API explorerChangelog
API explorer
Changelog

Dark mode

Overview

Seamlessly integrate fraud detection into your applications and systems with the Orca API - for real-time identity verification, fraud and risk analysis.

Please contact support@orca-fraud.com once you are ready to enable the production environment.

We provide insights into the following types of fraud based on your data:

  • Account Take-over
  • Identity Theft
  • Investment Scams
  • Money Muling
  • Phishing
  • Money Laundering

How it works

API Reference

These docs are actively in development and are subject to change

This API provides the following core functionality:

  • Authentication
    • Authenticate using your API key.
    • ☎️ Contact support@orca-fraud.com to receive an API key and activate your account.
  • Identity Verification
    • Provide indepth user screening and verification, customizable to your
  • User Monitoring
    • Track a user's behaviour across the lifecycle of a transaction and for the full lifespan of their account. Historical data is used to determine anomalies and deviations for each user and risk associated.
    • Create account, KYC, account verification, login, logout etc
  • Transaction Monitoring
    • Transaction verification, monitoring
    • Risk assessment - based on transaction and user data
  • Suspicion Webhooks
    • Receive notifications when suspicious behaviour is detected so your system can react appropriately.

🚧 Coming soon!

  • Case management endpoints
  • Reporting and analytics endpoints
  • Retraining endpoints - provide data to retrain your business's custom model

Was this section helpful?

What made this section unhelpful for you?

Base URL

Production:

http://sandbox.orca-fraud.io

Sandbox:

http://sandbox.orca-fraud.io

1. Authentication

Orca Authentication uses an API key per client, per environment.

☎️ Please contact support@orca-fraud.com to register for an API key for the Orca Sandbox environment.

⚠️ Please do NOT commit or expose your API key to any public repository.

In order to test whether your API key is configured, please use the Test endpoint described below. If you are authenticated you will receive a Hello World response, else 401 Unauthorized.

Header Parameters

Authorizationstring

test123

Responses

200
Object
Hello World
401
Object
Unauthorized

GET

/v1/test

Select
1 2 curl --location 'http://sandbox.orca-fraud.io/v1/test' \ --header 'Authorization: api-key' \

Response

Hello World

2. Identity Verification

This endpoint allows you to consider risk vectors including:

  • Risk of onboarding a malicious user.
  • Likelihood that a friendly user has been exposed.
  • Risk that a friendly user's account may be exploited in the future.

This endpoint should be called during user onboarding, but can be called during transaction flow for sensitive transactions, at the discretion of the client.

Additionally a confidence score between 0 and 1 is returned. A score of 1 indicates certainty that the returned content is a match, while 0 is no confidence.

These features must be enabled on the client custom configuration to access.

See Custom Configuration for how to determine if these features are enabled.

Select...
POST /v1/identity

Additionally, specific endpoints are also available for the individual Identity Verification features, but calls to these endpoints are NOT required if the primary /identity endpoint is used.

📝 Please not that in order to use the specific endpoints, custom configuration must still be enabled for these features.

Screening

Check provided user data against a set of sanctions lists and databases. If a match is found, the details of the match and the data source of the match will be returned.

Additionally a confidence score between 0 and 1 is returned. A score of 1 indicates certainty that the returned content is a match, while 0 is no confidence.

Select...
POST /v1/identity/screen

Device Risk

This product is in development

This feature screens provided user data against a set of sanctions lists and databases. If a match is found, the details of the match and the data source of the match will be returned.

This endpoint determines:

  • Likelihood that the cellphone number used has been recently SIM swapped
  • Likelihood that the device in use is using a suspicious proxy

Select...
POST /v1/identity/device

Account Detail Risk

This product is in development

This endpoint allows you to consider risk vectors that could expose a user's account to exploitation. This endpoint should be called during onboarding, but can be called during transaction flow for sensitive transactions, at the discretion of the client.

This endpoint assesses whether the email, cellphone number or password used has been exposed during a databreach.

Select...
POST /v1/identity/account

Identity Endpoint

Header Parameters

Authorizationstring

Token

Body Parameters

namestring

Full name to query.

idNumberstring

Identity Number of user to verify. This is not required for the screening feature.

dateOfstring

Date of birth of user. Not required. This is used to confirm a match if a name match is found.

nationalitystring

Nationality of user. Not required.

otherInfostring

Used to fuzzy match against additional database information if a match is found. Not required.

Responses

200
Object
Successful

Response Attributes

namestring Required

Full name to query.

idNumberstring

Identity Number of user to verify. This is not required for the screening feature.

dateOfBirthstring

Date of birth of user. Not required. This is used to confirm a match if a name match is found.

nationalitystring

Nationality of user. Not required.

otherInfostring

Used to fuzzy match against additional database information if a match is found. Not required.

400
Object
Bad request (invalid input data).
401
Object
Unauthorized.

Endpoints

POST
POST
POST
POST

POST

/v1/identity

Select
1 2 3 4 5 6 7 8 9 curl --location 'http://sandbox.orca-fraud.io/v1/identity' \ --header 'Authorization: Bearer abc123' \ --data '{ "name": "Foo", "idNumber": "12345666", "dateOf": "01/01/1990", "nationality": "01/01/1990", "otherInfo": "New user" }'

Response

{
  "name": "Foo",
  "idNumber": "12345666",
  "dateOfBirth": "01/01/1990",
  "nationality": "South African",
  "otherInfo": ""
}

3. Transaction Monitoring

This endpoint allows you to validate incoming transactions for potential fraud and AML behaviours.

Based on your custom config, this endpoint will:

  • Screen a transaction against known fraudulent accounts and behaviours within the Orca system.
  • Process a transaction through the graph detection module, determining interrelated nodes with potential malicious activity.
  • Run the transaction through your organisation's specific network ML model, to determine correlated fraudulent behaviour.

You may require additional custom configuration to enable particular features. Please contact support@orca-fraud.com with your request to access.

Body Parameters

transactionIdstring
userIdstring
amountnumber

The monetary value of the transaction. This parameter should be specified in the smallest possible unit of the currency (e.g., cents for USD).

currencystring

The currency in which the transaction is made. This parameter should be specified using the ISO 4217 currency code format.

merchantIdstring
transactionTypestring
transactionDescriptionstring

Responses

200
Object
Transaction validation successful.
400
Object
Bad request (invalid input data).
401
Object
Unauthorized.
403
Object
Forbidden (access denied).

Endpoints

POST
POST
POST
POST

POST

/v1/transaction

Select
1 2 3 4 5 6 7 8 9 10 curl --location 'http://sandbox.orca-fraud.io/v1/transaction' \ --data '{ "transactionId": "9c5b3cc1-2dab-4dc8-a209-4242ec95e56d", "userId": "b5893ba7-6f8a-472c-a7b3-da51245d91bd", "amount": 3000, "currency": "ZAR", "merchantId": "11223", "transactionType": "Cash", "transactionDescription": "Purchase Socks" }'

Response

Transaction validation successful.

4. Webhooks

Subscribe to the following webhooks for updates on particular users and transactions.

Webhooks are required for the model inference components of transaction monitoring.

Header Parameters

Authorizationstring

Token

Body Parameters

transactionobject

Show child attributes

Responses

200
Object
Successful
201
Object
Created.
400
Object
Bad request.
401
Object
Unauthorized
Was this section helpful?

What made this section unhelpful for you?

GET

/v1/webhook

Select
1 2 3 4 5 6 7 curl --location --request GET 'http://sandbox.orca-fraud.io/v1/webhook' \ --header 'Authorization: Bearer abc123' \ --data '{ "transaction": { "inference": true } }'

Response

Successful