Skip to main content

Documentation Index

Fetch the complete documentation index at: https://umbrella-docs.info/llms.txt

Use this file to discover all available pages before exploring further.

Forensic Scoring API - Detailed Documentation

The IDCanopy Forensic Scoring API provides banks, lenders, fintechs, and regulated financial institutions with a unified document forensic analysis capability designed to identify fraud indicators, manipulated documents, inconsistencies, and suspicious onboarding artefacts during customer acquisition and lending workflows.

Overview

The service accepts identity documents, payslips, bank statements, and supporting onboarding documentation and returns a normalized forensic assessment response containing:
  • Final forensic verdict
  • Fraud and manipulation indicators
  • Detailed findings
  • Advisory risk scoring
  • Recommended next actions
  • Cross-document and cross-applicant anomaly signals

Authentication

To access the Address Verification API, authentication is required. A Bearer Token must be included in every request.
  • Tokens are valid for 60 minutes and must be refreshed after expiration.
  • Refer to the Authentication for detailed steps on obtaining a token.
  • Include the token in the Authorization header as follows:
Authorization: Bearer YOUR_ACCESS_TOKEN

API Base URL

Production:

https://api-umbrella.io/api/services

Sandbox:

https://sandbox-umbrella-api.azurewebsites.net/api/services

Endpoints

POST /forensic/cases/analyze

Description

This endpoint orchestrates the complete forensic workflow:
  1. Case creation
  2. Document ingestion
  3. Document normalization
  4. Forensic analysis
  5. Verdict generation
  6. Result normalization
Clients only need to make a single API call.

Request Format

multipart/form-data

Request Fields

FieldTypeRequiredDescription
applicantIdstringNoExternal applicant or case reference. Auto-generated if omitted.
caseMetastringified JSONNoAdditional metadata associated with the case.
files1file[]YesOne or more uploaded files for forensic analysis.
files2file[]NoAdditional files for forensic analysis.
files3file[]NoAdditional files for forensic analysis.

Supported File Types

FormatSupported
PDFYes
JPG / JPEGYes
PNGYes
TIFFYes
HEICYes

Upload Limits

LimitValue
Maximum files15
Maximum file size20 MB
Maximum total request size50 MB

Example Request

cURL

curl -X POST "https://umbrella-api.io/api/services/forensic/cases/analyze" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -F "applicantId=loan-app-001" \
  -F 'caseMeta={"source":"bankXZY_onboarding","customerReference":"B99-12345"}' \
  -F "files1=@id_front.pdf" \
  -F "files2=@payslip.pdf" \
  -F "files3=@bank_statement.pdf"

JavaScript Example

const formData = new FormData();

formData.append("applicantId", "loan-app-001");

formData.append(
  "caseMeta",
  JSON.stringify({
    source: "bankXZY_onboarding",
    customerReference: "B99-12345",
  })
);

formData.append("files1", idFrontFile);
formData.append("files2", payslipFile);
formData.append("files3", bankStatementFile);

const response = await fetch(
  "https://umbrella-api.io/api/services/forensic/cases/analyze",
  {
    method: "POST",
    headers: {
      Authorization: "Bearer YOUR_API_KEY",
    },
    body: formData,
  }
);

const result = await response.json();

console.log(result.result.verdict);

Successful Response

HTTP Status

200 OK

Response Body

{
  "requestId": "req_7d6a9f9d7b4f",
  "product": "FORENSIC_SCORING",
  "status": "completed",
  "applicantId": "loan-app-001",
  "tenantId": "bankXZY",
  "createdAt": "2026-09-05T10:00:00Z",
  "processingTimeMs": 28431,
  "documents": [
    {
      "documentId": "f2c31c7d-8f4e-4d9b-b9f0-2d6baf5a0a13",
      "filename": "payslip.pdf",
      "byteSize": 124552,
      "contentSha256": "af91db3b9f6d4f1f6c5e5e7a4a9f"
    }
  ],
  "result": {
    "applicantId": "loan-app-001",
    "status": "completed",
    "verdict": "ESCALATE",
    "reasonCodes": [
      "KAZ_BACKDATING"
    ],
    "overrideRulesFired": [
      "B2"
    ],
    "explanation": "Bank statement creation date precedes stated period by 14 days.",
    "advisoryScore": 38,
    "advisoryBand": "REVIEW",
    "recommendedAction": "Request current bank statement directly from the issuing institution.",
    "findings": [
      {
        "check_id": "kaz_backdating",
        "check_category": "bank_statement",
        "severity": "HIGH",
        "summary": "Bank statement PDF creation date precedes stated period by 14 days.",
        "evidence_quote": "CreationDate: 2026-07-17, period: 2026-08-01–2026-08-31"
      }
    ],
    "commercialSignals": [],
    "checkerVersion": "0.4.0-phase4",
    "analysisTimestamp": "2026-09-05T10:01:42Z"
  }
}

Verdicts

VerdictDescriptionRecommended Action
PASSNo significant fraud indicators detectedProceed with onboarding
CONDITIONALMinor or contextual issues detectedProceed with additional conditions
ESCALATESignificant suspicious indicators detectedRoute for manual review
PENDINGDocuments insufficient or unreadableRequest additional documentation
REJECTDeterministic fraud indicators identifiedReject application

Advisory Risk Bands

BandScore RangeMeaning
LOW_RISK61 - 100Minimal fraud indicators
REVIEW31 - 60Moderate risk profile
HIGH_RISK0 - 30Significant fraud indicators

Findings

Each forensic response may include one or more findings.

Finding Structure

{
  "check_id": "kaz_backdating",
  "check_category": "bank_statement",
  "severity": "HIGH",
  "summary": "Bank statement creation date predates stated period by 14 days.",
  "evidence_quote": "CreationDate: 2026-07-17; period: 2026-08-01–2026-08-31",
  "source_document_id": "uuid",
  "extraction_confidence": 0.97
}

Check Categories

CategoryDescription
metadataFile and metadata analysis
identityIdentity document analysis
payslipPayslip validation
bank_statementBank statement analysis
cross_documentCross-document consistency checks
cross_applicantCross-applicant anomaly detection
quality_gateImage/document quality validation

Severity Levels

SeverityMeaning
CRITICALDeterministic fraud indicator
HIGHStrong suspicious signal
MEDIUMModerate concern
LOWMinor anomaly
INFOInformational only

Common Fraud Signals

Examples of forensic signals that may be identified:
  • Metadata tampering
  • Document backdating
  • Payslip arithmetic inconsistencies
  • MRZ checksum failures
  • Image manipulation indicators
  • Cross-document identity mismatches
  • Reused applicant data
  • Shared IBAN or salary patterns across applicants
  • OCR inconsistencies
  • Suspicious PDF generation patterns

Error Responses

Error Format

{
  "error": "ERROR_CODE",
  "message": "Human readable description",
  "detail": "Additional diagnostic information"
}

Error Codes

HTTP StatusErrorMeaning
400INVALID_REQUESTRequest validation failed
400INVALID_CASE_METAcaseMeta JSON invalid
400NO_FILES_PROVIDEDNo uploaded files supplied
401UNAUTHORIZEDInvalid API credentials
403FORBIDDENProduct access denied
409DUPLICATE_APPLICANTApplicant already exists
413FILE_TOO_LARGEFile exceeds size limit
413TOTAL_UPLOAD_TOO_LARGETotal upload size exceeded
422VALIDATION_ERRORSemantic validation failure
429RATE_LIMITEDToo many requests
500FORENSIC_CASE_ANALYSIS_FAILEDUpstream forensic processing failure
503QUOTA_EXCEEDEDMonthly quota exceeded

Processing Behaviour

CharacteristicBehaviour
Processing modeSynchronous
Typical response timeUnder 30 seconds
Large batch processingAvailable separately
Document normalizationAutomatic
File hashingSHA-256
Cross-document analysisEnabled
Cross-applicant analysisEnabled

Security & Data Handling

  • All traffic is encrypted in transit using HTTPS/TLS.
  • Uploaded documents are processed within the IDCanopy forensic workflow.
  • File hashes are generated for audit and traceability.
  • Personally identifiable information (PII) is never included in operational logs.
  • Request and response auditing may be enabled for regulated financial institutions.
  • GDPR-compliant deletion workflows are supported.

Recommended Integration Pattern

The recommended integration sequence for banks and lenders is:
  1. Customer onboarding initiated
  2. Customer uploads identity and financial documents
  3. Documents submitted to IDCanopy forensic endpoint
  4. Forensic verdict evaluated
  5. Decision engine applies policy rules
  6. Application proceeds, escalates, or rejects

Notes

  • The forensic verdict should be used as the primary automated decisioning signal.
  • Advisory scoring is informational and should not be used as the sole approval or rejection criterion.
  • Some findings may require manual review depending on institutional policy.
  • IDCanopy abstracts all upstream forensic provider orchestration and normalization.

Support

For onboarding, credentials, production enablement, or integration support: 
support@idcanopy.com