Decision & Scores

Once you have a Verisoul session ID from a client SDK, you can pass this session ID to Verisoul’s API to get decision. This guide explains how to use Verisoul’s decision endpoints effectively.

​

Choosing the Right Endpoint

Verisoul provides two endpoints for obtaining risk decisions, each designed for specific scenarios:

• Authenticate - For sessions associated with user accounts
• Unauthenticated - For sessions without user accounts

Both endpoints require a session ID but serve different purposes in your application’s security flow.

​

When to Use Authenticate

Use the Authenticate endpoint when a session is associated with a user account. This provides the most comprehensive risk assessment by combining session signals with account-specific intelligence.

Common use cases:

• User login flows - Verify risk before completing authentication
• Account creation - Assess risk before finalizing new account registration
• High-value transactions - Validate sessions before processing payments
• Account modifications - Check risk before allowing password changes or profile updates
• Sensitive data access - Verify session legitimacy before granting access to protected information

Learn more about the Authenticate endpoint →

​

When to Use Unauthenticated

Use the Unauthenticated endpoint for sessions where users haven’t logged in or created accounts.

Common use cases:

• Public page protection - Monitor and control access to marketing pages, pricing information, etc.
• Pre-authentication flows - Assess risk before users reach login or registration forms
• Content scraping prevention - Identify and block automated scraping attempts
• Bot mitigation - Detect and manage bot traffic across your public-facing assets
• Early funnel protection - Apply basic security measures before users authenticate

Learn more about the Unauthenticated endpoint →

​

Endpoint Comparison

​

Next Steps

• Explore Lists for managing allow and block lists
• See the Example Apps for a complete implementation