Knogin
[Developers]

Case Status Workflow Domain

A financial crime team has a policy: before any high-value fraud case can be closed, the compliance officer and the legal counsel must both sign off. That approval requirement is not optional, and the sequence matters. I

Back to All Modules
Category: Api DomainsLast Updated: Feb 5, 2026
api-domainscompliance

Overview#

A financial crime team has a policy: before any high-value fraud case can be closed, the compliance officer and the legal counsel must both sign off. That approval requirement is not optional, and the sequence matters. In practice, enforcing it through email introduces delays, leaves no audit record, and creates risk when approvers are unavailable and someone closes a case anyway.

The Case Status Workflow domain encodes that approval logic directly into the platform. Status transitions are governed by configurable rules. Approval gates can require one or many approvers in parallel or sequence. Every approval, rejection, and escalation is recorded immutably. The compliance officer's sign-off exists as a timestamped record, not as an email in someone's inbox.

Key Features#

  • Configurable status transition rules per organisation with priority-based conflict resolution.
  • Multi-tier approval workflows with role-based approver assignment.
  • Complete audit trail with immutable history records for every status change.
  • Conditional preconditions and post-action automation via configurable JSONB fields.
  • Parallel and sequential approval support with single-rejection veto.
  • Approval deadline tracking with reminder notifications.
  • Organisation-scoped isolation with cross-org transition prevention.
  • Automatic integration with notification, audit trail, and task automation domains.

Use Cases#

Financial crime investigation units enforce supervisor approval before closing high-value fraud cases, with the approval gate creating a documented sign-off chain that satisfies both internal governance and external regulatory audit requirements.

Law enforcement agencies automate post-transition actions such as report generation and team notification the moment a case reaches a specific status, eliminating the manual follow-up steps that investigators currently handle outside the system.

Regulated financial institutions configure multi-approver workflows requiring compliance officer and legal counsel sign-off on sensitive case closures, with the platform managing deadline tracking and escalation automatically.

Government investigation bodies maintain complete approval chains in the case record for every status transition, providing the documentation required for regulatory compliance reporting without manual record-keeping.

Integration#

Integrates with case management for status synchronisation, audit trail for event logging, notification for approval alerts, and task automation for post-transition workflow triggers.

Open Standards#

  • GraphQL (June 2018 specification): all case status workflow operations, querying allowed transitions, retrieving history, and approving or rejecting transitions, are exposed as a typed GraphQL schema with structured queries and mutations.
  • JSON Web Token (RFC 7519) and JWKS (RFC 7517): every API request is authenticated via an RS256-signed JWT verified against a JSON Web Key Set endpoint; the IsAuthenticated permission class enforces this on every query and mutation.
  • OAuth 2.0 (RFC 6749): the bearer token authorisation framework underlies the platform's access control model that protects all case status endpoints.
  • Role-Based Access Control (ANSI INCITS 359-2012 / NIST SP 800-162): approval assignments are scoped by approval_role, and the platform's RBAC catalogue enforces which roles may approve or reject a given transition.
  • JSON (RFC 8259): transition preconditions and post-actions are stored and transmitted as structured JSON objects (JSONB columns in PostgreSQL), enabling extensible rule configuration without schema changes.
  • RFC 4122 (UUID): all persistent entities, status rules, history records, and approver assignments, are identified by UUID version 4 values, ensuring globally unique, collision-resistant identifiers.
  • ISO 8601 / RFC 3339: all temporal fields (creation, effective, approval-requested, and approval-completed timestamps) are recorded in UTC-normalised ISO 8601 format, providing unambiguous chronological ordering for the immutable audit history.

Last Reviewed: 2026-02-05 Last Updated: 2026-04-14

Ready to Build?

Get started with our APIs or contact our integration team for support.