All Products
Search
Document Center

:Make API requests

Last Updated:Jul 19, 2022

This topic describes how to call the Fraud Detection API. You can call the Fraud Detection API by using Fraud Detection SDKs or native HTTPS. However, the method of making native HTTPS calls is complex because you must encapsulate the protocol and add and verify a signature. Therefore, we recommend that you use Fraud Detection SDKs to call the Fraud Detection API. This method is simple and convenient.

1. Use Fraud Detection SDKs

When you use Fraud Detection SDKs, you do not need to focus on complex processing such as signature verification and body format construction. We recommend that you use Fraud Detection SDKs. Fraud Detection SDKs for Java, Python, PHP, C#, Golang, Node.js, and Ruby are supported.

1.1. Fraud Detection SDK for Java

Download the source code of Fraud Detection SDK for Java.

Java Maven dependency:

<dependency>
    <groupId>com.aliyun</groupId>
    <artifactId>aliyun-java-sdk-saf</artifactId>
    <version>1.0.2</version>
</dependency>

Recommended Java Maven dependency manager:

<dependency>
    <groupId>com.aliyun</groupId>
    <artifactId>aliyun-java-sdk-core</artifactId>
    <optional>true</optional>
    <version>4.5.1</version>
</dependency>
<dependency>
    <groupId>com.alibaba</groupId>
    <artifactId>fastjson</artifactId>
    <version>1.2.60</version>
</dependency>
<dependency>
    <groupId>com.google.code.gson</groupId>
    <artifactId>gson</artifactId>
    <version>2.8.2</version>
</dependency>
<dependency>        
    <groupId>org.apache.httpcomponents</groupId>        
    <artifactId>httpclient</artifactId>        
    <version>4.5.3</version>    
</dependency>    
<dependency>       
    <groupId>io.opentracing</groupId>       
    <artifactId>opentracing-util</artifactId>        
    <version>0.31.0</version>    
</dependency>

Download the test case of Fraud Detection SDK for Java.

Click URL 1 or URL 2 to download the Java Maven repository.

1.2. Fraud Detection SDK for Python

Download the source code of Fraud Detection SDK for Python.

  1. Install the SDK core library.

    • If you are using Python 2.x, run the following command to install the Alibaba Cloud SDK core library:

      pip install aliyun-python-sdk-core
    • If you are using Python 3.x, run the following command to install the Alibaba Cloud SDK core library:

      pip install aliyun-python-sdk-core-v3
  2. Install Alibaba Cloud SAF SDK for Python.

    pip install aliyun-python-sdk-saf

Test case of Fraud Detection SDK for Python:

from aliyunsdkcore import client
from aliyunsdksaf.request.v20190521 import ExecuteRequestRequest
clt = client.AcsClient('<your-access-key-id>','<your-access-key-secret>','cn-shanghai')
# Set the parameters.
request = ExecuteRequestRequest.ExecuteRequestRequest()
request.set_accept_format('json')
# For more information about the Service parameter, see Common parameters.
request.add_query_param('Service', 'Your purchased service')
request.add_query_param('ServiceParameters', 'The input parameters in a JSON string')
# Initiate a request.
response = clt.do_action_with_exception(request)
print(response)
                                

1.3. Fraud Detection SDK for PHP

Download the source code of Fraud Detection SDK for PHP.

Test case of Fraud Detection SDK for PHP:

<?php
include_once 'aliyun-openapi-php-sdk/aliyun-php-sdk-core/Config.php';
use saf\Request\V20190521 as saf;
// Initialize a client.
$iClientProfile = DefaultProfile::getProfile("cn-shanghai", "<your-access-key-id>", "<your-access-key-secret>");
$client = new DefaultAcsClient($iClientProfile);
// Set the parameters.
$request = new saf\ExecuteRequestRequest();
// For more information about the Service parameter, see Common parameters.
$request->setService('Your purchased service');
$request->setServiceParameters('The input parameters in a JSON string');
// Initiate a request.
$response = $client->getAcsResponse($request);
print_r("<br>");
print_r("test");
print_r("\r\n");
print_r($response);
print_r($client);
?>

1.4. Fraud Detection SDK for C#

Download the source code of Fraud Detection SDK for C#.

1.5. Fraud Detection SDK for Golang

Download the source code of Fraud Detection SDK for Golang.

Test case of Fraud Detection SDK for Golang:

package main
import (
    "fmt"
    "github.com/aliyun/alibaba-cloud-sdk-go/services/saf"
)
func main() {
    client, err := saf.NewClientWithAccessKey("cn-shanghai", "<your-access-key-id>", "<your-access-key-secret>")
    request := saf.CreateExecuteRequestRequest()
    endpoints.AddEndpointMapping("cn-shanghai", "saf", "saf.cn-shanghai.aliyuncs.com")
    // For more information about the Service parameter, see Common parameters.
    request.Service = "Your purchased service"
    request.ServiceParameters = "The input parameters in a JSON string"
    request.Scheme = "https"
    response, err := client.ExecuteRequest(request)
    if err != nil {
        fmt.Print(err.Error())
    }
    fmt.Printf("response code is %#v\n", response.Code)
    fmt.Printf("response date is %#v\n", response.Data)
    fmt.Printf("response message is %#v\n", response.Message)
    fmt.Printf("response requestId is %#v\n", response.RequestId)
}

1.6. Fraud Detection SDK for Node.js

Download the source code of Fraud Detection SDK for Node.js.

Run the following command to install the @alicloud/pop-core module. The --save option in the command writes the module to the package.json file of the application as a dependent module.

$ npm install @alicloud/pop-core --save

Test case of Fraud Detection SDK for Node.js:

const Core = require('@alicloud/pop-core');
var client = new Core({
  accessKeyId: '<your-access-key-id>',
  accessKeySecret: '<your-access-key-secret>',
  endpoint: 'https://saf.cn-shanghai.aliyuncs.com',
  apiVersion: '2019-01-28'
});
var params = {
  "RegionId": "cn-shanghai",
  // For more information about the Service parameter, see Common parameters.
  "Service": "Your purchased service",
  "ServiceParameters": "The input parameters in a JSON string"
}
var requestOption = {
  method: 'POST'
};
client.request('ExecuteRequest', params, requestOption).then((result) => {
  console.log(JSON.stringify(result));
}, (ex) => {
  console.log(ex);
})

1.7. Fraud Detection SDK for Ruby

Download the source code of Fraud Detection SDK for Ruby.

Run the following command to install Alibaba Cloud Core SDK for Ruby:

$ gem install aliyunsdkcore

Test case of Fraud Detection SDK for Ruby:

require 'aliyunsdkcore'
client = RPCClient.new(
  access_key_id:     '<your-access-key-id>',
  access_key_secret: '<your-access-key-secret>',
  endpoint: 'https://saf.cn-shanghai.aliyuncs.com',
  api_version: '2019-01-28'
)
response = client.request(
  action: 'ExecuteRequest',
  params: {
    "RegionId": "cn-shanghai",
    # For more information about the Service parameter, see Common parameters.
    "Service": "Your purchased service",
    "ServiceParameters": "The input parameters in a JSON string"
  },
  opts: {
    method: 'POST'
  }
)
print response

2. Make native HTTPS calls

You can also call the Fraud Detection API by using native HTTPS. To make native HTTPS calls, you must encapsulate the protocol, add and verify a signature, and assemble the URL, body, header, and parameters into a request.

Generally, you must use native HTTPS to call the Fraud Detection API only in the following two scenarios. In other scenarios, we recommend that you use Fraud Detection SDKs to call the Fraud Detection API.

  1. Your services are directly provided in applications and have high requirements for the client size.

  2. Your services are dependent on specific libraries and are difficult to update.

2.1. Basic information

Service request URL: https://saf.cn-shanghai.aliyuncs.com

Protocol: HTTPS

HttpMethod: POST

2.2. Signature method

Fraud Detection verifies every request it receives. All requests to Fraud Detection must contain signature information. Fraud Detection implements symmetric encryption with an AccessKey pair to verify the identity of the request sender. An AccessKey pair is an identity credential issued to Alibaba Cloud accounts and RAM users that is similar to a logon username and password. An AccessKey pair consists of an AccessKey ID and an AccessKey secret. The AccessKey ID is used to verify the identity of the user, while the AccessKey secret is used to encrypt and verify the signature string. You must keep your AccessKey secret strictly confidential.

You can perform the following steps to sign a request:

  1. Use the request parameters to construct a canonicalized query string.

    a. Sort all request parameters in alphabetical order of parameter names. These parameters include the common request parameters described in the "Common parameters" topic and the operation-specific parameters. However, the Signature parameter is not included.

    b. Encode the names and values of the relevant request parameters The parameter names and values must be URL-encoded in UTF-8 based on the following encoding rules:

     i.Uppercase letters (A-Z), lowercase letters (a-z), digits (0-9), hyphens (-), underscores (_), periods (.), and tildes (~) are not encoded.
     ii. Other characters must be percent encoded in the %XY format. XY represents the ASCII code of the characters in hexadecimal notation. For example, double quotation marks (") are encoded as %22.
     iii.Extended UTF-8 characters must be encoded in the %XY%ZA... format.
     iv. Spaces must be encoded as %20. Do not encode spaces as plus signs (+). 
         

    Note: Most libraries that support URL encoding, such as java.net.URLEncoder, comply with the Multipurpose Internet Mail Extensions (MIME) encoding rules of "application/x-www-form-urlencoded". If you use this encoding method, replace each plus sign (+) with %20, each asterisk (*) with %2A, and %7E with a tilde (~).

    c. Connect the encoded parameter names and values by using equal signs (=).

    d. Sort the key-value pairs connected by equal signs (=) in alphabetical order and separate them with ampersands (&) to obtain the canonicalized query string.

  2. Create a string-to-sign from the encoded canonicalized query string that is constructed in Step 1 based on the following rules:

     StringToSign=
     HTTPMethod + "&" +
     percentEncode("/") + "&" +
     percentEncode(CanonicalizedQueryString)
         

    HTTPMethod indicates the HTTP method used to make the request, such as POST.

    percentEncode("/") specifies the encoded value for the forward slash (/) based on the URL encoding rules described in Step 1.b, which is %2F.

    percentEncode(CanonicalizedQueryString) specifies the encoded string of the canonicalized query string constructed in Step 1, produced by following the URL encoding rules described in Step 1.b.

  3. Calculate the hash-based message authentication code (HMAC) value of the string-to-sign as defined in RFC 2104. Note: Use the SHA1 algorithm to calculate the HMAC value of the string-to-sign. The AccessKey secret appended by an ampersand (&) (ASCII:38) is used as the key for HMAC calculation.

  4. Encode the HMAC value in Base64 to obtain the signature string.

  5. Add the signature string to the request as the Signature parameter.

    Note: The signature string must be encoded like other parameters in the URL based on RFC 3986 rules before it can be submitted to the Fraud Detection server as the final request parameter value.