API Subscriber Resolver
Out of the box, when you start using AbuseHQ, events are assigned to cases based on the IP address. In that default setting, the IP address of the incoming event (or report) is used as the Customer Identifier.
The Inbound Processing workflow allows you to build a decision tree that uses metadata from the event to determine which customer is responsible for an event (e.g., a spam message) and to assign an identifier.
AbuseHQ provides a toolbox of “Resolvers” that can extract various pieces of metadata and use that data as the Customer Identifier.
One of these resolvers is the API Resolver. This resolver allows you to pass information from the incoming event to a RESTful API endpoint at your end, so your systems can return an appropriate Subscriber Identifier(s) based on that information.
A common use case for the API Resolver is to pass the “IP Address” and “Event Timestamp” to look up the subscriber that was provisioned and that IP address was assigned at the time of the event.
How to Configure an API Resolver
You will need to access this menu within the Admin Portal to configure your API Resolver located in Inbound Processing:
- Click the Settings option in the left menu under AbuseHQ.
- Click on Inbound Processing under Automation
- Click the Resolver in the Inbound Processing workflow
- Click the Type drop-down menu and select
API Resolver - Fill in the name and description
Next, provide the endpoint details, including authentication credentials, for your API endpoint:
You may add multiple parameter keys to make it easier for your endpoint and the radius server or CRM system behind that proxy to determine the Subscriber Identifier to return.
If your API is behind a firewall, make sure to open the correct ports and allow inbound connections from the outgoing IP address listed here:
18.193.183.51
52.57.46.129
18.158.191.233
What information should an API Resolver Return?
The API Resolver expects specific mandatory fields and can receive some information in addition to the Subscriber Identifier.
Fields in the Data Response
For a JSON response (our recommended usage), the minimal return for a successful lookup returns just an “id” field that contains the Customer Identifier AbuseHQ should use:
Example ID:
{ "id" : "ABCDEFGH1234" }
A more verbose Customer Identifier structure with additional metadata can contain the following fields:
Example Resolver JSON:
{
"subscriber": {
"id": "<subscriber_id>",
"resolver_data": {
"<subscriber_key1>": "<subscriber_value1>",
"<subscriber_key2>": "<subscriber_value2>"
}
},
"contract": {
"id": "<contract_id>",
"resolver_data": {
"<contract_key1>": "<contract_value1>",
"<contract_key2>": "<contract_value2>"
}
},
"result_valid_from": "[YYYY]-[MM]-[DD]T[hh]:[mm]:[ss]Z",
"result_valid_until": "[YYYY]-[MM]-[DD]T[hh]:[mm]:[ss]Z"
}
Please consult with Abusix support on each field’s supported and recommended uses.
For string fields in the above structures, we generally accept all characters. However, we recommend you restrict values to alphanumerics with simple punctuation (e.g., ‘-‘, ” , ‘@’ etc.), and otherwise avoid characters that require URL encoding or are unsafe for use in URLs. Avoid using dots (‘.’); those will automatically be replaced with underscores (”)
Subscriber
The subscriber object must contain the globally unique subscriber ID and can optionally contain arbitrary key-value pairs of additional information on that subscriber.
AbuseHQ aggregates this information into a subscriber model that provides the latest values for each key and into the resolver_data field of a case that contains a list of all seen values for each case.
Contract
The contract object must contain the globally unique contract ID and can optionally contain arbitrary key-value pairs of additional information on that contract.
AbuseHQ aggregates these values into a contract model linked to a series of cases and always contains the latest values for each key.
HTTP Headers and Status Code
AbuseHQ supports several response formats, including JSON and XML. The recommended response format is JSON.
AbuseHQ will send a JSON request
Accept: application/json
header in its request
and expects a JSON response
JSON Response
Content-Type: application/json
header in the response.
Status codes
AbuseHQ will interpret HTTP Status codes as follows:
- 200 OK: Request completed successfully, and Customer Identification was provided
- 404 Not Found: Request completed successfully, but no customer was found
Any other HTTP status code will be interpreted as a temporary error.
AbuseHQ will queue and retry the request several times for 3 minutes.
After this, the request will be considered unsuccessful, and the Inbound Processing flow will continue (with an undefined Customer ID).
We strongly recommend using the timestamp/date in your resolver config attributes because there is no guarantee that events always come in “real-time.”
Some reporters send their reports with a delay; sometimes, queues can build up in AbuseHQ. We strongly recommend giving a caching timespan as big as your system allows it to be.
Example
An event comes in and includes the IP 10.0.0.2 and the timestamp 2020-11-29T08:00:00Z:
(The time this event arrives at AbuseHQ doesn’t matter! Let’s say it’s 2020-11-29T22:00:00Z)
Both the IP and the timestamp are sent to the resolver.
The resolver responds with:
{
"subscriber": {
"id": 111111,
"resolver_data": {
[...]
}
},
"contract": {
[...]
},
"result_valid_from": "2020-11-29T02:00:00Z",
"result_valid_until": "2020-11-29T12:00:00Z"
}
NOTE:
"result_valid_from": "[YYYY]-[MM]-[DD]T[hh]:[mm]:[ss]Z",
"result_valid_until": "[YYYY]-[MM]-[DD]T[hh]:[mm]:[ss]Z"
This result is added to the cache, and every following event with the same IP and timestamp between 02:00 and 12:00 on 11-29 will not be queried again!
Send us a message
Having trouble with your setup or a technical issue? Get in touch with our team of Abusix experts.
Click the chat button at the bottom and send us your questions. Alternatively, you can email us at [email protected]
