Introduction
High-Level Overview
This section outlines the prerequisites, design considerations, and data flow for effectively integrating the transaction screening API. Developers should carefully review these details to ensure seamless implementation.
Prerequisites
To integrate with the transaction screening API, the following prerequisites must be in place:
-
Authentication:
- Each API call must include an API key in the headers for authentication. Ensure the API key is securely stored and managed.
- Authentication for outgoing webhook responses will require additional verification mechanisms to confirm that responses originate from our system.
-
Initial Request and Acknowledgment:
- Upon submitting a transaction for screening, the API will immediately respond with an acknowledgment confirming receipt of the request.
- This acknowledgment allows you to track the status of the request while processing continues in the background.
-
Standard HTTP Call Design:
- All interactions with the API follow a standard HTTP request-response pattern.
- The baseURL for all API endpoints is: https://api.exoai.tech/
- Ensure that your system supports HTTPS to maintain data security during communication.
-
Webhook Setup:
- A webhook endpoint must be configured by your system administrator to receive screening results.
- The webhook ensures asynchronous delivery of detailed screening results once processing is complete.
- To validate webhook authenticity, the response payload includes a digital signature. Developers should implement a verification process on their webhook endpoint to confirm this signature.
-
Webhook Configuration Guidelines:
- The webhook endpoint must be capable of:
- Handling incoming POST requests with JSON payloads.
- Verifying the webhook signature using the shared secret or key.
- Logging and retrying failed deliveries based on the status code provided.
- The webhook endpoint must be capable of:
-
System Readiness:
- Ensure your system can parse and process the response format, which includes details such as matched rules, blacklist findings, and risk scores.
Data Flow
Below is a high-level flow of how data moves through the transaction screening process:
- Submit Transaction: A financial transaction is submitted to the API along with the required authentication details.
- Acknowledgment: The API responds with an acknowledgment, confirming receipt of the transaction.
- Processing:
- Concurrent checks are performed for client-specific rules, blacklist status, and AI-based risk scoring.
- The results are compiled into a structured response.
- Webhook Response:
- The screening results are sent asynchronously to the configured webhook endpoint.
- Developers must verify the authenticity of the webhook response and handle the results appropriately.
Flow Diagram
The following diagram provides a visual representation of the transaction screening data flow:
This high-level overview provides developers with the foundational details needed to integrate with the transaction screening API. Further sections will delve into specific implementation guidelines and examples.