report operations

Contact CCCTC Enabling Services for links and access to the sandbox.

By providing districts direct access to the SuperGlue Fraud Reporting data API schema, the CCCTC has provided colleges with the ability to create and generate a user interface of their own. Such an interface could, for example,

be used to implement a more automated process for dealing with fraud application data. Or

colleges can simply use Postman and the files configured for the SuperGlue Fraud

Reporting data API that are provided, to educate themselves on the

API’s functionality and/or visualize the data structure.

Using Postman with the SuperGlue Fraud Reporting Data API

CCCTC recommends using Postman for interacting with the Bi-Directional Fraud Data API. The Postman client (configured with ready-to-use templates provided by the CCCTC) allows colleges that may not have the immediate resources or technical skills to integrate with the API initially to submit fraud reports and query the fraud database efficiently in order to participate in the fraud data reporting effort.

Links to install Postman, as well as the custom templates for submitting and querying fraud reports and the user authorization credentials are provided to the college during the implementation process. For more information on using Postman, see Using Postman with the Fraud Data API or contact CCCTC Enabling Services.

_{Back to Top}

College Implementation Process

To get started with the SuperGlue Fraud Reporting data API, an authorized college or district IT engineer with a good understanding of API technology, must contact the CCCTC Enabling Services team to schedule a checklist meeting.

Below is an overview of the process:

• Contact the CCCTC Enabling Services team to obtain your API account and credentials.

• Integrate with the

• SuperGlue Fraud Reporting data API.

  • Install Postman tool and import

• • templates (optional, but recommended).

  • Or, set up standard templates in preferred API tool (Python, cURL, Powershell, Ruby, Node, Java, etc.).

• Install the Fraud Report staging table and deploy the latest version of the College Adaptor to receive a live stream of fraud notifications

• , or use the

• Fraud Report Query to receive a list of fraud

• notifications.

Authorized Access Accounts

During the implementation process, one or more user accounts will be created for your college or district by a CCCTC implementation engineer. The account will be configured with the appropriate roles and attributes, and secured to the

MIS codes authorized for the specific user. Users from multi-college districts may be authorized to submit and query fraud reports for

all or some of the individual colleges in their district. Single-college districts will be restricted to their single

-college MIS code.

_{Back to Top}

Bi-Directional Fraud Data API Operations

• Getting the API Access Token

• Submitting a Fraud Report Via API

• Receiving Fraud Notifications to Staging Table

• Querying Fraud Data Via API

• Rescinding a Fraud Report

Getting the API Access Token

With your API account created with the proper credentials in place, use the request below to return a JSON block including an “access_token” field. This token becomes the Bearer required in the Authorization head for secured requests to the API. (Reminder: Your API account is provided by the CCCTC during the implementation process.)

curl --location --request POST 

Getting Your Access Token Using Postman

Once Postman is installed and the Fraud Report Postman Collection and the Fraud Report Postman Environment files have been imported and configured with your API account credentials and environment specifications, the process for generating and refreshing your access token is managed on the Fraud Report OAuth tab. Once generated, Postman will automatically store the token as the Bearer in the Authorization head for all secured API requests.

Submitting a Fraud Report

The schema defines the process for submitting fraud information to the CCCTC as the FraudReportSubmit operation. Specifications for this

operation are documented in the

CCCTC API Sandbox.

In general terms, the components of this operation are

basic. The root of the FraudReportSubmit

operation is a mutation type object that has a required Input argument (FraudReportSubmitInput

) where at least one input variable field must be provided and a custom payload response is defined (FraudReportSubmitPayload). For the majority of fraud report submissions, only the

CCC ID (

CCCID) is

needed, although additional input fields may also be added to the operation

.

The FraudReportSubmit Operation

Below is an example of a basic FraudReportSubmit operation built with a template in the

CCCTC API sandbox.

In this operation, the mutation has a required input argument (FraudReportSubmitInput

) that specifies which data fields will be included in the submission.

Learn how to use an Input object type in a GraphQL mutation operation.

Image Added

The schema provides everything

needed to construct and execute the FraudReportSubmit operation, including the required input argument, Input fields, and the payload response using an API dev tool such as

cURL, PowerShell, Node, Python, Java, etc

.

appropriate credentials and configured attributes,

an API

user has everything they need to effectively format a proper web request using an application development tool such as

cURL, Python, Node, PowerShell, etc.

The example below

shows how to submit a formatted web request for a fraud report for application id (AppID) 34110.

curl --location --request POST '

Below is an example of a successful reply:

{
    "data": {
        "FraudReportSubmit": {
            "cccId": "AAA6198",
            "appId": 34110,
            "fraudType": "APPLICATION"
        }
    }
}

_{Back to Top}

Receiving Fraud Notifications to a Staging Table

One objective of the fraud reporting project is to leverage SuperGlue and the College Adaptor to implement more automated processes for bi-directional sharing of fraud information between colleges.

CCCTC is able to broadcast notifications of reported bad actors to any other colleges that have also received applications from the same CCCID.

When this happens, a new

Fraud Report is pushed to a dedicated staging table (for each college) via the SuperGlue College Adaptor. Each notification

will identify the suspect CCCID and the application ID(s) (AppID), a timestamp for the fraud report, and the reporting college’s MIS code (reportedByMisCode).

In addition to sending notifications to the staging table, the SuperGlue Fraud Reporting system (or data API) also updates the fraud_status field in the CCCApply database. The fraud_status is set as follows in the CCCApply database:

5(CONFIRMED_FRAUD): For fraud report submissions
6(CONFIRMED_NOT_FRAUD): For fraud rescind actions

Querying Fraud Report Data

Colleges

may query fraud data information for an authorized MIS code directly using the SuperGlue Fraud

Reporting data API. The schema specifies this operation as the FraudReportQuery type query, which is an interface for retrieving a

Fraud Report object consisting of a

multi-field payload

for an individual student and/or application.

The CCCTC API provides colleges the power to ask for exactly

which fields they need

to be given to them. Such queries always return predictable results. Apps using

this API are relatively fast

because they control the amount of data they get

(as opposed to the server returning additional unneeded data).

The FraudReportQuery Operation

The schema describes the FraudReportQuery as a Query type object that requires at least one of three different

input-object variations as part of the API calloperation. Each variation has a specific input argument (variable) that can be customized to

retrieve all

of the

FraudReport data fields in the payload response. The input variations can be used alone or in combination with each other as part of the operation

.

The three query variations are:

To better understand the syntax for these variable definitions, it

is useful to learn the GraphQL schema language, explained in detail on the Schema page.

Image Added

The majority of multi-college districts will find the “withRecipientMisCode” query to be the most useful and commonly used variation for retrieving information on fraudulent applications submitted to one or more colleges in their district

MIS code.

Below is an example of a request using the FraudReportQuery:withRecipientMisCode query where one or more additional input variables are being used in addition to the

“recipientMisCode.”

curl --location --request POST '

}\n}","variables":{}}'

Below is an example of the expected response.

{
    "data": {
        "FraudReportQuery": {
            "withRecipientMisCode": [
                {
                    "submitTimestamp": "2022-10-07T21:15:37.000Z",
                    "cccId": "AAA0002",
                    "reportedByMisCode": "ZZ2",
                    "recipientMisCode": "ZZ1",
                    "appId": 4,
                    "fraudType": "APPLICATION"

Copying & Exporting Query Operations

The fastest and easiest way to create the other query variations to use in Postman is to modify the existing file

in the

CCCTC sandbox. The process below outlines the steps for creating

a new query entry to your Fraud Report Postman collection which will allow you to make an API call using a CCCID or AppID.

Image Added

_{Back to Top}

---

Rescinding a Fraud Report

The schema defines the process for rescinding fraud information to the CCCTC as the FraudReportRescind operation. Specifications for this operation are documented in the CCCTC API Sandbox.

In general terms, the components of this operation are basic. The root of the FraudReportRescind operation is a mutation type of object that has a required input argument (FraudReportRescindInput) where at least one input variable field must be provided and a custom payload response is defined (FraudReportRescindPayload). For the majority of fraud report rescission, only the CCC ID (CCCID) is needed, additional input fields may also be added to the operation.

The FraudReportRescind Operation

Below is an example of a basic FraudReportRescind operation built with a template in the CCCTC API sandbox.

Image Added

With a basic understanding of the operation and their API account with the appropriate credentials and configured attributes, an API user has everything they need to effectively format a proper web request using an application development tool such as cURL, Python, Node, PowerShell, etc.

The example below submits a formatted web request for rescinding a fraud report for application id (AppID) 34110.

Code Block
curl --location --request POST 'PLACE_CCCTC_API_URL_HERE' --header 'Authorization: Bearer PLACE_AUTHORIZATION_TOKEN_HERE' --header 'Content-Type: application/json' --data-raw '{"query":"mutation FraudReportRescind($input: FraudReportRescindInput!) {\n FraudReportRescind(input: $input) {\n cccId\n appId\n }\n}\n","variables":{"input":{"appId":34110}}}'

Panel
panelIconId atlassian-warning panelIcon :warning: bgColor #F4F5F7
Reminder: The access token code is entered as the Bearer token required in the Authorization head for secured requests to the API. The access token includes the user credentials and the reporting college’s MIS code.

Below is an example of a successful reply:

Code Block
{ "data": { "FraudReportRescind": { "cccId": "AAA6198", "appId": 34110 } } }

Panel
bgColor #FFFAE6
Using Postman to Submit a Fraud Report To support users who may not have the programming experience to build and submit a web request from a schema, Postman can be used for submitting fraud reports. Please reach out to CCCTC Enabling Services for more information about using Postman with CCCTC APIs.

Documentation & Supporting Resources

Panel
panelIconId atlassian-info panelIcon :info: bgColor #F4F5F7
See more: SuperGlue API: Terminology & Data Element Descriptions

Item	Description	File / Link

_{Back to Top}