Overview & Reference Information
1. Overview
1.1 Purpose
This document contains the specifications for the Candescent Digital Banking Platform's Anomaly Detection Application Programming Interface (API). This document is intended for partner Anomaly Detection service providers to implement their externally facing API for seamless integration with Candescent's Digital Banking product.
The API specification is based on REST API standards with JSON as the standard data format.
1.2 Partner Implementation Overview
As an Anomaly Detection partner, you are required to implement a REST service hosted external to Candescent data centers. Candescent Digital Banking will call your implemented APIs to:
- Calculate real-time risk profiles for banking activities
- Receive bulk banking activities for building risk models
- Delete user data upon request (for compliance and user data management)
1.3 Audience
This guide is intended for:
- Partner development teams implementing the Anomaly Detection API
- Solution architects designing the partner service integration
- Technical project managers overseeing partner implementations
1.4 Document Conventions
- JSON is the standard data format for all API requests and responses
- All timestamps must be in ISO 8601 format
- All identifiers should be UUID format unless otherwise specified
- This document serves as the authoritative specification for partner API implementation
2. Technical Design
2.1 Integration Architecture
To achieve seamless integration with Candescent's Digital Banking platform, you (the partner) must implement a REST service hosted external to Candescent data centers.
Architecture Overview:
The diagram above illustrates the integration between Candescent Digital Banking and your Partner Anomaly Detection Service:
- Candescent Digital Banking: Internal services that process user activities and route them to your service
- Partner Service: Your externally hosted REST API implementation with three endpoints:
- Real-Time Flow: Single activity risk assessment via
getRiskProfile - Bulk Flow: Multiple activities for model building via
createBankingActivitiesanddeleteUserBankingActivities - Anomaly Detection Engine: Your risk calculation and pattern analysis engine
- Real-Time Flow: Single activity risk assessment via
All communication occurs over HTTPS (TLS 1.2+) with Basic Authentication or Client Certificate authentication.
2.2 Sequence Flow
The following describes the typical flow for anomaly detection:
Real-Time Flow (Login Example):
- Financial Institution user attempts to login using digital banking credentials
- Candescent authentication service validates user credentials
- Candescent anomaly detection service calls your getRiskProfile API
- Your service calculates risk profile and returns risk score/advice
- Based on the risk advice, Candescent may allow, challenge, or deny the login
Near Real-Time Flow (Bulk Activities):
- Candescent calls your createBankingActivities API with bulk activities in near real time
- Your service records activities for building/updating risk models
References:
- Learn more about API Specifications and Design.
- Learn more about Security, Compliance & Quality.
- Learn more about Integration & Implementation.
- For more information, visit FAQ and Support.
This document is confidential and proprietary. The information contained herein may not be copied, reproduced, transmitted, or used without the express written consent of Candescent Corporation.