ImagID — API Reference

Endpoints Publicos (via Gateway)

Todos requieren autenticacion JWT. Operan dentro del contexto del tenant del token.

Perfiles

Metodo	Endpoint	Rol requerido	Descripcion
GET	/api/v1/subjects	operator, tenant_admin	Listar sujetos del tenant (paginado)
GET	/api/v1/subjects/{id}	operator, tenant_admin	Obtener perfil completo del sujeto
GET	/api/v1/subjects/lookup	operator, tenant_admin	Buscar sujeto por documento

Historial

Metodo	Endpoint	Rol requerido	Descripcion
GET	/api/v1/subjects/{id}/events	operator, tenant_admin	Timeline de eventos del sujeto
GET	/api/v1/subjects/{id}/events/summary	operator, tenant_admin	Resumen de actividad

Dispositivos

Metodo	Endpoint	Rol requerido	Descripcion
GET	/api/v1/subjects/{id}/devices	operator, tenant_admin	Listar dispositivos conocidos
GET	/api/v1/subjects/{id}/devices/{deviceId}	operator, tenant_admin	Detalle de un dispositivo

Listas de Control

Metodo	Endpoint	Rol requerido	Descripcion
GET	/api/v1/subjects/{id}/lists	operator, tenant_admin	Listar entradas activas en listas
POST	/api/v1/subjects/{id}/lists	tenant_admin	Agregar sujeto a una lista
DELETE	/api/v1/subjects/{id}/lists/{entryId}	tenant_admin	Remover de una lista
GET	/api/v1/lists	tenant_admin	Listar todas las entradas por tipo

Alertas

Metodo	Endpoint	Rol requerido	Descripcion
GET	/api/v1/subjects/{id}/alerts	operator, tenant_admin	Listar alertas del sujeto
GET	/api/v1/alerts	operator, tenant_admin	Listar todas las alertas del tenant
PATCH	/api/v1/alerts/{id}	tenant_admin	Actualizar estado de alerta

Trust Score

Metodo	Endpoint	Rol requerido	Descripcion
GET	/api/v1/subjects/{id}/trust-score	operator, tenant_admin	Obtener trust score actual
GET	/api/v1/subjects/{id}/trust-score/history	tenant_admin	Historial de cambios del score

Endpoints Internos (servicio-a-servicio)

Invocados por otros dominios con JWT propagado. No expuestos en el API Gateway publico.

Metodo	Endpoint	Consumidor	Descripcion
GET	/internal/v1/subjects/{id}/metrics	ImagFlow	Metricas agregadas para reglas
GET	/internal/v1/subjects/{id}/trust-score	ImagFlow, ImagLend	Trust score actual
GET	/internal/v1/subjects/{id}/lists/check	ImagFlow, ImagLend	Verificar pertenencia a listas
GET	/internal/v1/subjects/{id}/devices	ImagLend	Dispositivos conocidos
GET	/internal/v1/subjects/lookup	ImagFlow, ImagLend	Buscar por documento

Ejemplos de Request/Response

Buscar Sujeto por Documento

GET /api/v1/subjects/lookup?identifier_type=cedula&identifier_value=1234567890
Authorization: Bearer {jwt}

Response 200:

{
  "data": {
    "subject_id": "subject-uuid",
    "identifier_type": "cedula",
    "identifier_value": "1234567890",
    "full_name": "Juan Perez",
    "tenant_view": {
      "status": "active",
      "trust_score": 72.50,
      "total_interactions": 15,
      "total_approvals": 12,
      "total_rejections": 3,
      "total_defaults": 0,
      "first_interaction_at": "2025-03-15T08:00:00Z",
      "last_interaction_at": "2026-05-18T10:30:00Z"
    }
  },
  "metadata": {
    "request_id": "req-abc123",
    "timestamp": "2026-05-18T10:30:00Z"
  }
}

Obtener Timeline de Eventos

GET /api/v1/subjects/subject-uuid/events?page=1&page_size=20&sort=desc
Authorization: Bearer {jwt}

Response 200:

{
  "data": [
    {
      "id": "event-uuid-1",
      "event_type": "flow.execution.completed",
      "event_source": "imagy-flow-engine",
      "event_data": {
        "flow_name": "Validacion de Identidad",
        "result": "approved",
        "confidence": 0.95
      },
      "device_info": {
        "fingerprint": "fp-abc123",
        "ip": "190.25.100.50",
        "geo_city": "Bogota"
      },
      "event_timestamp": "2026-05-18T10:30:00Z"
    },
    {
      "id": "event-uuid-2",
      "event_type": "lending.credit.disbursed",
      "event_source": "imagy-lending",
      "event_data": {
        "credit_id": "credit-uuid",
        "amount": 5000000,
        "currency": "COP"
      },
      "device_info": null,
      "event_timestamp": "2026-05-17T14:00:00Z"
    }
  ],
  "pagination": {
    "page": 1,
    "page_size": 20,
    "total_items": 45,
    "total_pages": 3
  },
  "metadata": {
    "request_id": "req-def456",
    "timestamp": "2026-05-18T10:30:00Z"
  }
}

Agregar a Lista

POST /api/v1/subjects/subject-uuid/lists
Content-Type: application/json
Authorization: Bearer {jwt}

{
  "list_type": "blacklist",
  "reason": "Multiples intentos de fraude detectados",
  "expires_in_days": null,
  "metadata": {
    "related_alert_id": "alert-uuid",
    "evidence": "3 rechazos consecutivos por biometria no coincidente"
  }
}

Response 201:

{
  "data": {
    "id": "entry-uuid",
    "subject_id": "subject-uuid",
    "list_type": "blacklist",
    "reason": "Multiples intentos de fraude detectados",
    "added_at": "2026-05-18T10:30:00Z",
    "expires_at": null,
    "added_by_type": "user"
  },
  "metadata": {
    "request_id": "req-ghi789",
    "timestamp": "2026-05-18T10:30:00Z"
  }
}

Verificar Listas (interno)

GET /internal/v1/subjects/subject-uuid/lists/check?list_types=blacklist,watchlist
Authorization: Bearer {jwt-propagado}

Response 200:

{
  "data": {
    "subject_id": "subject-uuid",
    "checks": {
      "blacklist": {
        "is_listed": true,
        "reason": "Multiples intentos de fraude detectados",
        "added_at": "2026-05-18T10:30:00Z",
        "expires_at": null
      },
      "watchlist": {
        "is_listed": false
      }
    }
  }
}

Obtener Metricas (interno, para ImagFlow Rules Engine)

GET /internal/v1/subjects/subject-uuid/metrics
Authorization: Bearer {jwt-propagado}

Response 200:

{
  "data": {
    "subject_id": "subject-uuid",
    "trust_score": 72.50,
    "total_interactions": 15,
    "total_approvals": 12,
    "total_rejections": 3,
    "total_defaults": 0,
    "approval_rate": 0.80,
    "days_since_first_interaction": 430,
    "days_since_last_interaction": 0,
    "devices_count": 3,
    "recent_rejections_30d": 1,
    "lists": {
      "blacklisted": false,
      "whitelisted": false,
      "watchlisted": true
    }
  }
}

Obtener Trust Score (interno)

GET /internal/v1/subjects/subject-uuid/trust-score
Authorization: Bearer {jwt-propagado}

Response 200:

{
  "data": {
    "subject_id": "subject-uuid",
    "trust_score": 72.50,
    "classification": "normal",
    "last_calculated_at": "2026-05-18T10:30:00Z",
    "factors": {
      "approvals_contribution": 60.0,
      "rejections_contribution": -30.0,
      "defaults_contribution": 0.0,
      "tenure_contribution": 14.0,
      "device_contribution": -2.0,
      "base_score": 50.0
    }
  }
}

Listar Dispositivos

GET /api/v1/subjects/subject-uuid/devices
Authorization: Bearer {jwt}

Response 200:

{
  "data": [
    {
      "id": "device-uuid-1",
      "device_fingerprint": "fp-abc123",
      "ip_address": "190.25.100.50",
      "user_agent": "Mozilla/5.0 (iPhone; CPU iPhone OS 17_0)",
      "geo_country": "Colombia",
      "geo_city": "Bogota",
      "access_count": 8,
      "first_seen_at": "2025-06-10T09:00:00Z",
      "last_seen_at": "2026-05-18T10:30:00Z"
    },
    {
      "id": "device-uuid-2",
      "device_fingerprint": "fp-def456",
      "ip_address": "181.50.200.10",
      "user_agent": "Mozilla/5.0 (Linux; Android 14)",
      "geo_country": "Colombia",
      "geo_city": "Medellin",
      "access_count": 3,
      "first_seen_at": "2026-04-01T11:00:00Z",
      "last_seen_at": "2026-05-10T15:00:00Z"
    }
  ],
  "pagination": {
    "page": 1,
    "page_size": 20,
    "total_items": 2,
    "total_pages": 1
  },
  "metadata": {
    "request_id": "req-jkl012",
    "timestamp": "2026-05-18T10:30:00Z"
  }
}

Filtros y Paginacion

Parametros de Paginacion

Todos los endpoints de listado soportan:

Parametro	Tipo	Default	Descripcion
page	INT	1	Numero de pagina
page_size	INT	20	Items por pagina (max 100)
sort	STRING	desc	Orden: asc o desc
sort_by	STRING	varia	Campo de ordenamiento

Filtros por Endpoint

GET /api/v1/subjects

Filtro	Tipo	Descripcion
status	STRING	Filtrar por estado: active, flagged, blacklisted
trust_score_min	DECIMAL	Score minimo
trust_score_max	DECIMAL	Score maximo
last_interaction_after	ISO8601	Interaccion despues de fecha

GET /api/v1/subjects/{id}/events

Filtro	Tipo	Descripcion
event_type	STRING	Filtrar por tipo de evento
event_source	STRING	Filtrar por dominio origen
from	ISO8601	Eventos desde fecha
to	ISO8601	Eventos hasta fecha

GET /api/v1/alerts

Filtro	Tipo	Descripcion
status	STRING	open, acknowledged, resolved, dismissed
severity	STRING	low, medium, high, critical
alert_type	STRING	Tipo de alerta

Headers Especiales

Header	Direccion	Descripcion
X-Request-Id	Response	ID de trazabilidad
X-Cache-Hit	Response	true si la respuesta vino de cache
Cache-Control	Response	Directivas de cache para trust score y listas

Codigos de Estado

Status	Cuando
200	Operacion exitosa
201	Entrada en lista creada
400	Parametros invalidos
401	No autenticado
403	Sin permisos para la operacion
404	Sujeto no encontrado en este tenant
409	Sujeto ya esta en la lista indicada
429	Rate limit excedido
500	Error interno