Versions Compared

Old Version 80

changes.mady.by.user Patricia Donohue

Saved on

compared with

New Version 81

changes.mady.by.user Patricia Donohue

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

(blue star) See the About GraphQL APIpage for an introduction to the basic concepts of GraphQL technology, the schema, and examples of the functional operations used in the Fraud Data API (query, mutation, subscription).

...

The Fraud Data API

TheIn the first phase of the Fraud Data API development, the CCCTC has designed an API solution that supports the reporting and sharing of fraudulent admission application data between colleges across the system through three primary workflow operations:

...

to a

...

centralized database

...

Receive fraud notifications to a dedicated staging table using the College Adaptor

...

and the ability to run queries against that data using an authorized MIS code with an AppID or CCCID. Internally, an algorithm determines if a submitted fraud application report also impacts another college in the district. If so, Superglue is leveraged to notify that college of the suspected bad actor.

Districts are encouraged to utilize this API in a custom process that works with their internal SIS system. The API can also be used ad hoc to to and a series of processes to between colleges across the system through three primary workflow operations:

  • Submit fraud information to a CCCTC centralized database

  • Receive fraud notifications to a dedicated staging table using the College Adaptor

  • Query the fraud database directly via the API

Eventually through continuous improvement, the API will be extended to also support other types of fraud data, including financial aid fraud. Participating districts are provided the Fraud Data API schema (GraphQL-based, described further below) and authorized access to the API during the implementation process with the CCCTC.

...

Submitting a Fraud Report Via API

A One of the primary objective objectives of the Fraud Data API is to report local fraud data from an individual college or multiple colleges in a district to the CCCTC, which then identifies the individual (CCCID) connected to the suspected fraud application (AppID), so that all other applications submitted by that CCCID can be located and shared with the college(s) that have received applications from the identified individual.

Through the API, the FraudReportSubmit mutation is the operation used for submitting a fraud report using an application id (AppID) or a student ID (CCCID), or both. In most cases, only the AppID is truly needed. A GraphQL mutation is an object type that is used to modify server-side data. Just as with queries, if the mutation field returns an object type, you can ask for nested fields. It can also contain multiple fields.

...

enable colleges to report information about suspected or identified fraudulent admission applications to the CCCTC (Fraud Report) in order to identify and prevent the individual (CCCID) from committing fraud against the college, and other colleges, in the future.

The FraudReportSubmit Operation

The Fraud Data API schema defines this process as the FraudReportSubmit type operation, which is a query mutation that requires a variable input argument of at least one field (FraudReportSubmitInput!) and generates a response (FraudReportSubmitPayload). In most cases only the application ID (AppID) input field is truly needed; however additional fields can also be added as input variables.

Panel
bgColor#F4F5F7

(blue star) In GraphQL, the Mutation type is a special object type that is explicitly used to write or modify server-side data. Learn more about GraphQL mutations

The FraudReportSubmit mutation requires an input (FraudReportSubmitInput!)
screenshot below depicts an example of the most basic submit request being constructed using the Apollo sandbox. In the Documentation column (left), the FraudReportSubmitInput argument is selected showing the fields that can be used in the required input. The (appId) and (reportedByMisCode) fields are selected, and now appear as variables

...

The example below submits a fraud report for application id (AppID) : 34110.

Code Block
curl --location --request POST 'https://apollo-router.qa.ccctechcenter.org' 
--header 'Authorization: Bearer eyJ......' 
--header 'Content-Type: application/json' 
--data-raw '{"query":"mutation FraudReportSubmit($input: FraudReportSubmitInput!) {\n  FraudReportSubmit(input: $input) {\n    cccId\n    appId\n    fraudType\n  }\n}\n","variables":{"input":{"appId":34110}}}'

...

In the hands of a knowledgable API programmer, the schema provides everything needed to construct and execute the FraudReportSubmit operation, including the required argument, Input fields, and the payload response using an API dev tool such as CURL, PowerShell, Python, Java, etc. Any of these development tools will provide the

Taking a closer look at the same operation in the Apollo sandbox, you can see that the

...