Documentation

Authenticate Session

Suggest Edits

When your application is ready to receive a response from Verisoul, it must pass the the session_id from the client to the server to authenticate the session. Authenticating a session can be done by calling POST /session/authenticate.

Tie Session to an Account

When you call /session/authenticate pass three items so Verisoul knows which account a session belongs to:

  1. session_id: unique session identifier passed from client
  2. account: the account object for which the session belongs to
    1. (Optional) Pass other identifiers that you want Verisoul to analyze. See the full object definition here.
      1. If you want Verisoul to run email intelligence AI on your accounts, make sure to pass the email in the object. It must be sent in addition to the account_id, even if the account_id is the email.
      2. If you want to pass along any contextual metadata about the account you can do that as well

The API returns an account decision, which can be used to action an account.

{
  "project_id": "00000000-0000-0000-0000-000000000001",
  "session_id": "2a72f3a7-e885-4826-8461-b1263b02f629",
  "account_id": "abc123",
  "request_id": "67edeafc-43d5-4021-a05c-1941cb17fce6",
  "decision": "Fake",
  "account_score": 0.8201,
  "bot": 0.0321,
  "multiple_accounts": 1.0000,
  "risk_signals": 0.1600,
  "accounts_linked": 5,
  "lists": []
}

In the example above, the account abc123 is being flagged as Fake because Verisoul caught its device creating multiple accounts.

📘

If you have previously done the pilot integration you'll need to remove Verisoul.account()

Further Detail

In some cases you may need more granular data about the account or session in order to properly action an account.

Simply pass a query param in the /session/authenticate request in order to have the response include more account detail and/or more session detail.

For an example of those responses see the POST /session/authenticate.

Session ID Lifecycle

  • Session IDs expire after 24 hours if they are not predicted on. To receive data about a session, you must call /session/authenticate or the unauthenticated endpoint within 24 hours.
  • Once a session has been predicted, you may retrieve results beyond the initial 24 hour expiration window.

Don't have an account_id?

See our documentation on unauthenticated traffic for getting a decision without needing to tie a session to an account.

Updated 6 days ago