/api/anomaly_graphPOST https://api.Fluxrails.app/api/v1/ai/anomaly_graph
X-Customer-Api-Id: <uuid>
X-Secret: <secret>
Content-Type: application/json
// Request Body Schema
{
"contamination": number, // fraction of nodes to flag (0–1)
"edges": [
{
"src": "string", // origin node ID
"dst": "string", // destination node ID
"weight": number|null // optional interaction strength (default=1)
}
]
}
// Example Request Body
{
"contamination": 0.10,
"edges": [
{ "src": "acct-001", "dst": "acct-002", "weight": 1 },
{ "src": "acct-002", "dst": "acct-003", "weight": 1 },
{ "src": "acct-003", "dst": "acct-004", "weight": 5 },
{ "src": "acct-003", "dst": "acct-005", "weight": 4 },
{ "src": "acct-004", "dst": "acct-006", "weight": 3 },
{ "src": "acct-004", "dst": "acct-007", "weight": 3 },
{ "src": "acct-004", "dst": "acct-008", "weight": 3 },
{ "src": "acct-002", "dst": "acct-008", "weight": 1 },
{ "src": "acct-007", "dst": "acct-001", "weight": 1 }
]
}
// Example Response Body
{
"details": [
{ "node": "acct-001", "anomaly_score": 2.0, "flag": false },
{ "node": "acct-002", "anomaly_score": 3.0, "flag": false },
{ "node": "acct-003", "anomaly_score": 10.0, "flag": false },
{ "node": "acct-004", "anomaly_score": 14.0, "flag": true },
{ "node": "acct-005", "anomaly_score": 4.0, "flag": false },
{ "node": "acct-006", "anomaly_score": 3.0, "flag": false },
{ "node": "acct-007", "anomaly_score": 4.0, "flag": false },
{ "node": "acct-008", "anomaly_score": 4.0, "flag": false }
],
"interpretation": "1 nodes flagged (threshold 11.20, contamination=0.1)."
}
• Flags the top-N most connected “hub” nodes in any undirected interaction graph. • Computes each node’s weighted degree (sum of edge weights) and marks the top `contamination` fraction. • Returns per-node `anomaly_score` and boolean `flag`. • Provides a human summary of how many nodes crossed the threshold.
• Submit device↔account, IP↔email, wallet↔merchant edge lists to catch mule-account rings or botnet controllers. • Sort `details` by `anomaly_score` to investigate the most over-connected nodes first. • Adjust `contamination` for stricter (e.g. 0.02) or broader (e.g. 0.20) review scopes. • Enrich edge weights with transaction counts or data volumes for finer-grained detection. • Combine with `/api/anomaly_accounts` to blend graph-based signals with profile anomalies.
← Back to all routes