Documentation

Unauthenticated Traffic

Suggest Edits

Depending on your application workflow you might require getting a decision for an session when you do not currently have an account_id either because you don't have a signup flow or the user hasn't signed in/up yet.

You can get the status of a session_id by calling /session/unauthenticated endpoint. Unauthenticated endpoint returns the same API response as the authenticated endpoint without the account information. The key difference between the two endpoints is that the Authenticated endpoint requires you to pass in an account_id that will then be linked to the session.

While the Unauthenticated endpoint is required for some use cases, it is recommended to authenticate as many sessions as possible in order to receive the highest accuracy results. Key components of the Verisoul platform like mutli-accounting, cross-session scoring and anomaly/velocity detection only work when there are authenticated sessions.


Call Unauthenticated Endpoint

  1. Pass the session_id from the client side to your backend.
  2. Call POST /session/unauthenticated with the session_id as the only body param
    1. (Optional): Include the Session Detail and Accounts Linked query params to receive more information from the API response. See API reference for details.
  3. (Optional): Later in your application workflow authenticate the session_id or call unauthenticated again to get the most up to date information.

Example Response

{
  "project_id": "00000000-0000-0000-0000-000000000001",
  "session_id": "2a72f3a7-e885-4826-8461-b1263b02f629",
  "request_id": "67edeafc-43d5-4021-a05c-1941cb17fce6",
  "decision": "Fake",
  "account_score": 0.8201,
  "bot": 0.0321,
  "multiple_accounts": 1.0000,
  "risk_signals": 0.1600,
  "accounts_linked": 5,
  "lists": []
}

Explanation of API Results

The session is treated as if it was a brand new account login in for the first time with a random account_id. By using this framework, we are still able to return multi-accounting scores and an account scores just from a single session. Authenticated sessions can impact the responses from unauthenticated sessions but not the other way around. No comparison is done across multiple unauthenticated sessions.

Updated about 1 month ago