2.5 Understanding the Sequence of User Activity Runtime API Calls

This section demonstrates how OARM processes user activities and provides values for API operations from the client application.

The following is a general sequence of API calls.

1. Create an OARM session using createSession (session-POST API). It creates a requestId, which is required for Create Custom User Activity API.
2. Client application then provides information about Custom User Activity by invoking Create Custom User Activity API (which uses the request ID created in Step 1).
3. Review to make sure the status of the Create Custom User Activity is successful before obtaining the transaction ID from the response.
4. Client can then call the processRules API to trigger the fraud policies/rules associated to the Transaction checkpoint. This step results in triggering the rules engine that would execute the policies and rules associated to this checkpoint and creating alerts if the associated rules trigger. The output of this API is a set of actions and risk score as returned by the policies and rules.
5. Based on the outcome of the processRules API call, the client application can choose to call the Update Custom User Activity API to set the transaction status or to update data in the existing transaction.

   Note:

   Ensure that the Custom User Activity status is updated. This is due to the fact that some rules may use the status of previous transaction (user activity) as a data point.
6. In some cases, client applications can choose to execute a processRules API with a Pre Transaction checkpoint first and then Post Transaction kind of checkpoint that has policies/rules that have to be executed after a transaction is created. This can help application to figure out if transaction is good to execute, and then after execution any additional rules that may be required.