Skip to main content
The Authenticate endpoint is the core of Verisoul’s fraud prevention system. It allows your backend to verify the risk level of a user session and make informed decisions about allowing or blocking actions when a user is authenticated or associated with an account.

Overview

The Authenticate endpoint provides comprehensive risk assessment by combining session signals with account-specific intelligence. This makes it the most powerful option for protecting user accounts, sensitive actions, and high-value transactions. 
POST https://api.prod.verisoul.ai/session/authenticate

When to Use Authenticate

Use the Authenticate endpoint when a session is associated with a user account. This is ideal for:
  • User login flows - Verify risk before completing authentication
  • Account creation - Assess risk before finalizing new account registration
  • High-value transactions - Validate sessions before processing payments, withdrawals, redemptions, etc.
  • Account modifications - Check risk before allowing password changes or profile updates
  • Sensitive data access - Verify session legitimacy before granting access to protected information
To avoid false positives, do not authenticate sessions that have been impersonated or are from your internal team members. Authenticating these sessions can result in legitimate accounts being incorrectly flagged for multi-accounting.

Required Parameters

ParameterTypeDescription
session_idstringThe Verisoul session ID obtained from the client SDK
accountobjectA valid Verisoul account object

Account Object

The account object is a JSON object that contains the following fields:
ParameterRequiredTypeDescription
idYesstringYour internal user/account identifier
emailNostringUser’s email address for reputation checks
phoneNostringUser’s phone number in E.164 format (e.g., +12125551234)
metadataNoobjectAdditional context about the user or session
listsNoarrayArray of list names to add the account to during authentication. Lists will be automatically created if they don’t exist.

Example Request

{
  "account": {
    "id": "niel-test-08-11-2025",
    "email": "niel30@beeble.com",
    "lists": ["custom-list", "allow"]
  },
  "session_id": "1de8604b-0c42-41f0-a11c-f26426522d42"
}
Lists will be automatically created if they don’t exist. Use good naming conventions: lowercase with dashes or underscores, avoiding special characters or whitespace (e.g., high-risk-users, beta_testers).

Benefits of Authenticate

  • Comprehensive account assessment - Get risk scores for both the current session and the account overall
  • Account intelligence - Leverage email and phone reputation data
  • List integration - Automatically apply your allow/block lists to decisions
  • Historical context - Build risk profiles across multiple sessions for the same account

Next Steps

I