Activity Report API

Overview

Using phonetic algorithms, pattern matching, and machine learning, the Vetting API detects frequency and velocity abuse patterns. As a simple example, sign-ups using similar emails to create multiple accounts such as: jim1@xyz.com, jim15@xyz.com, jim37@xyz.com will be tagged.

If we detect an abuse pattern, an incident is created with all records and data associalted with the incident. If the pattern continues, new records are automatically added to the original incident.

These are typically fraudsters that you do not want in your systems. Making an activity/get call to the feed API will report back all incidents and entities associated with your account over the last 24 hours.

Endpoint (5.8)

https://feed-api.ehawk.net/activity/

The API accepts both HTTPS POST and HTTPS GET.

For GET use the format:

https://feed-api.ehawk.net/activity/function/?keyword=value

When using POST, make sure to have Content-Type: application/x-www-form-urlencoded

CRUL POST API call example:

$ curl -X POST -H Content-Type:application/x-www-form-urlencoded -d 'apikey=your_apikey' https://feed-api.ehawk.net/activity/function/

Function

Options for function

Select the action to take using function values:

get get all activity incidents for the last 24 hours. For example:
https://feed-api.ehawk.net/activity/get?apikey=your_apikey

incident get all activity incidents. For example:
https://feed-api.ehawk.net/activity/incident?apikey=your_apikey

This report defaults to 100 records, but can be customized with page (start page) and num (1-500 rows) definitions:

https://feed-api.e-hawk.net/apikey/activity/incident?page=2&num=25

After reviewing the incident data, you can confirm or delete incidents with the following functions calls.

confirm adds incident data as confirmed and removed from list
https://feed-api.e-hawk.net/apikey/activity/confirm?incident=<incident#>

delete removes incident from your account
https://feed-api.e-hawk.net/apikey/activity/delete?incident=<incident#>

The Vetting API JSON responses include activity incident IDs if they are part of the call. Incident IDs change when new data is added, so if these detail calls return a 502 status, a following Vetting API call and JSON response will have the updated Incident ID. Use the incident ID from the updated JSON response to get full incident details.

details returns the records of a specific incident
https://feed-api.e-hawk.net/apikey/activity/details?incident=<incident#>

API Response

The response will be a JSON string with each Incident in a new sub JSON string grouped by data type. As an example:

API Status Codes

Status Response
200 OK (no errors)
502 Invalid APIKEY or URL

Portal Incident Reporting

The Activity Report in the Portal lists all incidents created by our activity monitor during the last thirty days. To the right of each incident are buttons: Correct to verify the incident as a Repeat Sign-up, False to mark as incorrect (remove from scoring), and Hold to not score until marked correct or false. This report should be checked often because many times the first items in the incident are marked as low risk (no bad pattern yet), and the later ones are marked as high risk. If the incident is Correct, then make sure to take action on all items in the incident.

Activity