API docs by Redocly

Resistant Documents API (2.0.0b)

Download OpenAPI specification:

Resistant Documents provides this API to programmatically interact with its document analysis engine. Interaction with the API can be divided into three phases:

  1. Creating document submission
  2. Uploading a file for for analysis to an address returned from step 1.
  3. Fetching analysis results

In the first step, the submission is created by posting to the /v2/submission endpoint. The response contains a submission_id uniquely identifying the document to be analyzed throughout the entire interaction, and is used to fetch analysis results later.

Submission response also returns upload_url containing a pre-signed URL. This URL should be used to upload the actual document to be analyzed in the second step. Please note the document has to be uploaded using HTTP PUT method with Content-Type HTTP header set to application/octet-stream.

In the last step, client should repeatedly poll using the /v2/submission/{submission_id}/fraud endpoint for analysis results. The best practice is to use polling with an exponential back-off to reduce load on the API.

Authentication

OAuth2

Brief introduction to OAuth2

OAuth2 is an authorization protocol designed to allow applications to access resources on behalf of a user without sharing the user's credentials. It's widely used for web, mobile, and desktop applications, providing a standardized way to manage access to APIs and user data.

How it works

  1. The client (application) is registered with the authorization server to obtain a client ID and client secret. (Service access provisioning)
  2. The client requests the authorization server to grant access to desired resources and provides Access token.
  3. The client can access desired resources until Access token expires ( e.g. 15 minutes). Expiration datetime (exp as Unix Timestamp ) is accessible in the token payload together with issue datetime (iat). Any library for work with JWT should support this functionality, e.g. PyJWT (python).
{
  ...
  "iat": 1742473136,
  "exp": 1742474036,
  ...
}

Differences to other authn techniques e.g. API Key

  • OAuth Access Token provides an enhanced security as tokens are short lived and revocable, reducing a risk of credentials exposure.
  • Access Token should be re-used across multiple requests till token is expired (based on token expiration date time e.g. 15 minutes).
  • Authorization Server Token endpoint is protected resource that can issue only finite number of tokens.

Implementation details

The standard client credentials flow:

  1. Client makes a request to authorization server using client credentials
BASIC_AUTH=$(echo -n $CLIENT_ID:$CLIENT_SECRET | base64)
curl --request POST \
  --url 'https://eu.id.resistant.ai/oauth2/aus2un1hkrKhPjir4417/v1/token' \
  --header 'accept: application/json' \
  --header "authorization: Basic $BASIC_AUTH" \
  --header 'content-type: application/x-www-form-urlencoded' \
  --data 'grant_type=client_credentials&scope=submissions.read submissions.write'
  1. If the credentials are valid, authorization server responds with an access token
{
  "access_token": "eyJhbG[...]1LQ",
  "token_type": "Bearer",
  "expires_in": 3600,
  "scope": "submissions.read submissions.write"
}
  1. Client uses the access token to make subsequent API requests with Authorization header
Authorization: Bearer eyJhbG[...]1LQ

Please note that Token URL is specific for a given environment. Correct URL is in the corresponding environment documentation.

Security Scheme Type: OAuth2
Flow type: clientCredentials
Token URL: https://eu.id.resistant.ai/oauth2/aus2un1hkrKhPjir4417/v1/token
Scopes:
  • submissions.read -

    Read analysis results for a submission

  • submissions.write -

    Create a new submission

Create a submission

Create a new submission for a document to be analyzed

Authorizations:
OAuth2
Request Body schema: application/json
optional
query_id
string or null (Query ID) [ 0 .. 1024 ] characters

User-defined ID of analyzed file - typically refers to internal ID of the analyzed document in user's CMS. Please ensure the query_id of any document is reviewed prior to submitting to ensure no PII is shared. Query_id is used for subsequent indexing of outputs from the document forensics analysis.

pipeline_configuration
string (PipelineConfiguration)
Enum: "FRAUD_ONLY" "CLASSIFICATION_ONLY" "QUALITY_ONLY"

Type of analysis pipeline to execute.

enable_decision
boolean (Adaptive Decision enable flag)
Default: false

true to enable Adaptive Decision for the submitted document, false to disable it

enable_submission_characteristics
boolean (Submission characteristics enable flag.)
Default: false

true to enable attachment of submission characteristics for the submitted document, false to disable it (see submission_characteristics_upload_url field in the response object)

Responses

Request samples

Content type
application/json
{
  • "query_id": "string",
  • "pipeline_configuration": "FRAUD_ONLY",
  • "enable_decision": false,
  • "enable_submission_characteristics": false
}

Response samples

Content type
application/json
{}

Add submission characteristics

Attach submission characteristics to the submission. Submission characteristics are properties associated with the original submission of the document (i.e., from the end user). In descriptions of the properties, "user" refers to the person who initially submitted the document, "customer" refers to a customer of Resistant.ai using this API.

Calling this endpoint is only allowed if enable_submission_characteristics is set to true when creating the submission. When submission characteristics are enabled for the submission, submitting then is required (the document will not be analyzed without them).

Authorizations:
OAuth2
path Parameters
submission_id
required
string
Request Body schema: application/json
required
object or null (Document characteristics)

Properties associated with the analyzed document.

object or null (Device characteristics)

Properties associated with the device used to submit the document.

object or null (User identity characteristics)

Properties identifying the user who submitted the document.

object or null (Characteristics related to a transaction with the user)

Properties of a transaction between the user and customer, e.g., load or purchase.

object or null (Characteristics related to an email interaction with the user)

Properties of an email interaction between the user and customer, e.g. email or subject hashes.

object or null (Insurance claims characteristics)

Properties of an insurance claim.

submission_time
string or null (Document submission time)

Time of document submission by the end user

customer_tenant_id
string or null (Customer-assigned identifier of tenant) <= 1024 characters

Customer-assigned identifier of a customer's tenant (e.g., internal merchant ID). Please ensure the customer_tenant_id of any document is reviewed prior to submission to confirm that no PII is included. The customer_tenant_id is used to separate data by individual customer tenants for monitoring and configuration purposes.

Responses

Request samples

Content type
application/json
{
  • "document_characteristics": {
    },
  • "device_characteristics": {
    },
  • "identity_characteristics": {
    },
  • "transaction_characteristics": {
    },
  • "email_characteristics": {
    },
  • "claims_characteristics": {
    },
  • "submission_time": "string",
  • "customer_tenant_id": "string"
}

Response samples

Content type
application/json
{
  • "message": "string"
}

Fetch fraud result

Fetch fraud analysis result

Authorizations:
OAuth2
path Parameters
submission_id
required
string
query Parameters
with_metadata
boolean
Default: false

Enables indicator medatadata in the response object

Responses

Response samples

Content type
application/json
Example
{
  • "status": "SUCCESS",
  • "analysis_time": "string",
  • "file_type": "unsupported",
  • "mime_type": "string",
  • "deployment_version": "string",
  • "query_id": "string",
  • "sha256": "stringstringstringstringstringstringstringstringstringstringstri",
  • "filtered_parsed_pages": [
    ],
  • "num_pages": 0,
  • "score": "NORMAL",
  • "sample_metadata": {
    },
  • "indicators": [
    ],
  • "document_class": {
    }
}

Fetch content result [limited]

Fetch content extraction result

Authorizations:
OAuth2
path Parameters
submission_id
required
string

Responses

Response samples

Content type
application/json
Example
{
  • "status": "SUCCESS",
  • "analysis_time": "string",
  • "file_type": "unsupported",
  • "mime_type": "string",
  • "deployment_version": "string",
  • "query_id": "string",
  • "sha256": "stringstringstringstringstringstringstringstringstringstringstri",
  • "contents": [
    ]
}

Fetch quality result

Authorizations:
OAuth2
path Parameters
submission_id
required
string

Responses

Response samples

Content type
application/json
Example
{
  • "status": "SUCCESS",
  • "analysis_time": "string",
  • "file_type": "unsupported",
  • "mime_type": "string",
  • "deployment_version": "string",
  • "query_id": "string",
  • "sha256": "stringstringstringstringstringstringstringstringstringstringstri",
  • "score": "HIGH_QUALITY",
  • "sample_metadata": {
    },
  • "indicators": [
    ]
}

Fetch Adaptive Decision result

Fetch Adaptive Decision result. Note that if the response is too large, the endpoint may send a 302 FOUND response with a Location header pointing to result download location. Clients must follow such redirect.

Authorizations:
OAuth2
path Parameters
submission_id
required
string
query Parameters
embed
string
Example: embed=fraud

Coma-separated list of decision_inputs that should include the full data in its data attribute, e.g. ?embed=fraud.

Responses

Response samples

Content type
application/json
Example
{
  • "status": "SUCCESS",
  • "decision": "string",
  • "decision_inputs": {
    },
  • "adaptive_decision_version": "string",
  • "reason": { }
}

Fetch document classification

Fetch classification of the type of the submitted document

Authorizations:
OAuth2
path Parameters
submission_id
required
string

Responses

Response samples

Content type
application/json
Example
{
  • "status": "SUCCESS",
  • "analysis_time": "string",
  • "deployment_version": "string",
  • "query_id": "string",
  • "sha256": "stringstringstringstringstringstringstringstringstringstringstri",
  • "mime_type": "string",
  • "document_classification": {
    }
}

Fetch report [preview]

Fetch fraud analysis report of the submitted document

Authorizations:
OAuth2
path Parameters
submission_id
required
string

Responses

Response samples

Content type
application/json
{
  • "download_url": "string"
}

Delete submission

Permanently deletes the submission. Can be used, e.g., to remove a document before the configured retention period.

Authorizations:
OAuth2
path Parameters
submission_id
required
string

Responses

Response samples

Content type
application/json
{
  • "message": "string"
}

Add analysis feedback

Add custom feedback for the document analysis result.

All custom feedback provided for a document must be reviewed by the customer before submission to ensure it does not contain any Personally Identifiable Information (PII). Submitted feedback will be securely stored indefinitely to support ongoing product improvements.

Authorizations:
OAuth2
path Parameters
submission_id
required
string
Request Body schema: application/json
required
analysis_feedback
required
string (Analysis Feedback)
Enum: "CORRECT" "NOT_CORRECT"

Type of feedback on the result of document analysis.

comment
string or null (Feedback comment) [ 0 .. 1024 ] characters

Additional feedback comment.

Responses

Request samples

Content type
application/json
{
  • "analysis_feedback": "CORRECT",
  • "comment": "string"
}

Response samples

Content type
application/json
{
  • "analysis_feedback": "CORRECT",
  • "comment": "string",
  • "updated": "string"
}

Get analysis feedback

Get custom feedback for the document analysis result previously stored with a PUT request to this endpoint.

Authorizations:
OAuth2
path Parameters
submission_id
required
string

Responses

Response samples

Content type
application/json
{
  • "analysis_feedback": "CORRECT",
  • "comment": "string",
  • "updated": "string"
}