...
Once Postman is installed and the two Fraud Report Postman Collection files have been imported and configured with your API account credentials and environment specifications, the process for generating and refreshing your access token is managed on the Fraud Report OAuth tab. Once generated Postman will automatically store the token as the Bearer
in the Authorization
head for all secured API requests.
From Your Postman Workspace…
1: Expand the Fraud Report collection and click on the Fraud Report OAuth file..
2: See the Fraud Report OAuth file open in a tab on your Workbench.
3: Ensure the appropriate environment is selected. In the adjacent example, the “GraphQL:Pilot” environment is selected (active).
4: Click the Send button to generate the access token.
5. The ‘access_token’ appears in the lower half of the body of the Fraud Report OAuth tab, which is then embedded for authorization for the next web request or post.
Access Token
The 'access_token” becomes the Bearer
required in the Authorization
head for secured requests to the API. (Reminder: Your API account is provided by the CCCTC during the implementation process.)
Each time you refresh your authorization, the new ‘access_token’ is automatically saved to the header for the next API operation you intend to execute.
Each token expires in 300 seconds (5 mins).
...
Panel | ||||||
---|---|---|---|---|---|---|
| ||||||
A primary function of the API is to facilitate the process of automating the submission of suspected or identified fraudulent admission applications to the CCCTC for use in combatting systemwide fraud. |
Submitting a Fraud Report Via API
The schema defines the process for submitting fraud information to the CCCTC as the FraudReportSubmit operation. Specifications for this GraphQL-based operation are documented in the Apollo sandbox.
In general terms, the components of this operation are quite basic. The root of the FraudReportSubmit query is a mutation type object that has a required Input argument (FraudReportSubmitInput!) where at least one input variable field must be provided and a custom payload response is defined (FraudReportSubmitPayload). For the majority of fraud report submissions, only the application Id (AppID) is truly needed, although additional input fields may also be added to the operation.
Explore the schema documentation for the FraudReportSubmit mutation and see the available Input fields.
The FraudReportSubmit Operation
Below is an example of a basic FraudReportSubmit operation built with a template in the Apollo sandbox.
...
In the Operation section, the root mutation, FraudReportSubmit, has been selected with the default FraudReportSubmitPayload fields displayed.
In the Documentation column, the Input argument - FraudReportSubmitInput - is selected and expanded showing the fields that can be used for the required input.
In the Variables table, the “appId” field as been added as the only input variable for this basic operation (currently displaying a null value in the adjacent screenshot).
Panel | ||||||
---|---|---|---|---|---|---|
| ||||||
Before submitting the request, a value would be entered in the “appId” input field (as shown below). |
...
Panel | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
The Documentation tab (in the sandbox) enables you to step into the Fraud Data API schema, beginning at one of its entry points. Click the ⊕ button next to any field in the Documentation tab to add that field to the operation editor, at your current path. By default, the Explorer automatically generates variables for that field's arguments |
Panel | ||||||
---|---|---|---|---|---|---|
| ||||||
Reminder: The user’s API account is configured with their default authorized MIS code(s), which is identified in the access token that becomes part of the request heading. The “appId” value entered must be a legitimate application corresponding to the authorized MIS code or the request will return an error. |
In this operation, the mutation has a required input argument (FraudReportSubmitInput!) that specifies which data fields will be included in the submission.
Learn how to use an Input object type in a GraphQL mutation operation.
...
For multi-college district accounts, the operation should be modified to also include the “reportedByMisCode” field in the input argument to specify which college in the district the fraudulent application (appId) is being submitted for (see example shown in the Variables table).
The default MIS code for a single college district is passed automatically in the token, so it does not need to be included as a variable in the input argument.
...
In the hands of a knowledgable API programmer, the schema provides everything they need to construct and execute the FraudReportSubmit operation, including the required input argument, Input fields, and the payload response using an API dev tool such as CURL, PowerShell, Python, Java, etc. Any of these development tools will provide the mechanism needed to make this API web request.
Panel | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
To export the FraudReportSubmit operation, or a variation of that template, as described in the schema in the Apollo sandbox, click the three dots in the Operation section to display the context menu for options. |
...
With a basic understanding of the operation and their API account with the appropriate credentials and configured attributes, a skilled API programmer has everything they need to effectively format a proper web request using an application development tool such as Curl, Python, PowerShell, etc.
The example below submits a formatted web request for a fraud report for application id (AppID) 34110
.
Code Block | ||||||
---|---|---|---|---|---|---|
Panel | ||||||
| ||||||
A primary function of the API is to facilitate the process of automating the submission of suspected or identified fraudulent admission applications to the CCCTC for use in combatting systemwide fraud. |
Submitting a Fraud Report Via API
The schema defines the process for submitting fraud information to the CCCTC as the FraudReportSubmit operation. Specifications for this GraphQL-based operation are documented in the Apollo sandbox.
In general terms, the components of this operation are quite basic. The root of the FraudReportSubmit query is a mutation type object that has a required Input argument (FraudReportSubmitInput!) where at least one input variable field must be provided and a custom payload response is defined (FraudReportSubmitPayload). For the majority of fraud report submissions, only the application Id (AppID) is truly needed, although additional input fields may also be added to the operation.
Explore the schema documentation for the FraudReportSubmit mutation and see the available Input fields.
The FraudReportSubmit Operation
Below is an example of a basic FraudReportSubmit operation built with a template in the Apollo sandbox.
In the Operation section, the root mutation, FraudReportSubmit, has been selected with the default FraudReportSubmitPayload fields displayed. In the Documentation column, the Input argument - FraudReportSubmitInput - is selected and expanded showing the fields that can be used for the required input. In the Variables table, the “appId” field as been added as the only input variable for this basic operation (currently displaying a null value in the adjacent screenshot).
|
Panel | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
The Documentation tab (in the sandbox) enables you to step into the Fraud Data API schema, beginning at one of its entry points. Click the ⊕ button next to any field in the Documentation tab to add that field to the operation editor, at your current path. By default, the Explorer automatically generates variables for that field's arguments |
Panel | ||||||
---|---|---|---|---|---|---|
| ||||||
Reminder: The user’s API account is configured with their default authorized MIS code(s), which is identified in the access token that becomes part of the request heading. The “appId” value entered must be a legitimate application corresponding to the authorized MIS code or the request will return an error. |
In this operation, the mutation has a required input argument (FraudReportSubmitInput!) that specifies which data fields will be included in the submission.
Learn how to use an Input object type in a GraphQL mutation operation.
For multi-college district accounts, the operation should be modified to also include the “reportedByMisCode” field in the input argument to specify which college in the district the fraudulent application (appId) is being submitted for (see example shown in the Variables table). The default MIS code for a single college district is passed automatically in the token, so it does not need to be included as a variable in the input argument. |
In the hands of a knowledgable API programmer, the schema provides everything they need to construct and execute the FraudReportSubmit operation, including the required input argument, Input fields, and the payload response using an API dev tool such as CURL, PowerShell, Python, Java, etc. Any of these development tools will provide the mechanism needed to make this API web request.
Panel | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
To export the FraudReportSubmit operation, or a variation of that template, as described in the schema in the Apollo sandbox, click the three dots in the Operation section to display the context menu for options. |
...
With a basic understanding of the operation and their API account with the appropriate credentials and configured attributes, a skilled API programmer has everything they need to effectively format a proper web request using an application development tool such as Curl, Python, PowerShell, etc.
The example below submits a formatted web request for a fraud report for application id (AppID) 34110
.
Code Block |
---|
curl --location --request POST 'https://apollo-router.qa.ccctechcenter.org'
--header 'Authorization: Bearer eyJ......'
--header 'Content-Type: application/json'
--data-raw '{"query":"mutation FraudReportSubmit($input: FraudReportSubmitInput!) {\n FraudReportSubmit(input: $input) {\n cccId\n appId\n fraudType\n }\n}\n","variables":{"input":{"appId":34110}}}' |
...
Code Block |
---|
{ "data": { "FraudReportSubmit": { "cccId": "AAA6198", "appId": 34110, "fraudType": "APPLICATION" } } } |
Submit a Fraud Report Using Postman
In your Postman workspace, click on the Fraud Report Submit file in the Fraud Report collection.
To support users that may not have the necessary skillset to build and submit a web request from the schema, the report can be submitted via the Postman tool - operation can be using be API developers, In the body of the post, the data structure for the FraudReportSubmit mutation appears in the Query portion of the workspace, with ($input: FraudReportSubmitInput!) as the required argument. In GraphQL, an Input can be an argument against an object. In this case, FraudReportSubmit is an object type. The three fields below the object indicate the fields that we want values for in the response. The input variables appear in the GraphQL VARIABLES box
...
panelIconId | atlassian-light_bulb_on |
---|---|
panelIcon | :light_bulb_on: |
panelIconText | :light_bulb_on: |
bgColor | #FFFFFF |
...
Panel | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
Testing: While the purpose of this API is strictly for the reporting and sharing of information related to fraudulent applications and bad actors, any valid AppID or CCCID can be used for testing purposes. In addition to testing the API, these data will support the Tech Centers testing of the internal workflows to identify other applications that may be associated with the individual(s) reported to be fraudulent. |
Submit a Fraud Report Using Postman
In your Postman workspace, click on the Fraud Report Submit file in the Fraud Report collection.
To support users that may not have the necessary skillset to build and submit a web request from the schema, the report can be submitted via the Postman tool - operation can be using be API developers, In the body of the post, the data structure for the FraudReportSubmit mutation appears in the Query portion of the workspace, with ($input: FraudReportSubmitInput!) as the required argument. In GraphQL, an Input can be an argument against an object. In this case, FraudReportSubmit is an object type. The three fields below the object indicate the fields that we want values for in the response. The input variables appear in the GraphQL VARIABLES box
...
Receiving Fraud Notifications to a Staging Table
...
Panel | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
Below is an example of the FraudReportQuery:withRecipientMisCode operation configured in the Apollo sandbox. |
in the Apollo sandbox. |
Panel | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
Reminder: The purpose of the Fraud Data API is to provide colleges the ability to integrate GraphQL functionality into their internal systems in order to streamline their own fraud reporting processes. |
Copying & Exporting Query
...
Operations
Panel | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
To export the FraudReportQuery operation, or a configuration of the template, as defined in the schema in the Apollo sandbox, click the three dots in the Operation section to display the context menu for options. |
...
[ brief description and link to the Using Postman page ]
We’ve developed a developer ‘starter kit’ for creating queries.
Panel | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
Reminder: The purpose of the Fraud Data API is to provide colleges the ability to integrate GraphQL functionality into their internal systems in order to streamline their own fraud reporting processes. |
a developer ‘starter kit’ for creating queries.
Panel | ||
---|---|---|
| ||
CCCTC has |
defined templates for three different variations of the FraudReportQuery |
in the schema |
documented in the Apollo sandbox. One of these variations, FraudReportQuery:WithRecipientMisCode, was provided to the colleges in a Postman file named, Fraud Report Query, which was imported during the implementation process. See Creating & Modifying Postman Events in the Using Postman for the Fraud Data API Guide. The fastest and easiest way to create the other query variations to use |
in Postman is to modify the existing file starting in the Apollo sandbox. |
...
customizing the desired input fields and variables for the FraudReportQuery:withCCCID in Apollo, exporting the operation and copying it into Postman, where it can be saved as a separate query operation file and added to your Postman Fraud Report collection
The process below outlines the steps for creating a new query entry to your Fraud Report Postman collection which will allow you to make an API call using a CCCID or App ID. |
...
Documentation & Supporting Resources
...
Item | Description | File / Link |
---|---|---|
Apollo API Sandbox | Fraud Data API Endpoint & Schema Documentation | |
GraphQL API Documentation | (Official) Online Introduction to GraphQL Primer / DocumentationAPI | |
About GraphQL | CCCTC-based Introduction to GraphQL API | |
Postman Documentation | Introduction to Postman / Documentation | https://learning.postman.com/docs/getting-started/introduction/ |
Using Postman with the Fraud Data API | CCCTC Guide for Using Postman with the Fraud Data API | |
Postman Collection Files | Fraud Report Collection:
GraphQL:Pilot Environment Collection |
...