### Certificate Format Conversion Examples Source: https://docs.caf.io/caf-api/caf-connect/authentication/using-mtls Examples for converting certificate formats, such as .crt to .pem or creating a PKCS#12 (.p12) file. ```APIDOC ## Certificate Format Conversion ### Description Examples for converting your certificate formats if needed by your programming language or framework. ### Commands #### Convert .crt to .pem ```bash cp certificate.crt certificate.pem ``` #### Combine certificate and private key into PKCS#12 (.p12) format ```bash openssl pkcs12 -export -out certificate.p12 -inkey private.key -in certificate.crt ``` ``` -------------------------------- ### Retrieve Company Profile (Python) Source: https://docs.caf.io/caf-api/core-api/available-resources/profile A Python example using the `requests` library to get company information. It includes setting the authorization header and processing the JSON response. The `_includeOnboardingQSA` query parameter is demonstrated for fetching extended data. ```python import requests import json def get_company_info(company_id, token): url = f"https://api.combateafraude.com/v1/companies/{company_id}?_includeOnboardingQSA=true" headers = { 'Authorization': f'Bearer {token}' } try: response = requests.get(url, headers=headers) response.raise_for_status() # Raise an exception for bad status codes (4xx or 5xx) return response.json() except requests.exceptions.RequestException as e: print(f"Error fetching company info: {e}") return None # Example usage: # company_id = 'some_company_id' # token = 'your_token_here' # company_data = get_company_info(company_id, token) # if company_data: # print(json.dumps(company_data, indent=2)) ``` -------------------------------- ### Curl mTLS Request Source: https://docs.caf.io/caf-api/caf-connect/authentication/using-mtls This command-line example demonstrates how to perform an mTLS request using `curl`. It's a simple and effective way to test connectivity and authenticate with the API directly from your terminal. Ensure `curl` is installed on your system. ```bash # Basic `mTLS` request curl --cert certificate.crt --key private.key https://mtls.us.prd.caf.io/v1/transactions ``` -------------------------------- ### Example Success Response for Get Person Source: https://docs.caf.io/caf-api/core-api/available-resources/profile This JSON object represents a successful response when retrieving a person's profile. It includes details like request ID, profile status, basic personal information, execution history, and data sources. ```json { "requestId": "2b8f373-c462-4bbf-9a4f-8aeb7d71ec53", "id": "5388a3e9a73b28000bba31a3", "status": "APPROVED", "cpf": "00011122233", "basicData": { "name": "JANE DOE", "fatherName": "JOHN DOE", "motherName": "MARIA DOE", "birthDate": "01/01/2000", "rg": "115094374", "gender": "Female" }, "executions": [ { "executionId": "4w88a3e9a73b28000bba31ad", "executionOrigin": "API", "lastUpdate": "2022-09-08T22:11:05.816Z", "metadata": {} } ], "sources": { "pfAddresses": { "lastConsultation": { "date": "2022-09-08T22:11:05.816Z" }, "data": {} }, "pfBasicData": { "lastConsultation": { "date": "2022-09-08T22:11:05.816Z" }, "data": {} }, "pfMediaProfileAndExposure": { "lastConsultation": { "date": "2022-09-08T22:11:05.816Z" }, "data": {} } } } ``` -------------------------------- ### Get Person Profile using cURL Source: https://docs.caf.io/caf-api/core-api/available-resources/profile Provides an example of how to fetch a person's profile using the cURL command-line tool. This is a common method for testing API endpoints directly from a terminal and is useful for quick verification. ```cURL curl -X GET \ https://api.combateafraude.com/v1/people/{personId} \ -H 'Authorization: Bearer your_token_here' \ -H 'Accept: */*' ``` -------------------------------- ### Get Person Profile using Python Source: https://docs.caf.io/caf-api/core-api/available-resources/profile Shows how to get a person's profile data using Python's `requests` library. This is a standard approach for server-side API interactions and demonstrates making GET requests with authorization headers. ```python import requests person_id = "your_person_id" token = "your_token_here" url = f"https://api.combateafraude.com/v1/people/{person_id}" headers = { "Authorization": f"Bearer {token}", "Accept": "*/*" } try: response = requests.get(url, headers=headers) response.raise_for_status() # Raise an exception for bad status codes profile_data = response.json() print(profile_data) except requests.exceptions.RequestException as e: print(f"Error fetching person profile: {e}") ``` -------------------------------- ### Onboarding Resource Source: https://docs.caf.io/caf-api/caf-connect/available-resources Documentation for the Onboarding resource, detailing its available endpoints, required permissions, and usage examples. ```APIDOC ## Onboarding Resource API ### Description This section provides documentation for the Onboarding resource within the Caf Connect API. It outlines available endpoints, required permissions, and usage examples for onboarding processes. ### Method GET, POST, PUT, DELETE (Specific methods depend on the endpoint within the Onboarding resource) ### Endpoint /websites/caf_io_caf-api/onboarding (Example endpoint structure) ### Parameters #### Path Parameters None specific to the resource itself, but may apply to individual endpoints. #### Query Parameters None specific to the resource itself, but may apply to individual endpoints. #### Request Body None specific to the resource itself, but may apply to individual endpoints. ### Request Example No generic request example for the resource. See individual endpoint documentation. ### Response #### Success Response (200) Structure will vary based on the specific onboarding endpoint called. #### Response Example No generic response example for the resource. See individual endpoint documentation. ``` -------------------------------- ### Python Requests mTLS Client Source: https://docs.caf.io/caf-api/caf-connect/authentication/using-mtls This Python script demonstrates how to make an mTLS request using the Requests library. It specifies the client certificate and private key files directly in the request. Ensure the 'requests' library is installed (`pip install requests`). ```python import requests # Path to your certificate files cert_file = "certificate.crt" key_file = "private.key" # Make a request to the `API` response = requests.get( "https://mtls.us.prd.caf.io/v1/transactions", cert=(cert_file, key_file) ) print(response.json()) ``` -------------------------------- ### Node.js Express Webhook Handler Example Source: https://docs.caf.io/caf-api/caf-connect/webhook/request This Node.js Express example demonstrates how to set up a webhook endpoint that verifies incoming signatures, processes CloudEvents based on their type, and responds with success. It relies on 'express' and 'body-parser' libraries and uses environment variables for the webhook secret. ```javascript const express = require('express'); const bodyParser = require('body-parser'); const crypto = require('crypto'); const app = express(); app.use(bodyParser.json()); app.post('/webhook', (req, res) => { const sigHeader = req.headers['x-caf-signature']; const payload = req.body; // Verify the signature if (!verifySignature(payload, sigHeader, process.env.WEBHOOK_SECRET)) { return res.status(401).send('Invalid signature'); } // Process the CloudEvent based on its type const eventType = payload.type; const eventSource = payload.source; const eventId = payload.id; console.log(`Processing CloudEvent: ${eventId} from ${eventSource} of type ${eventType}`); switch (eventType) { case 'COMMUNICATIONCREATEDEVENT': handleCommunicationCreated(payload.data); break; case 'TRANSACTIONUPDATEDEVENT': handleTransactionUpdated(payload.data); break; case 'PROFILECREATEDEVENT': handleProfileCreated(payload.data); break; // Handle other event types... default: console.log(`Unhandled event type: ${eventType}`); } // Respond with success res.status(200).send('Event received'); }); // Start the server app.listen(3000, () => { console.log('Webhook server listening on port 3000'); }); ``` -------------------------------- ### POST /v1/onboardings - Create Web Onboarding Link Source: https://docs.caf.io/caf-api/caf-connect/available-resources/onboarding Creates a web onboarding link by submitting necessary person or company data, a template model for verification services, and a set of validation rules. ```APIDOC ## POST /v1/onboardings ### Description Creates a web onboarding link by submitting necessary person or company data, a template model for verification services, and a set of validation rules. This endpoint uses OAuth2 authentication. ### Method POST ### Endpoint `https://api.us.prd.caf.io/v1/onboardings` ### Parameters #### Path Parameters None #### Query Parameters - **origin** (string) - Required - Parameter that defines the onboarding origin. Must be set to Trust. #### Header Parameters - **Authorization** (string) - Required - Access token. Example: `Bearer your_token_here` #### Request Body - **type** (string) - Required - Enum: `PF`, `PJ`, `PF_PF`. Type of onboarding. - **transactionTemplateId** (string) - Required - ID of the Query Template (configured in Trust Platform). - **templateId** (string) - Optional - The ID of the onboarding template to be used. If not provided, the template associated with the Query Template in Trust Platform will be used, or CAF's default onboarding template as a fallback. - **transactionPFTemplateId** (string) - Optional - ID of the Query Template to be used for onboarding related persons. Exclusive and required for type `PF_PF`. - **transactionQsaTemplateId** (string) - Optional - ID of the Query Template to be used for onboarding company partners. Exclusive and required for type `PJ`. - **email** (string) - Optional - The email address to which the onboarding web link will be sent. - **smsPhoneNumber** (string) - Optional - The cell phone number to which the link will be sent. Format: `[country code][number including area code]`. SMS service is charged based on monthly sends. - **noExpire** (boolean) - Optional - Set to `true` if the weblink URL should allow multiple registrations. Defaults to `false` (single use). - **noNotification** (boolean) - Optional - Set to `true` to avoid triggering an email or SMS. Recommended for use within an iFrame or WebView. Defaults to `false`. - **variables** (object) - Optional - Flexible object for additional information for pre-filling or internal control. Limit of 20 attributes. The key "token" is reserved. Can be used to send the document issue country. - **documentIssuedCountry** (string) - Example: `SG` - **metadata** (object) - Optional - Additional information for the onboarding. - **_callbackUrl** (string) - Optional - Callback URL (webhook). - **attributes** (object) - Optional - Additional attributes. ### Request Example ```json { "type": "PF", "transactionTemplateId": "62b620ee3f07fb0009361111", "templateId": "6388ac6b409eff000804dadf", "transactionPFTemplateId": null, "transactionQsaTemplateId": null, "email": "user@caf.com", "smsPhoneNumber": "5551999999999", "noExpire": true, "noNotification": false, "variables": { "documentIssuedCountry": "SG" }, "metadata": {}, "_callbackUrl": "text", "attributes": { "name": "Jhon Doe", "birthDate": "dd/MM/yyyy", "cpf": "00011122233", "cnpj": "00111222333344" } } ``` ### Response #### Success Response (200) - **requestId** (string) - Unique identifier for the request. - **id** (string) - Identifier for the created onboarding. - **token** (string) - Token used to access the onboarding link. - **url** (string) - The generated web onboarding link. #### Response Example ```json { "requestId": "6cb8093c-14ef-4fd1-810b-ee9fa5f9aae9", "id": "6021a21b3811c35ecb8dea20", "token": "0a8fb7b1c3eec7919967eXXXXXXXXXX", "url": "https://link-onbording?token=0a8fb7b1c3eec7919967eXXXXXXXXXX" } ``` #### Error Responses - **400** Bad request - **401** Unauthorized - **500** Internal Server Error ``` -------------------------------- ### Send GET Request with mTLS to CAF API Source: https://docs.caf.io/caf-api/caf-connect/authentication/using-mtls This example demonstrates how to send a GET request to the CAF API using curl with mTLS authentication. It requires specifying client certificate, private key, and CA certificate. Additional headers for content type and authorization are also included. ```curl curl --cert certificate.crt \ --key private.key \ --cacert ca.crt \ -H "Content-Type: application/json" \ -H "Authorization: Bearer YOUR_ACCESS_TOKEN" \ https://mtls.us.prd.caf.io/v1/transactions ``` -------------------------------- ### Create Onboarding Link using Python Source: https://docs.caf.io/caf-api/caf-connect/available-resources/onboarding This snippet shows how to create a web onboarding link using Python's `requests` library. It details making a POST request to the `/v1/onboardings` endpoint with appropriate headers and a JSON payload. ```python import requests api_url = "https://api.us.prd.caf.io/v1/onboardings" auth_token = "Bearer your_token_here" # Replace with your actual token onboarding_data = { "type": "PF", "transactionTemplateId": "62b620ee3f07fb0009361111", "templateId": "6388ac6b409eff000804dadf", "email": "user@caf.com", "smsPhoneNumber": "5551999999999", "noExpire": True, "variables": { "documentIssuedCountry": "SG" }, "metadata": {}, "_callbackUrl": "your_callback_url", "attributes": { "name": "Jhon Doe", "birthDate": "dd/MM/yyyy" } } headers = { "Content-Type": "application/json", "Authorization": auth_token, "origin": "Trust" # Assuming 'Trust' is the required origin value } response = requests.post(api_url, json=onboarding_data, headers=headers) if response.status_code == 200: print("Onboarding created successfully:", response.json()) else: print(f"Error creating onboarding: {response.status_code} - {response.text}") ``` -------------------------------- ### Transaction Process Started Event Example (JSON) Source: https://docs.caf.io/caf-api/caf-connect/webhook/events This JSON object represents a TRANSACTION_PROCESS_STARTED_EVENT, signaling the beginning of a transaction processing. It includes standard CloudEvents fields and transaction-specific data such as report, status, and IDs. ```json { "specversion": "1.0", "type": "TRANSACTIONPROCESSSTARTEDEVENT", "source": "TRANSACTION", "id": "01JZNL6XQBNF623MB5KE64GNQB", "time": "2025-07-08T19:01:19.622Z", "datacontenttype": "application/json", "data": { "tenantId": "016e8f79-2399-4d35-90f9-c6f91b73189d", "report": "000000000000000000000000", "id": "01JZNL6XQBNF623MB5KE64GNQB", "status": "STARTED", "date": "2025-07-08T19:01:19.622Z", "onboardingId": "01JZNL6XQBNF623MB5KE64GNQC", "templateId": "document-ocr-basic", "customStatus": null } } ``` -------------------------------- ### Create Onboarding Link using JavaScript Source: https://docs.caf.io/caf-api/caf-connect/available-resources/onboarding This snippet illustrates how to create a web onboarding link using JavaScript. It utilizes the `fetch` API to send a POST request to the `/v1/onboardings` endpoint with the necessary authentication and JSON payload. ```javascript const apiUrl = 'https://api.us.prd.caf.io/v1/onboardings'; const authToken = 'Bearer your_token_here'; // Replace with your actual token const onboardingData = { "type": "PF", "transactionTemplateId": "62b620ee3f07fb0009361111", "templateId": "6388ac6b409eff000804dadf", "email": "user@caf.com", "smsPhoneNumber": "5551999999999", "noExpire": true, "variables": { "documentIssuedCountry": "SG" }, "metadata": {}, "_callbackUrl": "your_callback_url", "attributes": { "name": "Jhon Doe", "birthDate": "dd/MM/yyyy" } }; fetch(apiUrl, { method: 'POST', headers: { 'Content-Type': 'application/json', 'Authorization': authToken, 'origin': 'Trust' // Assuming 'Trust' is the required origin value }, body: JSON.stringify(onboardingData) }) .then(response => { if (!response.ok) { throw new Error('Network response was not ok ' + response.statusText); } return response.json(); }) .then(data => { console.log('Onboarding created successfully:', data); }) .catch(error => { console.error('Error creating onboarding:', error); }); ``` -------------------------------- ### Create Onboarding Link using cURL Source: https://docs.caf.io/caf-api/caf-connect/available-resources/onboarding This snippet demonstrates how to create a web onboarding link using a cURL request. It shows the endpoint, headers, and a JSON payload with required and optional parameters for initiating an onboarding process. ```curl POST /v1/onboardings?origin=text HTTP/1.1 Host: api.us.prd.caf.io Authorization: text Content-Type: application/json Accept: */* Content-Length: 443 { "type": "PF", "transactionTemplateId": "62b620ee3f07fb0009361111", "templateId": "6388ac6b409eff000804dadf", "transactionPFTemplateId": null, "transactionQsaTemplateId": null, "email": "user@caf.com", "smsPhoneNumber": "5551999999999", "noExpire": true, "noNotification": false, "variables": { "documentIssuedCountry": "SG" }, "metadata": {}, "_callbackUrl": "text", "attributes": { "name": "Jhon Doe", "birthDate": "dd/MM/yyyy", "cpf": "00011122233", "cnpj": "00111222333344" } } ``` -------------------------------- ### Successful Response for Document Reference Request (API) Source: https://docs.caf.io/caf-api/core-api/available-resources/synchronous-services/doc-less-sync This is an example of a successful response (HTTP 200 OK) when requesting a document reference. It includes a requestId, status indicating 'FOUND', the documentType, and the documentRef if a matching document was found in the database. ```json { "requestId": "text", "status": "FOUND", "documentType": "IDENTITY_CARD", "documentRef": "text" } ``` -------------------------------- ### Onboarding API Source: https://docs.caf.io/caf-api/core-api/available-resources The Onboarding resource provides a web redirect service for collecting registration data of a person or company using a CAF-hosted page. After submission, it consumes services as a Transaction. ```APIDOC ## POST /onboardings ### Description Initiate an onboarding process by generating a customisable URL for registration. After the user submits data on the CAF-hosted page, the services are consumed as a Transaction. ### Method POST ### Endpoint /v1/_onboardings_ ### Parameters #### Request Body - **company_name** (string) - Required - The name of the company to be onboarded. - **redirect_url** (string) - Required - The URL to redirect the user after the onboarding process. - **custom_fields** (object) - Optional - Custom fields to include in the onboarding form. ### Request Example ```json { "company_name": "Acme Corporation", "redirect_url": "https://example.com/onboarding/complete", "custom_fields": { "industry": "Technology" } } ``` ### Response #### Success Response (200) - **onboarding_url** (string) - The generated URL for the CAF-hosted onboarding page. #### Response Example ```json { "onboarding_url": "https://host.combateafraude.com/onboarding/xyz789abc" } ``` ``` -------------------------------- ### Get Person Profile using JavaScript Source: https://docs.caf.io/caf-api/core-api/available-resources/profile Illustrates how to retrieve a person's profile information using JavaScript, likely within a browser or Node.js environment. This example shows asynchronous request handling, making it suitable for integration into web applications. ```javascript const personId = "your_person_id"; const token = "your_token_here"; fetch(`https://api.combateafraude.com/v1/people/${personId}`, { method: 'GET', headers: { 'Authorization': `Bearer ${token}`, 'Accept': '*/*' } }) .then(response => { if (!response.ok) { throw new Error(`HTTP error! status: ${response.status}`); } return response.json(); }) .then(data => console.log(data)) .catch(error => console.error('Error fetching person profile:', error)); ``` -------------------------------- ### POST /v1/doc-less/ Source: https://docs.caf.io/caf-api/core-api/available-resources/synchronous-services/doc-less-sync This endpoint allows clients to obtain a document reference for document reuse during onboarding. It checks if the user's documents already exist in the centralized database. ```APIDOC ## POST /v1/doc-less/ ### Description This endpoint allows clients to obtain a document reference for document reuse during onboarding. It checks if the user's documents already exist in the centralized database. The request has a timeout of 5 seconds. ### Method POST ### Endpoint https://api.combateafraude.com/v1/doc-less/ ### Parameters #### Path Parameters None #### Query Parameters None #### Request Body - **personId** (string) - Required - Unique identifier of the user to be consulted. - **acceptedTerms** (object) - Optional - Registration of acceptance of terms and policies. - **userIp** (string) - Required - The IP address of the user accepting the terms. - **datetime** (string) - Required - The date and time of acceptance. - **acceptedTermsLinks** (array of strings) - Required - An array of URLs for the terms and policies accepted. ### Request Example ```json { "personId": "text", "acceptedTerms": { "userIp": "text", "datetime": "text", "acceptedTermsLinks": [ "text" ] } } ``` ### Response #### Success Response (200) - **requestId** (string) - A unique identifier for the request. - **status** (string) - The status of the document lookup (e.g., "FOUND"). - **documentType** (string) - The type of the document found (e.g., "IDENTITY_CARD"). - **documentRef** (string) - The encrypted hash serving as a unique identifier for the stored document. #### Response Example ```json { "requestId": "text", "status": "FOUND", "documentType": "IDENTITY_CARD", "documentRef": "text" } ``` #### Error Responses - **400** Bad Request - **401** Unauthorized - **500** Internal Server Error ``` -------------------------------- ### Register Face using JavaScript Source: https://docs.caf.io/caf-api/mobile-api/available-resources/face-registration Provides a JavaScript example for integrating face registration into web applications. It uses the `fetch` API to send a POST request to the registration endpoint, including the necessary headers and the JSON payload with user data. This snippet is suitable for client-side implementations. ```javascript const peopleId = "00011122233"; const imageUrl = "https://images.generated.photos/DQ4EKrAPT-e5slG3cXmSw20uJ2AwwhOzJeVnpI9tlMA/rs:fit:512:512/Z3M6Ly9nZW5lcmF0/ZWQtcGhvdG9zLzA5/OTk4MDcuanBn.jpg"; fetch('https://api.mobile.combateafraude.com/faces/register', { method: 'POST', headers: { 'Content-Type': 'application/json', 'Authorization': 'YOUR_ACCESS_TOKEN' // Replace with your actual token }, body: JSON.stringify({ peopleId: peopleId, imageUrl: imageUrl }) }) .then(response => response.json()) .then(data => console.log(data)) .catch(error => console.error('Error:', error)); ``` -------------------------------- ### Send Company Search Request (JavaScript) Source: https://docs.caf.io/caf-api/core-api/available-resources/synchronous-services/company-search This example shows how to perform a company search using the Company Search API in JavaScript. It utilizes the fetch API to send a POST request to the specified endpoint with the required Authorization header and a JSON payload containing service and parameter details. The response handling for success and errors is also outlined. ```javascript const url = "https://api.public.caf.io/v1/services"; const token = "YOUR_ACCESS_TOKEN"; const requestBody = { "service": "kybCompanySearch", "parameters": { "name": "Example Company", "country": "US" }, "metadata": { "requestId": "unique-request-id" } }; fetch(url, { method: "POST", headers: { "Authorization": token, "Content-Type": "application/json" }, body: JSON.stringify(requestBody) }) .then(response => { if (!response.ok) { throw new Error(`HTTP error! status: ${response.status}`); } return response.json(); }) .then(data => { console.log("Company Search Results:", data); }) .catch(error => { console.error("Error during company search:", error); }); ``` -------------------------------- ### Communication Event Examples Source: https://docs.caf.io/caf-api/caf-connect/webhook/events Examples of Communication event payloads, including `COMMUNICATIONCREATEDEVENT` and `COMMUNICATIONREJECTEDEVENT`, demonstrating the structure and potential data. ```APIDOC ## Event Examples ### Communication Event Examples #### COMMUNICATIONCREATEDEVENT ```json { "specversion": "1.0", "type": "COMMUNICATIONCREATEDEVENT", "source": "COMMUNICATION", "id": "01JZNK5ZQBNF623MB5KE64GNQB", "time": "2025-07-08T18:01:19.622Z", "datacontenttype": "application/json", "data": { "tenantId": "016e8f79-2399-4d35-90f9-c6f91b73189d", "channel": "sms", "externalId": "external-id", "notificationId": "01JZNK51YCZXT55TKF8M366QHJ", "system": "onboarding", "occurredOn": "2025-07-08T18:00:46.797Z" } } ``` #### COMMUNICATIONREJECTEDEVENT ```json { "specversion": "1.0", "type": "COMMUNICATIONREJECTEDEVENT", "source": "COMMUNICATION", "id": "01JZNK5ZQBNF623MB5KE64GNQC", "time": "2025-07-08T18:02:19.622Z", "datacontenttype": "application/json", "data": { "tenantId": "016e8f79-2399-4d35-90f9-c6f91b73189d", "channel": "sms", "externalId": "external-id", "notificationId": "01JZNK51YCZXT55TKF8M366QHJ", "system": "onboarding", "occurredOn": "2025-07-08T18:02:46.797Z", "reason": "Invalid phone number format" } } ``` ``` -------------------------------- ### JWT Header Example Source: https://docs.caf.io/caf-api/mobile-api/authentication This is an example of the JWT header, specifying the algorithm (HS256) and token type (JWT). This header is typically generated automatically by JWT libraries. ```json { "alg": "HS256", "typ": "JWT" } ``` -------------------------------- ### Register Face using Python Source: https://docs.caf.io/caf-api/mobile-api/available-resources/face-registration Offers a Python code example for performing face registration, commonly used in backend services or scripts. It utilizes the `requests` library to construct and send the POST request, specifying the API endpoint, headers, and JSON body. This snippet is practical for server-side integration. ```python import requests import json url = "https://api.mobile.combateafraude.com/faces/register" headers = { "Authorization": "YOUR_ACCESS_TOKEN", # Replace with your actual token "Content-Type": "application/json" } payload = { "peopleId": "00011122233", "imageUrl": "https://images.generated.photos/DQ4EKrAPT-e5slG3cXmSw20uJ2AwwhOzJeVnpI9tlMA/rs:fit:512:512/Z3M6Ly9nZW5lcmF0/ZWQtcGhvdG9zLzA5/OTk4MDcuanBn.jpg" } response = requests.post(url, headers=headers, data=json.dumps(payload)) print(f"Status Code: {response.status_code}") print(f"Response Body: {response.json()}") ``` -------------------------------- ### JWT Payload Example Source: https://docs.caf.io/caf-api/mobile-api/authentication This is an example of the JWT payload, including the issuer (clientId), expiration time (exp), and the peopleId for user identification. Replace placeholders with actual values. ```json { "iss": "{clientId}", // string "exp": {expiresAt}, // number "peopleId": "{peopleId}" // string } ``` -------------------------------- ### Retrieve Company Profile (JavaScript) Source: https://docs.caf.io/caf-api/core-api/available-resources/profile Demonstrates how to fetch company profile data using JavaScript's Fetch API. This snippet shows how to set the authorization header and handle the JSON response. The `_includeOnboardingQSA` parameter can be added to the URL to include additional details. ```javascript async function getCompanyInfo(companyId, token) { const response = await fetch(`https://api.combateafraude.com/v1/companies/${companyId}?_includeOnboardingQSA=true`, { method: 'GET', headers: { 'Authorization': `Bearer ${token}` } }); if (!response.ok) { throw new Error(`HTTP error! status: ${response.status}`); } return await response.json(); } // Example usage: // const companyId = 'some_company_id'; // const token = 'your_token_here'; // getCompanyInfo(companyId, token) // .then(data => console.log(data)) // .catch(error => console.error('Error fetching company info:', error)); ``` -------------------------------- ### Register Face using cURL Source: https://docs.caf.io/caf-api/mobile-api/available-resources/face-registration Demonstrates how to register a face using the cURL command-line tool. It shows the POST request structure, including headers and the JSON body containing the user's CPF (peopleId) and the image URL. This is useful for direct API interaction and testing. ```shell POST /faces/register HTTP/1.1 Host: api.mobile.combateafraude.com Authorization: text Content-Type: application/json Accept: */* Content-Length: 181 { "peopleId": "00011122233", "imageUrl": "https://images.generated.photos/DQ4EKrAPT-e5slG3cXmSw20uJ2AwwhOzJeVnpI9tlMA/rs:fit:512:512/Z3M6Ly9nZW5lcmF0/ZWQtcGhvdG9zLzA5/OTk4MDcuanBn.jpg" } ``` -------------------------------- ### Example Rate Limit Exceeded Response Source: https://docs.caf.io/caf-api/caf-connect/rate-limit This is an example JSON response received when an API request exceeds the defined rate limit. It typically includes a message indicating the 'Too Many Requests' status. ```json { "message": "Too Many Requests" } ``` -------------------------------- ### Example of a Signed JWT Response Source: https://docs.caf.io/caf-api/mobile-api/response-signature This snippet shows an example of a JWT (JSON Web Token) that is returned when the `shouldSignResponse=true` parameter is used. This token is signed using the `clientSecret` of the provided API token. ```jwt eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJyZXF1ZXN0SWQiOiJiZjk0MDNmZi05OTQwLTQ4NDYtYjRlZi04NDE2NjJmNTIxMzkiLCJpc0FsaXZlIjpmYWxzZSwiaWF0IjoxNTk0OTI1MDgwfQ.8EOm5MomxUA5WEkgdi5E_hppNG3dSpXXsHAldTjpo2s ``` -------------------------------- ### Execute Suspected Fraud Query (Python) Source: https://docs.caf.io/caf-api/joint-resolution-6-api/available-resources/suspected-fraud-query This Python code example utilizes the `requests` library to send a POST request to the suspected fraud query endpoint. It demonstrates setting up the request URL, headers, and the JSON payload for the search query. ```python import requests import json url = "https://api.prd.combateafraude.com/fraud/query" token = "YOUR_SECRET_TOKEN" data = { "identifier": { "data": "01234567890", "type": "CPF" }, "queryMode": "DEFAULT", "page": 1, "startDate": "2025-12-23T00:39:52.336Z", "endDate": "2025-12-23T00:39:52.336Z" } headers = { "Authorization": f"Bearer {token}", "Content-Type": "application/json" } response = requests.post(url, headers=headers, data=json.dumps(data)) if response.status_code == 200: print(response.json()) else: print(f"Error: {response.status_code}") ``` -------------------------------- ### Example cURL Request with Signature Verification Source: https://docs.caf.io/caf-api/caf-connect/webhook/request An example of how to send a webhook request using cURL, including the 'X-Caf-Signature' header for verification. The signature is an HMAC SHA-256 hash of the request body, generated using a shared secret. ```curl curl --location 'http://localhost:8080/webhook' \ --header 'X-Caf-Signature: 6f9ed23a7b505a3b6907c5f6eb2ad1b056fbf35a643d365a9a072ed7aabca153' \ --header 'Content-Type: application/json' \ --data '{ "specversion": "1.0", "type": "COMMUNICATIONCREATEDEVENT", "source": "COMMUNICATION", "id": "01JZNK5ZQBNF623MB5KE64GNQB", "time": "2025-07-08T18:01:19.622Z", "datacontenttype": "application/json", "data": { "tenantId": "016e8f79-2399-4d35-90f9-c6f91b73189d", "channel": "sms", "externalId": "external-id", "notificationId": "01JZNK51YCZXT55TKF8M366QHJ", "system": "onboarding", "occurredOn": "2025-07-08T18:00:46.797Z" } }' ```