CA Risk Authentication Administration Guide › Configuring Callouts › Understanding Callouts › Types of Callouts › Scoring Callout

Scoring Callout

A Scoring Callout is executed after the standard CA Risk Authentication Scoring logic has executed. If a Scoring Callout is implemented, then:

1. CA Risk Authentication Server executes the standard Scoring program and invokes the Callout framework.
2. The CA Risk Authentication Callout framework formats the data in XML format.
3. The CA Risk Authentication Callout framework performs an HTTP or HTTPS POST of the following information to your Scoring Callout:
   • Overall Score computed by the standard CA Risk Authentication built-in Scoring Engine.
   • Rule results for each Evaluation rule that was executed.
   • Additional Inputs, if any, that are provided by the calling application as part of the evaluateRisk() API call.
   • Modifier string originally returned by the Evaluation Callout.
4. Your Callout uses the data passed by CA Risk Authentication to process its custom logic.
5. Your Callout then returns the following information to CA Risk Authentication:
   • Final Score in the form of an integer in the range [0 – 100].

   Note: The score returned by the Scoring Callout always overrides the Score computed by the CA Risk Authentication Scoring Engine. If you want to retain the score computed by CA Risk Authentication's standard Scoring Engine, then you will need to pass that same Score as the return value in your response.

   • Annotation string that contains the reason or the description sent back to CA Risk Authentication Server. For example, you can put the reason for changing the score in the Annotation field.

   Note: This information is used for logging (in the database), reporting, and auditing purposes.

6. CA Risk Authentication Server logs the information returned by your Callout.