AML / Global Database Check API

COMPLY WITH AML/CTF REGULATIONS, GLOBAL SANCTIONS, FINANCIAL REGULATIONS, PEP, LAW ENFORCEMENTS, ADVERSE MEDIA LISTS

Description

Automate AML compliance with global database search API. This API covers data from more than 50K globally available sources to prepare real time reports on individuals and businesses which includes financial sanctions and regulations imposed by the global bodies, political links and any adverse media coverage.

Request Person Search

Type	URL	Min Version	Max Version
POST	`https://api.attestr.com`/api/{version}/public/riskx/aml/person	v1

Request Business Search

Type	URL	Min Version	Max Version
POST	`https://api.attestr.com`/api/{version}/public/riskx/aml/business	v1

Request Body Parameters

For Person Search

Type	Name	Description	Optional (default)	Min Version
String	tag	Unique reference Id for this request to be provided by customer. Max 50 characters.	Required	v1
Number	threshold	The threshold score for filtering the records. Records with score less than threshold won't show up in results. Min allowed value is 50. Max 100.	Required	v1
String	firstName	Candidate's first name. Max 100 characters.	Required	v1
String	middleName	Optional candidate's middle name. Max 100 characters.	Optional	v1
String	lastName	Candidate's last name. Max 100 characters.	Required	v1
String	dob	Candidate's date of birth DD-MM-YYYY	Required	v1
Number	dobDelta	A number between 0 and 5 indicating if the result should look at the exact year match or within 0 to 5 years range from the provided date of birth. Default is 5, if not specified.	Optional	v1
Array[String]	countries	Array of country ISO codes to search for records. Refer to Country ISO Codes section below for the list of allowed values.	Required	v1
String	gender	Optional. Provide value as Male or Female.	Optional	v1
Boolean	extended	Set to true for detailed / manual review mode	Optional	v1
Boolean	webhook	Boolean indicating whether webhook should be triggered after request is processed. This is only applicable for detailed manual review mode ie when extended is passed as true. For background check requests, extended should be passed as true.	Optional	v1

For Business Search

Type	Name	Description	Optional (default)	Min Version
String	tag	Unique reference Id for this request to be provided by customer. Max 50 characters.	Required	v1
Number	threshold	The threshold score for filtering the records. Records with score less than threshold won't show up in results. Min allowed value is 50. Max 100.	Required	v1
String	name	The entity legal name	Required	v1
String	countries	Array of country ISO codes to search for records.	Required	v1
Boolean	webhook	Boolean indicating whether webhook should be triggered after request is processed. This applies only for the case when extended flag is set as true ie detailed manual review mode is enabled.	Optional	v1
Boolean	extended	Set to true for detailed / manual review mode	Optional	v1

Request Header Parameters

Type	Name	Value / Description	Optional	Min Version	Max Version
String	Content-Type	application/json	Required	v1
String	Authorization	Basic `{authToken}`	Required	v1

If you do not have the authentication token, please refer to Register App to generate one.

Sample Request

Person Search
Business Search
    
 
{  "tag": "ABCD-1234",  "threshold": 50,  "firstName": "VED",  "lastName": "TIWARI",  "middleName": "PRAKASH",  "dob": "05-08-1989",  "dobDelta": 2,  "countries": ["IN"],  "extended": false,  "webhook": false}
Copy

Response

Http Status 200

The API returns an array of matching records for the provided search criteria.

Key	Description	Type	Min Version
_id	Unique search Id generated for every search request made to the platform	String	v1
number	Unique human readable number to be used for any reference later	String	v1
message	Message for the error cases or if there are no records returned for a specific search criteria	String	v1
valid	Boolean flag indicating if the search was successful	Boolean	v1
count	Total number of search records found and returned	Number	v1
records	Array of records returned	Array[SearchRecord]	v1
request	For searches made with extended mode set as true, an async request order is created for the manual review by Attestr back office team. This is applicable for background verification requests. For real time searches, the value of this will be null.	String	v1
requestNumber	Async request human readable number for later reference. Null for real time search requests.	String	v1

SearchRecord Object

Key	Description	Type	Min Version
_id	Unique Id of the record, should be used for querying the detailed profile. Check Get Profile Detail API below.	String	v1
version	Profile version. For any incremental update to an profile, version is updated. This key therefore returns the associated profile version to be used while querying the details.	String	v1
confidence	Search confidence score for the record. This will always be more than the input threshold.	Number	v1
nameMatch	The name that led to the match. Every profile has a primary name and list of aliases. The search input name can match with either the primary name or one of the aliases.	String	v1
primaryName	Primary name of the profile	String	v1
countries	Country ISO codes where the specific profile is found to have a footprint ie one of the linked addresses etc	Array [String]	v1
dobRecords	Available only for person search records. Date of birth ISO records. This is an array of date of birth or year of birth records as found in different sources.	Array[String]	v1
gender	Available only for person search records. Gender of the person	String	v1
photo	Available only for person search records. Photo URL if available else null	String	v1
tags	List of associated risk tags / flags due to which this profile is listed. Refer to Risk Tags section below for the possible values.	Array [String]	v1

Sample Response

Sample Person Search Response
Sample Business Search Response
    
 
{  "_id": "AS0rxehAXjQOIleOHS",  "number": "3883-978623-3844",  "message": null,  "valid": true,  "count": 4,  "records": [    {      "_id": "4b886c4ef0baf89c85cbe97880f88e911a7b1e21b7e9ebb3d9ea880b2f403a6b",      "version": 1652853729825,      "confidence": 89,      "nameMatch": "S K Tiwari",      "primaryName": "S K Tiwari",      "countries": [        "IN"      ],      "dobRecords": [],      "gender": "Male",      "photo": null,      "tags": [        "REGULATIONS"      ]    },    {      "_id": "1b22329465d26b7aeca59f79310ef23bb6c94e19a3d95c03877a0a6ecdc18a58",      "version": 1652817712538,      "confidence": 89,      "nameMatch": "A K Tiwari",      "primaryName": "A K Tiwari",      "countries": [        "IN"      ],      "dobRecords": [],      "gender": "Male",      "photo": null,      "tags": [        "POLITICAL_DIRECT"      ]    },    {      "_id": "d57b89a9f43fbc5ffff1b485019a6dd9815ae4b207ed6826b426c6d1d324e3a4",      "version": 1652817691469,      "confidence": 89,      "nameMatch": "S K Tiwari",      "primaryName": "S K Tewari",      "countries": [        "IN"      ],      "dobRecords": [],      "gender": "Male",      "photo": null,      "tags": [        "POLITICAL_DIRECT"      ]    },    {      "_id": "d17d56eb322b1b07baa23808c387837dfd32aac23df5bf559b248481343dafcf",      "version": 1652817839050,      "confidence": 89,      "nameMatch": "A K Tiwari",      "primaryName": "A K Tiwari",      "countries": [        "IN"      ],      "dobRecords": [],      "gender": "Male",      "photo": null,      "tags": [        "POLITICAL_DIRECT"      ]    }  ],  "request": null,  "requestNumber": null}
Copy

Risk Tags

Tag / Code	Description
POLITICAL_DIRECT	Entities or individual with direct political exposure
POLITICAL_LINKED	Entities or individuals with a second or third level of political exposure
SANCTIONS	Financial sanctions imposed by global bodies
REPUTATIONAL_RISKS	Individuals or entities listed under risks that are linked to reputation in nature, mostly covered by global media
PROFILES___OF_INTEREST	Other profiles of interest
REGULATIONS	Entities or individuals listed by the enforcement agencies globally
INSOLVENCY	Entities marked as insolvent i.e. unable to pay debts owed
DISQUALIFIED_DIRECTOR	For individuals listed as disqualified directors by the local company registrar bodies
STATE_OWNED	For entities which are owned / run by the local or federal Government. For individuals it is persons linked to such entities

Get Profile Details API

This API returns the profile details based on the IDs returned in the search API response.

Person Profile Details API

Type	URL	Min Version	Max Version
GET	`https://api.attestr.com`/api/{version}/public/riskx/aml/person/<profileId>	v1

Business Profile Details API

Type	URL	Min Version	Max Version
GET	`https://api.attestr.com`/api/{version}/public/riskx/aml/business/<profileId>	v1

Request Header Parameters

Header Name	Header Value
Content-Type	application/json
Authorization	Basic <auth_token same as used in search API>

Response

Http Status 200

Person Profile Details Response

Key	Type	Description	Min Version
_id	String	Unique profile Id same as passed in the URL parameter	v1
version	String	Version of the profile	v1
deleted	Boolean	Boolean flag indicating if the profile is deleted	v1
deletionReason	String	Reason if the profile is deleted e.g. duplicate etc.	v1
firstName	String	Primary first name	v1
middleName	String	Primary middle name	v1
lastName	String	Primary last name	v1
tags	Array[String]	Array of risk tags. Refer to risk tags section above for the list of possible values	v1
photos	Array[String]	List of the photo URLs	v1
gender	String	Gender of the person. Possible values are Male, Female, null	v1
dobRecords	Array[String]	Array of ISO strings indicating date or year of birth	v1
deceased	Boolean	Boolean flag indicating if the profile belongs to a deceased individual	v1
dodRecords	Array[String]	Array of ISO strings indicating date or year of death	v1
nationalities	Array[String]	List of ISO country codes	v1
aliases	Array[AliasObject]	List of name aliases	v1
linkedAddresses	Array[AddressObject]	List of linked addresses	v1
contacts	Array[ContactObject]	List of available contact information	v1
uuidRecords	Array[UUIDObject]	List of national Ids	v1
sanctions	Array[SanctionObject]	List of sanctions imposed by different global bodies	v1
regulations	Array[RegulationObject]	List of regulations	v1
politicalPositions	Array[PoliticalPositionObject]	List of direct political positions held by the individual	v1
politicalAssociations	Array[PoliticalAssociationObject]	List of the associations with the politically exposed individuals or entities	v1
reputationalRisks	Array[ReputationRiskObject]	List of reputational risks	v1
profilesOfInterest	Array[ProfileOfInterestObject]	List of other profiles of interest	v1
linkedPersons	Array[LinkedPersonObject]	List of linked individuals	v1
linkedBusinesses	Array[LinkedBusinessObject]	List of linked businesses	v1
evidences	Array[EvidenceObject]	List of supporting evidences for each associated risk tag	v1
notes	Array[NoteObject]	List of notes if available associated to the profile	v1

Business Profile Details Response

Key	Type	Description	Min Version
_id	String	Unique profile Id same as passed in the URL parameter	v1
version	String	Version of the profile	v1
deleted	Boolean	Boolean flag indicating if the profile is deleted	v1
deletionReason	String	Reason if the profile is deleted e.g. duplicate etc.	v1
name	String	Primary name of the business	v1
tags	Array[String]	Array of risk tags. Refer to risk tags section above for the list of possible values	v1
photos	Array[String]	List of the photo URLs	v1
aliases	Array[AliasObject]	List of name aliases	v1
linkedAddresses	Array[AddressObject]	List of linked addresses	v1
contacts	Array[ContactObject]	List of available contact information	v1
uuidRecords	Array[UUIDObject]	List of national Ids	v1
sanctions	Array[SanctionObject]	List of sanctions imposed by different global bodies	v1
regulations	Array[RegulationObject]	List of regulations	v1
politicalPositions	Array[PoliticalPositionObject]	List of direct political positions held by the individual	v1
politicalAssociations	Array[PoliticalAssociationObject]	List of the associations with the politically exposed individuals or entities	v1
reputationalRisks	Array[ReputationRiskObject]	List of reputational risks	v1
profilesOfInterest	Array[ProfileOfInterestObject]	List of other profiles of interest	v1
linkedPersons	Array[LinkedPersonObject]	List of linked individuals	v1
linkedBusinesses	Array[LinkedBusinessObject]	List of linked businesses	v1
evidences	Array[EvidenceObject]	List of supporting evidences for each associated risk tag	v1
stateOwned	StateOwnedObject	Object indicating if the business is directly or indirectly controlled by the local or federal administration / Government	v1
activities	Array[String]	List of business activities	v1
types	Array[String]	Any types associated with the business	v1
notes	Array[NoteObject]	List of notes if available associated to the profile	v1

Alias Object

Key	Type	Description	Min Version
type	String	Type of the alias such as spelling variation etc	v1
name	String	Alias name. Available for business profiles only. Null for individual profiles.	v1
firstName	String	Alias first name. Available for person profiles only. Null for business profiles	v1
lastName	String	Alias last name. Available for person profiles only. Null for business profiles	v1
middleName	String	Alias middle name. Available for person profiles only. Null for business profiles	v1

Linked Address Object

Key	Type	Description	Min Version
type	String	Address type - residential, office etc.	v1
LineOne	String	Line one of the address	v1
LineTwo	String	Line two of the address	v1
city	String	City name	v1
state	String	Name of the state	v1
stateAbbrev	String	Any state abbreviation if available	v1
country	String	Country ISO code for the address	v1
zip	String	Zip code of the address	v1

Contact Object

Key	Type	Description	Min Version	Max Version
type	String	Contact type - phone, email, landline etc	v1
val	String	Corresponding value	v1

UUID Object

Key	Type	Description	Min Version	Max Version
type	String	UUID type - PAN, SSN etc	v1
val	String	Corresponding value	v1

Sanction Object

Key	Type	Description	Min Version
sanctionId	String	Unique sanction identifier	v1
current	Boolean	Flag indicating whether the sanction is currently in-force or expired	v1
measures	String	Measure imposed as part of sanction such as travel bank, frozen accounts etc	v1
issuer	String	Name of the issuing authority	v1
regime	String	Sanction regime / section	v1
region	String	Region, country, area where this sanction is applicable	v1
types	String	List of types associated to this sanction	v1
events	Array[SanctionEventObject]	List of associated events	v1

Sanction Event Object

Key	Type	Description	Min Version
type	String	Type of event	v1
date	String	ISO date of event	v1
evidences	Array[String]	List of evidence Ids associated. Refer to EvidenceObject definition below for more details.	v1

Regulation Object

Key	Type	Description	Min Version
category	String	Category of the regulation	v1
subCategory	String	Subcategory if any	v1
events	Array[RegulationEventObject]	List of associated events	v1

Regulation Event Object

Key	Type	Description	Min Version
type	String	Type of event	v1
date	String	ISO date of event	v1
currencyCode	String	ISO currency code	v1
amount	String	Amount if any associated with this regulation event. For e.g. bail event for a fine of USD 10,000	v1
duration	RegulationEventDuration Object	Object containing the number of days, months and years applicable to this regulation event	v1
evidences	Array[String]	List of evidence Ids associated. Refer to EvidenceObject definition below for more details.	v1

Reputation Risk Object

Key	Type	Description	Min Version
category	String	Category of the regulation	v1
subCategory	String	Subcategory if any	v1
events	Array[ReputationRiskEventObject]	List of associated events	v1

Reputation Risk Event Object

Key	Type	Description	Min Version
type	String	Type of event	v1
date	String	ISO date of event	v1
evidences	Array[String]	List of evidence Ids associated. Refer to EvidenceObject definition below for more details.	v1

Political Position Object

Key	Type	Description	Min Version
type	String	Type of the position	v1
position	String	Name of the position held	v1
category	String	Position category if available	v1
country	String	Country ISO code where the position is held	v1
current	Boolean	Currently held or the past position	v1
from	String	ISO date or year of start
to	String	ISO date or year of end if applicable
evidences	Array[String]	List of evidence Ids associated. Refer to EvidenceObject definition below for more details.	v1

Political Association Object

Key	Type	Description	Min Version	Max Version
_id	String	Profile ID of the associated political profile	v1
evidences	Array[String]	List of evidence Ids associated. Refer to EvidenceObject definition below for more details.	v1

Profile Of Interest Output Model

Key	Type	Description	Min Version
category	String	Category of the position	v1
position	String	Name of the position held	v1
elected	String	ISO date or year of election	v1
evidences	Array[String]	List of evidence Ids associated. Refer to EvidenceObject definition below for more details.	v1

Linked Individual Object

Key	Type	Description	Min Version
_id	String	Id of the linked profile	v1
firstName	String	First name of the linked profile	v1
middleName	String	IMiddle name of the linked profile	v1
lastName	String	Last name of the linked profile	v1
relationship	String	Nature of relationship	v1
ownershipPercentage	String	Percentage of ownership in the entity if this relationship is in reference to holding promoter position in a company	v1
tags	Array[String]	List of associated risk tags with this profile	v1

Linked Business Object

Key	Type	Description	Min Version
_id	String	Id of the linked profile	v1
name	String	Name of the linked business profile	v1
relationship	String	Nature of relationship	v1
ownershipPercentage	String	Percentage of ownership in the entity if this relationship is in reference to holding promoter position in a company	v1
tags	Array[String]	List of associated risk tags with this profile	v1
individuals	Array[String]	List of other profile Ids linked to this business	v1

Note Object

Key	Type	Description	Min Version	Max Version
text	String	Associated text with the note	v1

State Owned Object

Key	Type	Description	Min Version
current	Boolean	Current or past ownership	v1
level	String	Extent of ownership	v1
evidences	Array[String]	List of evidence Ids associated. Refer to EvidenceObject definition below for more details.	v1

Evidence Object

Key	Type	Description	Min Version
_id	String	Evidence Id	v1
tags	Array[String]	List of associated risk tags with this evidence	v1
originalURL	String	Original source URL location	v1
hasCopyrights	Boolean	Does the source have copyrights	v1
title	String	Evidence title	v1
credibility	String	Credibility level of the source	v1
language	String	Language used in the source evidence	v1
snippet	String	Summary or snippet as summarized from the source	v1
keywords	Array[String]	List of associated keywords	v1
crawled	String	Date on which data was crawled by the system	v1
published	String	Date on which data was published by the source	v1
attachment	String	URL of the attachment	v1

Sample Response

Person Profile
Business Profile
    
 
{
  "_id": "4b886c4ef0baf89c85cbe97880f88e911a7b1e21b7e9ebb3d9ea880b2f403a6b",  "version": 1652853729825,  "deleted": false,  "deletionReason": null,  "firstName": "S",  "middleName": "K",  "lastName": "Tiwari",  "tags": [...],
  "photos": [],  "gender": "Male",  "dobRecords": [],  "deceased": false,  "dodRecords": [],  "nationalities": [...],
  "aliases": [...],
  "linkedAddresses": [...],
  "contacts": [],  "uuidRecords": [],  "sanctions": [],  "regulations": [...],
  "politicalPositions": [],  "politicalAssociations": [],  "reputationalRisks": [],  "profilesOfInterest": [],  "linkedPersons": [],  "linkedBusinesses": [],  "evidences": [...],
  "notes": []}
Copy

Error Response

Parameter	Type	Description
code	Number	Unique error codes for different errors. Always available.
message	String	Error message describing the error. Always Available.
details	String	Detail error message. Available only for certain types of errors.

Error Codes

HTTP Status	Error Code	Error Message
400	4001	Malformed data or missing required parameter values
400	4005	Operation could not be performed due to low credits balance
401	4016	Invalid client authorization
403	4031	Unauthorized access
403	4035	Requested service is not provisioned for your account
403	4039	Client's IP address is not whitelisted
403	4035	Requested service is not provisioned for your account
429	4291	Maximum account rate limit exceeded
429	4292	Maximum API rate limit exceeded
429	4293	Maximum account daily limit exceeded
429	4294	Maximum API daily limit exceeded
500	5001	Request could not be processed

Querying AML Check Result - For Background Check Product

Get Async Request Outcome API

Type	URL	Min Version	Max Version
GET	`https://api.attestr.com`/api/{version}/public/async/<asyncId>	v1

Request URL Parameters

Name	Description	Min Version	Max Version
asyncId	Replace <asyncId> in the URL with the _id received in the AML record search API response as described above.	v1

Request Header Parameters

Type	Name	Value / Description	Optional	Min Version	Max Version
String	Content-Type	application/json	Required	v1
String	Authorization	Basic `{authToken}`	Required	v1

Response

Http Status 200

Key	Description	Type	Min Version
_id	Request Id as queried in the URL	String	v1
number	Request number as generated in the AML search API response	String	v1
requestId	Unique ID used by Attestr for request tracing purposes	String	v1
status	Status of the request. Possible values are - COMPLETED, INITIATED, ERRORED	String	v1
input	The input details used for AML record search	String	v1
output	AML check output object. Details described below. Null if status is errored or initiated.	AMLCheckOutputRecord	v1
error	Error object if the operation ran into errors, null otherwise. Null if status is completed or initiated.	String	v1
created	Unix timestamp when the request was placed.	Number	v1
updated	Unix timestamp when the request was last updated. Null if status is initiated.	Number	v1
signature	Signature generated using the output and client secret. Used for validating the accuracy of data. Null if status is errored or initiated.	String	v1

AMLCheckOutputRecord

Key	Description	Type	Min Version
profileMatch	List of matched profile Ids	Array[String]	v1
status	Status of the report. Possible values are Clear, Alert, MoreInfo, False, NoResult	String	v1
description	Description as provided by the back office team describing the match. HTML formatted string.	String	v1
verified	Date DD-MM-YYYY of verification by the back office team	String	v1
documents	Associated document media Ids	Array[String]	v1

Sample Response

JSON
    
{  "_id": "AR0ljTZUMk76n7uQ0R",  "number": "3880-483977-6885",  "requestId": "59683a37-5e20-4c39-8839-66a2c1ad73dd",  "status": "COMPLETED",  "input": {    "tag": "ABCD-1234",    "threshold": 80,    "firstName": "VED",    "lastName": "TIWARI",    "middleName": "PRAKASH",    "dob": "05-08-1989",    "dobDelta": 2,    "countries": [      "IN"    ],    "extended": true,    "webhook": false,    "type": "AML_PERSON_ADV",    "search": "AS0lLEMe4ZtnYtUkQA"  },  "output": {    "status": "Alert",    "documents": null,    "description": "<span>Two profiles with matching name and location found. First one from the same city Bengaluru involved in a business fraud and scam <a target=\"_blank\" rel=\"nofollow\" href=\"https://timesofindia.indiatimes.com/city/bengaluru/gang-shows-fake-business-papers-man-loses-25l/articleshow/83967513.cms\" title=\"Link: https://timesofindia.indiatimes.com/city/bengaluru/gang-shows-fake-business-papers-man-loses-25l/articleshow/83967513.cms\">https://timesofindia.indiatimes.com/city/bengaluru/gang-shows-fake-business-papers-man-loses-25l/articleshow/83967513.cms</a> Other one from the same state karntaka but a different city Mysore, involved in cricket betting <a target=\"_blank\" rel=\"nofollow\" href=\"https://starofmysore.com/cricket-betting-13-arrested-rs-60900-stake-money-seized/\" title=\"Link: https://starofmysore.com/cricket-betting-13-arrested-rs-60900-stake-money-seized/\">https://starofmysore.com/cricket-betting-13-arrested-rs-60900-stake-money-seized/</a></span>",    "profileMatch": [      "4d868ac00ae0251731ce56fec4d29d0dde9824fb9d433b4b91efd7c27ebf54b9",      "5acc00d832228e7c9678775c24acdcf09965d666614589ee6c1e35c2c104cefa"    ],    "verified": "28-08-2022"  },  "error": null,  "created": 1662461755066,  "createdByOrg": "OX02zfeuvt8akkilm7kpt",  "updated": 1662461774650,  "signature": "51e0ead7dd88a48a2cd7aeb85b4aabcb0b7c041b2a6b24f926c2129bb5b30eac",  "tracker": [],  "metadata": null}
Copy

Webhooks

AML record check supports the following two webhook events.

See Webhooks for more details on how to register webhooks.

async.completed
async.errored

To enable webhooks, the API input parameter webhook must be set as true while initiating the request.

Webhook Event Payload

Key	Type	Description	Min Version
_id	String	ID of the async request. This is same as received in the output of Person / Business search API as described above.	v1
requestId	String	Unique request ID for internal tracing purposes.	v1
status	String	One of COMPLETED OR ERRORED	v1
output	Object	AML record check output object same as output key described in Querying AML Check Result API above.	v1
error	Object	Error object if the AML checks runs into errors. The structure of this is same as the Error Response object described above.	v1
signature	String	generated using hmacHexDigest of output object and client secret. Null if status is errored.	v1

Sample Webhook Payload

JSON
    
{  "event": "async.completed",  "payload": {    "_id": "AR0ljTZUMk76n7uQ0R",    "requestId": "59683a37-5e20-4c39-8839-66a2c1ad73dd",    "status": "COMPLETED",    "output": {      "status": "Alert",      "documents": null,      "description": "<span>Two profiles with matching name and location found. First one from the same city Bengaluru involved in a business fraud and scam <a target=\"_blank\" rel=\"nofollow\" href=\"https://timesofindia.indiatimes.com/city/bengaluru/gang-shows-fake-business-papers-man-loses-25l/articleshow/83967513.cms\" title=\"Link: https://timesofindia.indiatimes.com/city/bengaluru/gang-shows-fake-business-papers-man-loses-25l/articleshow/83967513.cms\">https://timesofindia.indiatimes.com/city/bengaluru/gang-shows-fake-business-papers-man-loses-25l/articleshow/83967513.cms</a> Other one from the same state karntaka but a different city Mysore, involved in cricket betting <a target=\"_blank\" rel=\"nofollow\" href=\"https://starofmysore.com/cricket-betting-13-arrested-rs-60900-stake-money-seized/\" title=\"Link: https://starofmysore.com/cricket-betting-13-arrested-rs-60900-stake-money-seized/\">https://starofmysore.com/cricket-betting-13-arrested-rs-60900-stake-money-seized/</a></span>",      "profileMatch": [        "4d868ac00ae0251731ce56fec4d29d0dde9824fb9d433b4b91efd7c27ebf54b9",        "5acc00d832228e7c9678775c24acdcf09965d666614589ee6c1e35c2c104cefa"      ],      "verified": "28-08-2022"    },    "error": null,    "signature": "51e0ead7dd88a48a2cd7aeb85b4aabcb0b7c041b2a6b24f926c2129bb5b30eac"  }}
Copy

Validating the signature

Generate signature on your server side code base and check if it matches the signature returned in the payload. To generate the signature, use the SHA256 algorithm, the client secret and the output value to generate a HMAC Hex Digest as shown in the sample code below.

NodeJS
Java
    
​x
 
const crypto = require("crypto");​var clientSecret; // This should be initialized as client secret.var apiResponse; // This is apiResponse as retuned in step 6.​function hmacHexDigest(secret, input) {    const hmac = crypto.createHmac('sha256', secret)    hmac.update(input)    return hmac.digest('hex')}​var signature = hmacHexDigest(clientSecret, JSON.stringify(eventPayload.output));​// Check if signature matchesif(signature !== apiResponse.resultSignature){  // Flow is tampered.}
Copy

Last updated on