Event Driven Validation (EDV)
Event Driven Validation, sometimes referred to as Patrol, is a system in digital banking that will put a end user through a step-up authentication workflow when they attempt a high risk event. The user will go through their configured MFA work flow (Secure Access Code, Token or 3rd Party). If, and only if, they complete that workflow will the action be allowed.
The system is configured around Audit Actions. Almost all activity in digital banking is captured
and tied to specific Audit Actions. These are the same Audit Actions you can subscribe to via
the Audit Action Extension type.
More information about EDV can be found in the Event Driven Validation guide.
Let’s follow the below steps for creating an EDV extension:
Create an extension using
q2 create_extensioncommand:q2 create_extension New Extension Name: EdvUpdateProfile What type of extension are you creating? 1) Online (default) 2) SSO (Third Party Integration) 3) Ardent (API) 4) Q2Console (Backoffice) 5) Central (Legacy Backoffice) 6) Adapter 7) Audit Action 8) Custom Health Check 9) Message Bus 10) Caliper API Custom Endpoint 11) Base Extension Please make a selection and press Return [1]: 6 Adapter Select adapter type to generate 1) Account Details 2) Authentication Token 3) Event Driven Validation (EDV) <-------- 4) External Authentication 5) Check Image 6) Domestic Wire 7) Deposit Item Image 8) FX Rate 9) Instant Payments 10) International Wire 11) Remote Deposit 12) Statement ImageUpdate the
AUDIT_ACTIONSvariable from the list ofSupportedAuditActions. You also have the option to add your FI specificCUSTOM_AUDIT_ACTIONS:from q2_sdk.core.http_handlers.edv_handler import Q2EdvRequestHandler from q2_sdk.models.adapters.edv import SupportedAuditActions class EdvUpdateAlertHandler(Q2EdvRequestHandler): CONFIG_FILE_NAME = "EdvUpdateProfile" # configuration/EdvUpdateAlert.py file must exist if REQUIRED_CONFIGURATIONS exist AUDIT_ACTIONS: list[SupportedAuditActions] = [SupportedAuditActions.UpdateUserProfile] # CUSTOM_AUDIT_ACTIONS = []
Run the
q2 installcommand to install the extension.Let’s implement a simple code to validate a simple event for example UpdateUserProfile:
from q2_sdk.models.adapters.edv import EdvRequest, EdvResultType async def decide_edv(self, request: EdvRequest) -> EdvResultType: """ Determine result for EDV :param EdvRequest: The incoming payload with the context of the event :return: EdvResult Enum """ return EdvResultType.Disallow
From the code above, we are not allowing updating the user profile through decide_edv method which return EdvResultType.Disallow. The result looks like below:
We also have following EdvResultType:
EdvResultType.Allow.from q2_sdk.models.adapters.edv import EdvRequest, EdvResultType async def decide_edv(self, request: EdvRequest) -> EdvResultType: """ Determine result for EDV :param EdvRequest: The incoming payload with the context of the event :return: EdvResult Enum """ return EdvResultType.Allow
EdvResultType.RequireStepUp.from q2_sdk.models.adapters.edv import EdvRequest, EdvResultType async def decide_edv(self, request: EdvRequest) -> EdvResultType: """ Determine result for EDV :param EdvRequest: The incoming payload with the context of the event :return: EdvResult Enum """ return EdvResultType.RequireStepUp
EdvResultType.TerminateSession.from q2_sdk.models.adapters.edv import EdvRequest, EdvResultType async def decide_edv(self, request: EdvRequest) -> EdvResultType: """ Determine result for EDV :param EdvRequest: The incoming payload with the context of the event :return: EdvResult Enum """ return EdvResultType.TerminateSession
Note
If you want to modify the existing AuditActions, then modify the AUDIT_ACTIONS variable on extension.py
file and run q2 update_installed cli command to update the changes.
The CUSTOM_AUDIT_ACTIONS may or may not be fully supported as they are not in the list of SupportedAuditActions