Alerts and Alert API

Overview

Alerts are designed to notify you when recent leads or signups have an increase in risk. If items are added to blacklists matching your vetting data, E-HAWK will automatically send an email alert so you can quickly review the user and take any necessary actions. Alert Emails are sent every six hours with all alerts during that time frame. If you prefer API calls for alerts, use the Alert API and call anytime you wants updates.

Settings

Alert settings are configured in the Portal. Select alert data types and a scoring threshold to filters only high impact score changes. Items in your scoring profile that exceed the alert threshold will create alerts. In addition, recent alerts can be viewed in the Portal Alert tab.

In the settings area you can configure email addresses for Alert notices, toggle between Alert Type of (Email or API), set score threshold, and turn on/off data points to monitor.

Data and Format

Alerts contain the following data and are delivered in JSON format.

transaction_id transaction ID of the API call
type The type that hit the alert such as IP, Email, Phone, etc
value The value that hit the alert
reason The reason hit for the alert such as Phishing.
transaction_score The Risk Score of the original API call
alert_score_impact the change or impact of the new risk hit based on your scoring profile
estimated_new_score An estimate of the new risk score based on the new risk hit
username username value sent in API call
lead_id lead_id value sent in API call
transaction_fingerprint The fingerprint sent in API call
transaction_date The timestamp of the API call (UTC)
alert_date The timestamp the Alert was created (UTC)

Email Alerts

Email Alerts are sent every six hours to your configured Alert email addresses and contain a list of all issues during that period. The emails show data for each Alert and contain JSON data at the end for back-end processing. As an example:

API Endpoint (5.8)

https://feed-api.ehawk.net/alert/

The API accepts both HTTPS POST and HTTPS GET.

For GET use the format:

https://feed-api.ehawk.net/alert/function/?keyword=value

When using POST, make sure to have Content-Type: application/x-www-form-urlencoded

CRUL POST API call example:

$ curl -X POST -H Content-Type:application/x-www-form-urlencoded -d 'apikey=your_apikey' https://feed-api.ehawk.net/alert/function/

API Function

Options for function

Select the action to take using function values:

list get all new Alerts, and mark as as "sent"
list24 get every Alert within the last 24 hours. Do not mark any as "sent"

We suggest you use the list call as you will only get unread alerts. As an example, using GET to see all new alerts:

https://feed-api.ehawk.net/alert/list?apikey=your_apikey

API Response

The response will be a JSON string with each Alert in a new sub JSON string. The Alert JSON contains the Transaction ID and all the data for the Alert. As an example:

API Status Codes

Status Response
200 OK (no errors)
403 Alert Type is set to Email in the Portal. Change to API.
502 Invalid APIKEY or URL