ContX IQ: Retrieve Payment Methods for Contracted Vehicle Users
This example demonstrates a two-phase ContX IQ workflow:
Phase 1 - Link Application to Graph Data:
1. Create a policy allowing the Application to create relationships
2. Create a write query that links _Application to Company nodes
3. Execute the query to create HAS_AGREEMENT_WITH relationship
Phase 2 - Query Payment Methods:
4. Create a policy allowing read access to PaymentMethod nodes through the relationship path
5. Create a query to retrieve payment methods
6. Execute and get results
Key concept: The _Application node (auto-created when credentials are generated) must be linked to business data before it can query through those relationships.
Use case
Scenario: Your application has a business agreement with Company1, which owns a fleet of vehicles.
Goal: Retrieve all payment methods for people who have contracts on Company1's vehicles.
Graph traversal path:
_Application -[HAS_AGREEMENT_WITH]-> Company1 -[OWNS]-> Vehicle -[COVERS]<- Contract -[ACCEPTED]<- Person -[HAS]-> PaymentMethod
Expected result: Payment method details for all people with active vehicle contracts under Company1.
Requirements
Prerequisites:
- ServiceAccount credentials: For creating policies and queries (Bearer token authentication)
- AppAgent credentials: For data ingestion and query execution (X-IK-ClientKey header)
Required API access:
- POST /capture/v1/nodes/ and /capture/v1/relationships/ (data ingestion)
- POST /configs/v1/authorization-policies (create policies)
- POST /configs/v1/knowledge-queries (create queries)
- POST /contx-iq/v1/execute (run queries)
Steps
Step 1: Ingest Graph Data
- Authentication: AppAgent credential (X-IK-ClientKey header)
- Action: POST nodes and relationships to create the graph structure
- Result: Person, Company, Vehicle, Contract, PaymentMethod nodes with relationships
Step 2: Create Application Linking Policy
- Authentication: ServiceAccount credential (Bearer token)
- Action: POST policy that allows the _Application node to create HAS_AGREEMENT_WITH relationships
- Key detail: Uses $_appId filter which auto-resolves to the calling Application's ID
- Result: Policy ID for the linking operation
Step 3: Create Application Linking Query
- Authentication: ServiceAccount credential (Bearer token)
- Action: POST a write query that creates _Application -[HAS_AGREEMENT_WITH]-> Company relationship
- Result: Query ID for execution
Step 4: Execute Linking Query
- Authentication: AppAgent credential (X-IK-ClientKey header)
- Action: POST to /contx-iq/v1/execute with the linking query ID
- Result: _Application node is now connected to Company1 in the graph
Step 5: Create Payment Read Policy
- Authentication: ServiceAccount credential (Bearer token)
- Action: POST policy that allows reading PaymentMethod nodes through the established relationship path
- Result: Policy ID for payment queries
Step 6: Create Payment Query
- Authentication: ServiceAccount credential (Bearer token)
- Action: POST query that traverses from Application through Company, Vehicle, Contract, Person to PaymentMethod
- Result: Query ID for execution
Step 7: Execute Payment Query
- Authentication: AppAgent credential (X-IK-ClientKey header)
- Action: POST to /contx-iq/v1/execute with the payment query ID
- Result: Array of payment method data for authorized users
Step 8: Cleanup
- Action: DELETE queries and policies (does not affect graph data)
Step 1a
Capture nodes into the IKG. Creates Person, Company, Vehicle, Contract, LicenseNumber, and PaymentMethod nodes.
{
"nodes": [
{
"external_id": "alice",
"is_identity": true,
"type": "Person",
"properties": [
{
"type": "email",
"value": "alice@email.com"
},
{
"type": "given_name",
"value": "Alice"
},
{
"type": "last_name",
"value": "Smith"
}
]
},
{
"external_id": "ryan",
"is_identity": true,
"type": "Person",
"properties": [
{
"type": "email",
"value": "ryan@yahoo.co.uk"
},
{
"type": "given_name",
"value": "ryan"
},
{
"type": "last_name",
"value": "mushu"
}
]
},
{
"external_id": "tilda",
"is_identity": true,
"type": "Person",
"properties": [
{
"type": "email",
"value": "tilda@yahoo.co.uk"
},
{
"type": "given_name",
"value": "tilda"
},
{
"type": "last_name",
"value": "mushu"
}
]
},
{
"external_id": "cb123",
"type": "PaymentMethod",
"properties": [
{
"type": "payment_name",
"value": "Credit Card"
}
]
},
{
"external_id": "kl123",
"type": "PaymentMethod",
"properties": [
{
"type": "payment_name",
"value": "Klarna"
}
]
},
{
"external_id": "ct123",
"type": "Contract",
"properties": [
{
"type": "category",
"value": "Insurance"
},
{
"type": "status",
"value": "Active"
},
{
"type": "number",
"value": "hfgrten123",
"metadata": {
"assurance_level": 3,
"source": "BRREG"
}
}
]
},
{
"external_id": "ct234",
"type": "Contract",
"properties": [
{
"type": "category",
"value": "Insurance"
},
{
"type": "status",
"value": "Active"
},
{
"type": "number",
"value": "hfgrten234",
"metadata": {
"assurance_level": 3,
"source": "BRREG"
}
}
]
},
{
"external_id": "ct985",
"type": "Contract",
"properties": [
{
"type": "category",
"value": "Insurance"
},
{
"type": "status",
"value": "Active"
},
{
"type": "number",
"value": "hfgrten985",
"metadata": {
"assurance_level": 3,
"source": "BRREG"
}
}
]
},
{
"external_id": "car1",
"type": "Vehicle",
"properties": [
{
"type": "category",
"value": "Car"
},
{
"type": "is_active",
"value": true
},
{
"type": "vin",
"value": "rtfhcnvjt471"
}
]
},
{
"external_id": "car2",
"type": "Vehicle",
"properties": [
{
"type": "category",
"value": "Car"
},
{
"type": "is_active",
"value": true
},
{
"type": "vin",
"value": "kdcbfrt178"
}
]
},
{
"external_id": "truck1",
"type": "Vehicle",
"properties": [
{
"type": "category",
"value": "Truck"
},
{
"type": "is_active",
"value": true
},
{
"type": "vin",
"value": "sncnrkcldp"
}
]
},
{
"external_id": "license1",
"type": "LicenseNumber",
"properties": [
{
"type": "status",
"value": "Active"
},
{
"type": "number",
"value": "AX123456",
"metadata": {
"assurance_level": 3,
"source": "BRREG"
}
}
]
},
{
"external_id": "license2",
"type": "LicenseNumber",
"properties": [
{
"type": "status",
"value": "Active"
},
{
"type": "number",
"value": "OL123456",
"metadata": {
"assurance_level": 3,
"source": "BRREG"
}
}
]
},
{
"external_id": "license3",
"type": "LicenseNumber",
"properties": [
{
"type": "status",
"value": "Active"
},
{
"type": "number",
"value": "VN123456",
"metadata": {
"assurance_level": 3,
"source": "BRREG"
}
}
]
},
{
"external_id": "company1",
"type": "Company",
"properties": [
{
"type": "name",
"value": "Company1"
},
{
"type": "registration",
"value": "256314523"
}
]
},
{
"external_id": "company2",
"type": "Company",
"properties": [
{
"type": "name",
"value": "Company2"
},
{
"type": "registration",
"value": "942365123"
}
]
},
{
"external_id": "application1",
"type": "Application",
"properties": [
{
"type": "name",
"value": "Application"
}
]
},
{
"external_id": "application2",
"type": "Application",
"properties": [
{
"type": "name",
"value": "Application2"
}
]
}
]
}Step 1b
Capture relationships between nodes. Establishes OWNS, ACCEPTED, COVERS, HAS connections.
{
"relationships": [
{
"source": {
"external_id": "ryan",
"type": "Person"
},
"target": {
"external_id": "cb123",
"type": "PaymentMethod"
},
"type": "HAS"
},
{
"source": {
"external_id": "tilda",
"type": "Person"
},
"target": {
"external_id": "kl123",
"type": "PaymentMethod"
},
"type": "HAS"
},
{
"source": {
"external_id": "alice",
"type": "Person"
},
"target": {
"external_id": "cb123",
"type": "PaymentMethod"
},
"type": "HAS"
},
{
"source": {
"external_id": "ryan",
"type": "Person"
},
"target": {
"external_id": "ct123",
"type": "Contract"
},
"type": "ACCEPTED"
},
{
"source": {
"external_id": "tilda",
"type": "Person"
},
"target": {
"external_id": "ct234",
"type": "Contract"
},
"type": "ACCEPTED"
},
{
"source": {
"external_id": "alice",
"type": "Person"
},
"target": {
"external_id": "ct985",
"type": "Contract"
},
"type": "ACCEPTED"
},
{
"source": {
"external_id": "ct123",
"type": "Contract"
},
"target": {
"external_id": "car1",
"type": "Vehicle"
},
"type": "COVERS"
},
{
"source": {
"external_id": "ct985",
"type": "Contract"
},
"target": {
"external_id": "car1",
"type": "Vehicle"
},
"type": "COVERS"
},
{
"source": {
"external_id": "ct234",
"type": "Contract"
},
"target": {
"external_id": "truck1",
"type": "Vehicle"
},
"type": "COVERS"
},
{
"source": {
"external_id": "car1",
"type": "Vehicle"
},
"target": {
"external_id": "license1",
"type": "LicenseNumber"
},
"type": "HAS"
},
{
"source": {
"external_id": "truck1",
"type": "Vehicle"
},
"target": {
"external_id": "license2",
"type": "LicenseNumber"
},
"type": "HAS"
},
{
"source": {
"external_id": "car2",
"type": "Vehicle"
},
"target": {
"external_id": "license3",
"type": "LicenseNumber"
},
"type": "HAS"
},
{
"source": {
"external_id": "company1",
"type": "Company"
},
"target": {
"external_id": "car1",
"type": "Vehicle"
},
"type": "OWNS"
},
{
"source": {
"external_id": "company1",
"type": "Company"
},
"target": {
"external_id": "car2",
"type": "Vehicle"
},
"type": "OWNS"
},
{
"source": {
"external_id": "company1",
"type": "Company"
},
"target": {
"external_id": "truck1",
"type": "Vehicle"
},
"type": "OWNS"
},
{
"source": {
"external_id": "application1",
"type": "Application"
},
"target": {
"external_id": "company1",
"type": "Company"
},
"type": "HAS_AGREEMENT_WITH"
},
{
"source": {
"external_id": "application2",
"type": "Application"
},
"target": {
"external_id": "company1",
"type": "Company"
},
"type": "HAS_AGREEMENT_WITH"
}
]
}Step 2a
Policy JSON allowing _Application to create HAS_AGREEMENT_WITH relationships. The $_appId filter auto-matches the calling Application.
{
"meta": {
"policy_version": "1.0-ciq"
},
"subject": {
"type": "_Application"
},
"condition": {
"cypher": "MATCH (subject:_Application) MATCH (company:Company)-[r2:OWNS]->(vehicle:Vehicle)",
"filter": [
{
"operator": "AND",
"operands": [
{
"attribute": "subject.external_id",
"operator": "=",
"value": "$_appId"
},
{
"attribute": "company.external_id",
"operator": "=",
"value": "$companyID"
}
]
}
]
},
"allowed_upserts": {
"relationships": {
"relationship_types": [
{
"type": "HAS_AGREEMENT_WITH",
"source_node_label": "_Application",
"target_node_label": "Company"
}
]
}
},
"allowed_reads": {
"nodes": [
"company.*",
"subject.*"
]
}
}Step 2b
POST request to create the application linking policy.
{
"project_id": "your_project_gid",
"description": "description of policy",
"display_name": "policy name",
"name": "policy-name",
"policy": "{\"meta\":{\"policy_version\":\"1.0-ciq\"},\"subject\":{\"type\":\"_Application\"},\"condition\":{\"cypher\":\"MATCH (subject:_Application) MATCH (company:Company)-[r2:OWNS]->(vehicle:Vehicle)\",\"filter\":[{\"operator\":\"AND\",\"operands\":[{\"attribute\":\"subject.external_id\",\"operator\":\"=\",\"value\":\"$_appId\"},{\"attribute\":\"company.external_id\",\"operator\":\"=\",\"value\":\"$companyID\"}]}]},\"allowed_upserts\":{\"relationships\":{\"relationship_types\":[{\"type\":\"HAS_AGREEMENT_WITH\",\"source_node_label\":\"_Application\",\"target_node_label\":\"Company\"}]}},\"allowed_reads\":{\"nodes\":[\"company.*\",\"subject.*\"]}}",
"status": "ACTIVE",
"tags": []
}Step 2c
GET request to verify the policy was created successfully.
{
"id": "your_policy_configuration_gid"
}Step 3a
Write query JSON that creates the HAS_AGREEMENT_WITH relationship between _Application and a Company node.
{
"nodes": [
"subject.external_id"
],
"relationships": [
"r1"
],
"upsert_relationships": [
{
"name": "r1",
"source": "subject",
"target": "company",
"type": "HAS_AGREEMENT_WITH"
}
]
}Step 3b
POST request to create the application linking query.
{
"project_id": "your_project_gid",
"description": "description of knowledge query",
"display_name": "knowledge query name",
"name": "knowledge-query-name",
"policy_id": "your_policy_gid",
"query": "{\"nodes\":[\"subject.external_id\"],\"relationships\":[\"r1\"],\"upsert_relationships\":[{\"name\":\"r1\",\"source\":\"subject\",\"target\":\"company\",\"type\":\"HAS_AGREEMENT_WITH\"}]}",
"status": "ACTIVE"
}Step 3c
GET request to verify the query was created.
{
"id": "your_knowledge_query_configuration_gid"
}Step 4a
Execute the linking query. Creates _Application -[HAS_AGREEMENT_WITH]-> Company relationship in the graph.
{
"id": "ciq_query_gid",
"input_params": {
"companyID": "company1"
}
}Step 4b
Response confirming the relationship was created.
{
"data": [
{
"nodes": {
"subject.external_id": "application_external_id"
},
"relationships": {
"r1": {
"Id": 1152932499723124700,
"ElementId": "5:3a2b09d5-2923-45d7-8453-8b1c698427b0:1152932499723124736",
"StartId": 0,
"StartElementId": "4:3a2b09d5-2923-45d7-8453-8b1c698427b0:0",
"EndId": 15,
"EndElementId": "4:3a2b09d5-2923-45d7-8453-8b1c698427b0:15",
"Type": "HAS_AGREEMENT_WITH",
"Props": {
"create_time": "2025-06-09T15:12:46.374Z",
"id": "48BJHS2CTFKcVpD4cUF8IA",
"update_time": "2025-06-09T15:12:46.374Z"
}
}
}
},
{
"nodes": {
"subject.external_id": "application_external_id"
},
"relationships": {
"r1": {
"Id": 1152932499723124700,
"ElementId": "5:3a2b09d5-2923-45d7-8453-8b1c698427b0:1152932499723124736",
"StartId": 0,
"StartElementId": "4:3a2b09d5-2923-45d7-8453-8b1c698427b0:0",
"EndId": 15,
"EndElementId": "4:3a2b09d5-2923-45d7-8453-8b1c698427b0:15",
"Type": "HAS_AGREEMENT_WITH",
"Props": {
"create_time": "2025-06-09T15:12:46.374Z",
"id": "48BJHS2CTFKcVpD4cUF8IA",
"update_time": "2025-06-09T15:12:46.374Z"
}
}
}
},
{
"nodes": {
"subject.external_id": "application_external_id"
},
"relationships": {
"r1": {
"Id": 1152932499723124700,
"ElementId": "5:3a2b09d5-2923-45d7-8453-8b1c698427b0:1152932499723124736",
"StartId": 0,
"StartElementId": "4:3a2b09d5-2923-45d7-8453-8b1c698427b0:0",
"EndId": 15,
"EndElementId": "4:3a2b09d5-2923-45d7-8453-8b1c698427b0:15",
"Type": "HAS_AGREEMENT_WITH",
"Props": {
"create_time": "2025-06-09T15:12:46.374Z",
"id": "48BJHS2CTFKcVpD4cUF8IA",
"update_time": "2025-06-09T15:12:46.374Z"
}
}
}
}
]
}Step 5a
Policy JSON allowing _Application to READ PaymentMethod nodes through the relationship path: Application -> Company -> Vehicle -> Contract -> Person -> PaymentMethod.
{
"meta": {
"policy_version": "1.0-ciq"
},
"subject": {
"type": "_Application"
},
"condition": {
"cypher": "MATCH (subject:_Application)-[r1:HAS_AGREEMENT_WITH]->(company:Company)-[r2:OWNS]->(vehicle:Vehicle)-[r3:HAS]->(ln:LicenseNumber) MATCH (vehicle)<-[r4:COVERS]-(contract:Contract)<-[r5:ACCEPTED]-(person:Person)-[r6:HAS]->(pm:PaymentMethod)",
"filter": [
{
"attribute": "subject.external_id",
"operator": "=",
"value": "$_appId"
}
]
},
"allowed_reads": {
"nodes": [
"pm.property.*",
"person.property.*",
"vehicle.property.is_active"
],
"relationships": []
}
}Step 5b
POST request to create the payment read policy.
{
"project_id": "your_project_gid",
"description": "description of policy",
"display_name": "policy name",
"name": "policy-name",
"policy": "{\"meta\":{\"policy_version\":\"1.0-ciq\"},\"subject\":{\"type\":\"_Application\"},\"condition\":{\"cypher\":\"MATCH (subject:_Application)-[r1:HAS_AGREEMENT_WITH]->(company:Company)-[r2:OWNS]->(vehicle:Vehicle)-[r3:HAS]->(ln:LicenseNumber) MATCH (vehicle)<-[r4:COVERS]-(contract:Contract)<-[r5:ACCEPTED]-(person:Person)-[r6:HAS]->(pm:PaymentMethod)\",\"filter\":[{\"attribute\":\"subject.external_id\",\"operator\":\"=\",\"value\":\"$_appId\"}]},\"allowed_reads\":{\"nodes\":[\"pm.property.*\",\"person.property.*\",\"vehicle.property.is_active\"],\"relationships\":[]}}",
"status": "ACTIVE",
"tags": []
}Step 5b (Python)
Python SDK equivalent: Creates the payment read policy.
import http.client
conn = http.client.HTTPSConnection("eu.api.indykite.com")
payload = "{"description": "",
"display_name": "",
"name": "",
"policy": "",
"project_id": "",
"status": "ACTIVE",
"tags": [
""
]}"
headers = {
'Content-Type': "application/json",
'Authorization': "YOUR_SECRET_TOKEN"
}
conn.request("POST", "/configs/v1/authorization-policies", payload, headers)
res = conn.getresponse()
data = res.read()
Step 5c
GET request to verify the policy was created.
{
"id": "your_policy_configuration_gid"
}Step 5c (Python)
Python SDK equivalent: Reads the policy to verify creation.
import http.client
conn = http.client.HTTPSConnection("eu.api.indykite.com")
headers = { 'Authorization': "YOUR_SECRET_TOKEN" }
conn.request("GET", "/configs/v1/authorization-policies/{{id}}", headers=headers)
res = conn.getresponse()
data = res.read()
Step 6a
Query JSON that traverses the graph to retrieve PaymentMethod data for contracted users.
{
"nodes": [
"vehicle.property.is_active",
"person.property.email",
"pm.property.payment_name"
]
}Step 6b
POST request to create the payment query.
{
"project_id": "your_project_gid",
"description": "description of knowledge query",
"display_name": "knowledge query name",
"name": "knowledge-query-name",
"policy_id": "your_policy_gid",
"query": "{\"nodes\":[\"vehicle.property.is_active\",\"person.property.email\",\"pm.property.payment_name\"]}",
"status": "ACTIVE"
}Step 6b (Python)
Python SDK equivalent: Creates the payment query.
import http.client
conn = http.client.HTTPSConnection("eu.api.indykite.com")
payload = "{"description": "",
"display_name": "",
"name": "",
"policy_id": "",
"project_id": "",
"query": "",
"status": "ACTIVE"}"
headers = {
'Content-Type': "application/json",
'Authorization': "YOUR_SECRET_TOKEN"
}
conn.request("POST", "/configs/v1/knowledge-queries", payload, headers)
res = conn.getresponse()
data = res.read()
Step 6c
GET request to verify the query was created.
{
"id": "your_knowledge_query_configuration_gid"
}Step 7a
Execute the payment query to retrieve authorized payment method data.
{
"id": "knowledge_query_gid",
"input_params": {}
}Step 7b
Response containing payment method data for people with active vehicle contracts.
{
"data": [
{
"nodes": {
"person.property.email": "alice@email.com",
"pm.property.payment_name": "Credit Card",
"vehicle.property.is_active": true
}
},
{
"nodes": {
"person.property.email": "ryan@yahoo.co.uk",
"pm.property.payment_name": "Credit Card",
"vehicle.property.is_active": true
}
},
{
"nodes": {
"person.property.email": "tilda@yahoo.co.uk",
"pm.property.payment_name": "Klarna",
"vehicle.property.is_active": true
}
}
]
}Step 7a (Python)
Python SDK equivalent: Executes the payment query.
import http.client
conn = http.client.HTTPSConnection("eu.api.indykite.com")
payload = "{"id": "knowledge_query_gid",
"input_params": {"ln_number": "AX123456","app_external_id": "application1"}
}"
headers = {
'Content-Type': "application/json",
'Authorization': "YOUR_SECRET_TOKEN"
}
conn.request("POST", "/contx-iq/v1/execute", payload, headers)
res = conn.getresponse()
data = res.read()
Step 8a
DELETE request to remove the knowledge queries.
{
"id": "your_knowledge_query_configuration_gid"
}Step 8a (Python)
Python SDK equivalent: Deletes the queries.
import http.client
conn = http.client.HTTPSConnection("eu.api.indykite.com)
headers = { 'Authorization': "Bearer ..." }
conn.request("DELETE", "/configs/v1/knowledge-queries/{id}", headers=headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))
Step 8b
DELETE request to remove the authorization policies.
{
"id": "your_policy_configuration_gid"
}Step 8b (Python)
Python SDK equivalent: Deletes the policies.
import http.client
conn = http.client.HTTPSConnection("eu.api.indykite.com")
headers = { 'Authorization': "Bearer ...", 'Content-Type': "application/json" }
conn.request("DELETE", "/configs/v1/authorization-policies/{id}", headers=headers)
res = conn.getresponse()
data = res.read()
API Endpoints
/capture/v1/nodes /capture/v1/relationships /configs/v1/authorization-policies /configs/v1/knowledge-queries /contx-iq/v1/execute