Authenticate Endpoint
Get risk decisions for authenticated users with account context
The Authenticate endpoint is the core of Verisoul’s fraud prevention system. It allows your backend to verify the risk level of a user session and make informed decisions about allowing or blocking actions when a user is authenticated or associated with an account.
Overview
The Authenticate endpoint provides comprehensive risk assessment by combining session signals with account-specific intelligence. This makes it the most powerful option for protecting user accounts, sensitive actions, and high-value transactions.
When to Use Authenticate
Use the Authenticate endpoint when a session is associated with a user account. This is ideal for:
- User login flows - Verify risk before completing authentication
- Account creation - Assess risk before finalizing new account registration
- High-value transactions - Validate sessions before processing payments, withdrawals, redemptions, etc.
- Account modifications - Check risk before allowing password changes or profile updates
- Sensitive data access - Verify session legitimacy before granting access to protected information
To avoid false positives, do not authenticate sessions that have been impersonated or are from your internal team members. Authenticating these sessions can result in legitimate accounts being incorrectly flagged for multi-accounting.
Required Parameters
| Parameter | Type | Description |
|---|---|---|
session_id | string | The Verisoul session ID obtained from the client SDK |
account | object | A valid Verisoul account object |
Account Object
The account object is a JSON object that contains the following fields:
| Parameter | Required | Type | Description |
|---|---|---|---|
id | Yes | string | Your internal user/account identifier |
email | No | string | User’s email address for reputation checks |
phone | No | string | User’s phone number in E.164 format (e.g., +12125551234) |
metadata | No | object | Additional context about the user or session |
Benefits of Authenticate
- Comprehensive account assessment - Get risk scores for both the current session and the account overall
- Account intelligence - Leverage email and phone reputation data
- List integration - Automatically apply your allow/block lists to decisions
- Historical context - Build risk profiles across multiple sessions for the same account
Next Steps
- Learn about the Unauthenticated endpoint
- Authenticate Reference
- Explore Lists for managing allow and block lists
- See the Example Apps for a complete implementation