Using Postman with the SuperGlue Fraud Reporting Data API

Introduction

To support the use of the SuperGlue Fraud Reporting Data API, the CCCTC recommends using a tool such as the Postman API client to simplify the usage of the API’s basic networking languages, protocols, and formatting.

To share a public version of this page, use this URL: Using Postman with the SuperGlue Fraud Reporting Data API

What is Postman?

Postman is a testing platform designed to “easily explore, debug, and test your complex API requests for HTTP, REST, SOAP, GraphQL, and WebSockets. The Postman client also includes built-in support for authentication protocols like OAuth 1.2/2.0, AWS Signature, Hawk, and more.” Learn more in the Postman Learning Center.

Why use Postman with the Bi-directional Fraud Data API?

CCCTC recommends using Postman when interacting with CCCTC APIs. Links to download and install Postman are provided below. In addition, a set of custom Postman collections have been created to help simplify the reporting operations for colleges who may not have the technical resources available to implement the API initially.

Who should use Postman with the API?

Anyone can use Postman as a manual process for executing fraud data reporting operations. Non-technical college staff are encouraged to use Postman for running ad hoc fraud reporting and queries.

Who should you call to get help using Postman with the API?

Contact the Enabling Services team at the CCC Technology Center for help.

Installing & Configuring Postman

Below are instructions for downloading, installing, and configuring Postman for use with the Bi-Directional Fraud Data API.

Step 1: Download & Install Postman

Sign up for a free postman account
Download and install the latest version of Postman for your platform.

Step 2: Import the Fraud Report Postman Collections

CCCTC staff will provide the account credentials. Use these with the below Postman Collection for authentication and simplifying your fraud data reporting submissions and requests. A Postman collection is a file containing example requests needed to automate fraud requests and workflows.

Postman Collections: Through the Postman API client, requests can be organized into groupings called collections. Such collections help organize the requests for reuse so that time isn’t wasted rebuilding everything from scratch. Collections can tie requests together to automate common workflows, and you can use scripting to visualize your API responses as charts and graphs.

Import the CCCTC - Fraud Reporting Postman collection file into the Postman app.
1. From your My Workspace page within the Postman App, click on the Collections button from the left menu, then click the Import button in the top right of the column.
2. Provide the following URL: https://cccnext.jira.com/wiki/download/attachments/2851438610/CCCTC - Fraud Reporting.postman_collection.json?api=v2
3. Once imported, expand the CCCTC - Fraud Reporting collection heading to display the requests. These requests are named:
  1. Authenticate
  2. Submit Fraud Report
  3. Retrieve Reports - By Recipient Mis Code
  4. Retrieve Reports - By AppId
  5. Retrieve Reports - By cccId
  6. Rescind Fraud Report
Import the CCCTC APIs - Production Postman environment file into the Postman app.
1. From your My Workspace page within the Postman App, click on the Environments button from the left menu, then click the Import button in the top right of the column.
2. Provide the following URL: https://cccnext.jira.com/wiki/download/attachments/2851438610/CCCTC APIs - Production.postman_environment.json?api=v2
3. Once imported, click on the Environments icon from the upper right side menu in the workspace and select the appropriate environment (CCCTC APIs - Production). The parameters for the environment will display in the center of your workspace.

Step 3: Configure Account Credentials

In the MY_USERNAME row of the CURRENT VALUE column, enter the account username provided by CCCTC staff.
In the MY_PASSWORD row of the CURRENT VALUE column, enter the account password provided by CCCTC staff.

Using Postman with the Bi-directional Fraud Data API

Getting Your API Access Token Using Postman

Once Postman is installed and the CCCTC - Fraud Reporting and CCCTC APIs - Production environment files have been imported and configured with your API account credentials and environment specifications, then your access token is generated and refreshed using the Authenticate request. Once generated, Postman will automatically store the token as the Bearer in the Authorization head for the other API requests.

Once your account credentials (username and password) have been configured for the appropriate environment, then:

From Your Postman Workspace…

1: Expand the CCCTC - Fraud Reporting collection and click Authenticate. The Authenticate request will open in a tab on your Workbench.

3: Ensure the appropriate environment is selected.
Note: In the adjacent screenshot, the CCCTC APIs - Production environment is selected (active).

4: Click the Send button to generate the access token.

Note: The access_token appears in the lower half of the body of the Authenticate tab, which is then embedded for authorization on subsequent requests.

Access Token

In the lower half of your workspace, the JSON code is displayed next to the access_token variable.

This token information automatically becomes the Bearer required in the Authorization head for secured requests to the API. (Reminder: Your API account is set up and provided by the CCCTC during the implementation process.)

Each time you send an Authenticate request, the new access_token is automatically saved to the header for subsequent API operations you send.

Note: Each access_token expires in 300 seconds (5 mins).

NOTE: The access token must be active to successfully authenticate against the API. The access token must be refreshed frequently to maintain authorized access. In Postman, the token must be refreshed every 300 seconds (5 minutes).

Submitting Fraud Reports Using Postman

A fraud report can be submitted, via Postman, using the Submit Fraud Report request. The operation is sent to the CCCTC API as a POST HTTP web request with the body of the request containing the data structure for the FraudReportSubmit mutation. It appears in the query portion of the workspace, with ($input: FraudReportSubmitInput!) as the required argument. In GraphQL, input can be provided as a variable. In this case, FraudReportSubmit is an object type. The fields below the object indicate the fields that are requested to be included in the response. The input variables appear in the GraphQL VARIABLES box.

Testing: While the purpose of this API is strictly for the reporting and sharing of information related to fraudulent applications and bad actors, any valid AppID or CCCID can be used for testing purposes in the ‘pilot’ environment. In addition to testing the API, this data will support the Tech Centers testing of the internal workflows to identify other applications that may be associated with the individual(s) reported to be fraudulent. Testing should only be against the ‘pilot’ environment.

Querying Fraud Data Using Postman

Once your account credentials (username and password) have been configured for the appropriate environment, then:

From Your Postman Workspace…

1: Expand the CCCTC - Fraud Reporting collection

2: Click on Retrieve Reports - By Recipient Mis Code.

3: Ensure the appropriate environment is selected.
Note: In the adjacent screenshot, the CCCTC APIs - Pilot environment is selected (active).

4: Click the Send button to retrieve the fraud reports that your account has access to.

Rescinding a Fraud Report using Postman

Once your account credentials (username and password) have been configured for the appropriate environment, then:

From Your Postman Workspace

1: Expand the CCCTC - Fraud Reporting collection.

2: Click on Rescind Fraud Report.

3: Ensure the appropriate environment is selected.
Note: In the adjacent screenshot, the CCCTC APIs - Pilot environment is selected (active).

4: Provide the appropriate variables to identify an existing, previously-submitted, fraud report: cccId, and/or appId.

5: Click the Send button to rescind the fraud report.
Note: that this will only work for fraud reports that your account has access to.