Versions Compared

Old Version 104

changes.mady.by.user Patricia Donohue

Saved on

compared with

New Version 105

changes.mady.by.user Patricia Donohue

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Table of Contents
minLevel1
maxLevel1

...

Introduction

The Fraud Data API is a SuperGlue-based solution (API) that supports bi-directional communication and sharing of suspected admission application, enrollment, or financial aid fraud with the CCC Technology Center, which in turn can suspend or block the individual’s profile, effectively protecting all other colleges automatically. Developed using GraphQL API technology, the first phase of this service will leverage the SuperGlue framework to amass a fraud data repository from college reports and then stream notifications out to other affected colleges. Eventually through continuous improvement, the API will be extended to support other types of fraud data, including enrollment and financial aid fraud. Participating districts are provided the Fraud Data API schema (GraphQL-based, described further below) and authorized access to the API during the implementation process with the CCCTC.

...

The reporting of locally identified fraud data from an individual college or district to the CCC Technology Center (CCCTC) is managed via the Fraud Data API. Everything needed to submit fraud reports is documented in the schema (see the API Documentation section below), as well as through custom Postman files configured specifically for the fraud data operations. More information and detailed examples of the FraudReportSubmit mutation are provided in the Submitting a Fraud Report Via APIsection of this guide.

Receive Fraud Notifications to Staging Table

...

An option for colleges that have not yet implemented the SuperGlue College Adaptor, the API facilitates the ability to query the fraud table directly using a CCCID, an AppID, or an authorized MIS code(withRecipientMisCode). A successful response is returned if the CCCID used in the query matches any other application(s) submitted to the authorized MIS code. The process for querying the API directly is described in the Querying Fraud Data via APIsection of this guide.

Note

Authorized access via the API is restricted to the college- or district’s MIS code, which is set as a default attribute in the API account. Multi-college district accounts will also have a default MIS code, but may also be authorized for additional MIS codes related to colleges in their district. API accounts are created and provided by the CCCTC during the implementation process.

...

Panel
panelIconId33bfe2b7-860e-4d5a-bd01-ea85976cc352
panelIcon:Postman-Logo:
panelIconText:Postman-Logo:
bgColor#FFFAE6

Postman is an API platform designed to “easily explore, debug, and test your complex API requests for HTTP, REST, SOAP, GraphQL, and WebSockets. The Postman client also includes built-in support for authentication protocols like OAuth 1.2/2.0, AWS Signature, Hawk, and more.” The CCCTC recommends using Postman as the preferred API client tool for interacting with the Fraud Data API. Learn more in the Postman Learning Center.

Advantages of Using Postman

...

Panel
panelIconId33bfe2b7-860e-4d5a-bd01-ea85976cc352
panelIcon:Postman-Logo:
panelIconText:Postman-Logo:
bgColor#FFFFFF

Non-technical Users: Click here to Use Postman to Get Your API Token

With your API account created with the proper credentials in place, the request below returns a JSON block including an “access_token” field. This token becomes the Bearer required in the Authorization head for secured requests to the API. (Reminder: Your API account is provided by the CCCTC during the implementation process.)

...

From Your Postman Workspace…

1: Expand the Fraud Report collection and click on the Fraud Report OAuth file..

2: See the Fraud Report OAuth file open in a tab on your Workbench.

3: Ensure the appropriate environment is selected. In the adjacent example, the “GraphQL:Pilot” environment is selected (active).

4: Click the Send button to generate the access token.

5. The ‘access_token’ appears in the lower half of the body of the Fraud Report OAuth tab, which is then embedded for authorization for the next web request or post.

Access Token

The 'access_token” becomes the Bearer required in the Authorization head for secured requests to the API. (Reminder: Your API account is provided by the CCCTC during the implementation process.)

Each time you refresh your authorization, the new ‘access_token’ is automatically saved to the header for the next API operation you intend to execute.

Each token expires in 300 seconds (5 mins).

...

(blue star) Explore the schema documentation for the FraudReportSubmit mutation and see the available Input fields.

...

Panel
panelIconIdatlassian-warning
panelIcon:warning:
bgColor#F4F5F7

Reminder: The user’s API account is configured with their default authorized MIS code(s), which is identified in the access token that becomes part of the request heading. The “appId” value entered must be a legitimate application corresponding to the authorized MIS code or the request will return an error.

...

Panel
panelIconIdatlassian-info
panelIcon:info:
bgColor#F4F5F7

Update Your College Adaptor for Fraud Data - Please see the Fraud Data API Implementation Process page for integration details.

...

Colleges that have not yet implemented the SuperGlue College Adaptor can query fraud data related to their college directly via the Fraud Data API. The schema describes this operation as FraudReportQuery, the query interface for retrieving a FraudReport object, which is the 10 field response for a student and/or application.

...