Activity Report API

Using phonetic algorithms, pattern matching, and and machine learning, the Vetting API detects frequency and velocity abuse patterns. As a simple example, sign-ups using similar emails to create multiple accounts such as: jim1@xyz.com, jim15@xyz.com, jim37@xyz.com will be tagged.

If we detect an abuse pattern, an incident is created with all records and data associalted with the incident. If the pattern continues, new records are automatically added to the original incident.

These are typically fraudsters that you do not want in your systems. Making an activity/get call to the feed API will report back all incidents and entities associated with your account over the last 24 hours.

To run the Activity Report:

https://feed-api.e-hawk.net/apikey/activity/get 

The JSON response will list each incident ID and data points. In this example, incident 558 has two emails and one IP.

{
  "response": {
    "558": {
      "email": [
        "jim01@aol.com",
        "jim02@aol.com"
      ],
      "ip": [
        "8.8.8.9"
      ]
    }
  },
  "status": 200
}


You can also use

https://feed-api.e-hawk.net/apikey/activity/incident 
to get a list of all incidents in your account. This report defaults to 100 records, but can be customized with page (start page) and num (1-500 rows) definitions:

https://feed-api.e-hawk.net/apikey/activity/incident?page=2&num=25 


After reviewing the report data, you can confirm or delete incidents with the following API calls.

To verify an incident, send:

 https://feed-api.e-hawk.net/apikey/activity/confirm?incident=<incident#> 


To delete/remove an incident, send:

 https://feed-api.e-hawk.net/apikey/activity/delete?incident=<incident#> 


In addition, Vetting API JSON responses include activity incident IDs. To get details for a specific incident, send:

 https://feed-api.e-hawk.net/apikey/activity/details?incident=<incident#> 

Incident IDs change when new data is added, so if these detail calls return a 502 status, a following Vetting API call and JSON response will have the updated Incident ID. Use the incident ID from the upadted JSON response to get full incident details.

The Activity Report in the Portal lists all incidents created by our activity monitor during the last thirty days. To the right of each incident are buttons: Correct to verify the incident as a Repeat Sign-up, False to mark as incorrect (remove from scoring), and Hold to not score until marked correct or false. This report should be checked often because many times the first items in the incident are marked as low risk (no bad pattern yet), and the later ones are marked as high risk. If the incident is Correct, then make sure to take action on all items in the incident.