CA Risk Authentication Administration Guide › Configuring Callouts › Understanding Callouts › Callout Implementation

Callout Implementation

Note: Implementation of Callouts is optional.

If you have implemented a Callout, then CA Risk Authentication Server reads all configurations related to the Callout from the database and caches the information on startup. During a transaction:

1. CA Risk Authentication Server calls the Callout framework after executing all pre-defined and new rules (in case of Evaluation Callout) or the standard Scoring Engine (in case of Scoring Callout.)

   Note: The Callout framework is a part of CA Risk Authentication Server and just like any other CA Risk Authentication Evaluation rule, is loaded during the Server startup. It is implemented as a .dll or .so file.

2. Depending on the type of Callout (Evaluation or Scoring), the framework collects all the required data from CA Risk Authentication Server and prepares the HTTP or HTTPS data.

   Note: CA Risk Authentication supports both one-way and two-way SSL-based connections between CA Risk Authentication Server and your Callout in case of HTTPS data.

3. This data is then posted (HTTP or HTTPS) to the (configured) URL of your Callout.

   The Callout framework now waits for a response from the Callout.

   If the response from your Evaluation Callout is received within a specified time-out period, then the framework parses the response and sends the result to CA Risk Authentication Server.

   If the response is not received within the specified time-out period, then the framework returns FAILURE as the rule result and empty strings ("") for the modifier and annotation.

   Note: The time-out period can be configured by using CA Advanced Authentication.

4. Your Callout processes the data by using custom logic.
5. Your Callout then returns an appropriate response to the Callout framework, which forwards the same to CA Risk Authentication Server.
6. CA Risk Authentication Server logs all the information returned by the framework for reporting and auditing purposes.

The following figure illustrates the interaction between CA Risk Authentication Server, Callout Framework, and your Callout.

Note: If you are implementing an Evaluation as well as a Scoring Callout, then you can either implement them on the same server or on separate servers.