Backend
Unauthenticated Endpoint
Get risk decisions for unauthenticated sessions and public traffic
The Unauthenticated endpoint provides risk decisions for sessions that aren’t (or aren’t yet) associated with user accounts. This endpoint is designed to help you protect public-facing assets and pre-authentication flows.
Overview
The Unauthenticated endpoint analyzes session signals to determine risk without requiring account information. This makes it ideal for protecting public pages, detecting bots, and preventing abuse before users authenticate.
When to Use Unauthenticated
Use the Unauthenticated endpoint for sessions where users haven’t logged in or created accounts. This is ideal for:
- Public page protection - Monitor and control access to marketing pages, pricing information, etc.
- Pre-authentication flows - Assess risk before users reach login or registration forms
- Content scraping prevention - Identify and block automated scraping attempts
- Public facing bot mitigation - Detect and manage bot traffic across your public-facing assets
- Early funnel protection - Apply basic security measures before users authenticate
Required Parameters
Parameter | Type | Description |
---|---|---|
session_id | string | The Verisoul session ID obtained from the client SDK |
Benefits of Unauthenticated
- Early protection - Detect and mitigate threats before authentication
- Bot detection - Identify automated traffic and scraping attempts
- Reduced friction - Apply security measures without requiring user accounts
- Public asset protection - Secure marketing pages, documentation, and other public resources
Next Steps
- Learn about the Authenticate endpoint
- Unauthenticated Reference
- See the Example Apps for a complete implementation