Skip to main content
1

Complete Step 2: Authentication

Begin by implementing Step 2: Authentication to authenticate the user’s device. This step is crucial as it establishes a trusted connection between the user and their phone number, which is the foundation for the Bot Detection solution.Flowchart showing the authentication checklist for Prove Bot Detection
This step must be complete before proceeding with Bot Detection.
2

Gather Required Inputs

Collect the phone number from your CRM or database.
3

Call the Verify Endpoint

Make a request to the /v3/verify endpoint including the Authorization header. Generate a bearer token as outlined on the Authentication page.
cURL
curl -X POST "https://platform.uat.proveapis.com/v3/verify" \
-H "Authorization: Bearer <YOUR_ACCESS_TOKEN>" \
-H "Content-Type: application/json" \
-d '{
    "verificationType": "bot",
    "phoneNumber": "2001004051",
    "clientRequestId": "test-001"
}'
Include the following required parameters:
  • phoneNumber: the phone number of the customer.
  • verificationType: the type of verification to be performed. Set this value to bot.
  • clientRequestId: client-generated unique ID for a specific session. This can be used to identify specific requests.
Always provide unique clientRequestId values for each request to enable proper tracking and troubleshooting.
The optional parameters you can also send in the request body include:
  • emailAddress: the email address of the customer.
  • ipAddress: the IP address of the customer’s device.
  • userAgent: the user agent of the customer.
  • clientCustomerId: the client-generated unique ID for a specific customer. This can be used by clients to link calls related to the same customer, across different requests or sessions.
  • clientHumanId: a client-generated unique ID for a consumer across business lines.
  • proveId: the Prove ID associated with the customer, if known.
4

Process the Response

The response includes comprehensive identity information and verification results:
Example Response
{
    "success": "true",
    "correlationId": "b6b35b89-e5e9-428c-b3a2-ceca0f880f45",
    "clientRequestId": "test-001",
    "phoneNumber": "2001004051",
    "proveId": "7fe34f25-4c71-4589-8330-0bf265374528",
    "provePhoneAlias": "01584404-39e9-48db-9b3a-360f9ca4935d",
    "identity": {
        "assuranceLevel": "AL1",
        "reasons": [
            "AL1a"
        ]
    },
    "evaluation": {
        "authentication": {
            "result": "pass"
        },
        "risk": {
            "result": "pass"
        }
    }
}
  • success: the result of the verification.
  • correlationId: the unique ID that Prove generates for the flow.
  • clientRequestId: the client-generated unique ID for a specific session, provided in the request.
  • phoneNumber: the phone number provided in the request.
  • proveId: the unique Prove-assigned ID tied to the consumer.
  • provePhoneAlias: the unique Prove-assigned ID tied to the phone number.
  • identity: the verified identity information. This object contains:
  • evaluation: object containing the results of the authentication and risk evaluations. Refer to the Global Fraud Policy for more details.
Optional parameters that may also be included in the response if they were provided in the request:
  • clientCustomerId: the client-generated unique ID for a specific customer.
  • clientHumanId: a client-generated unique ID for a consumer across business lines.
Best Practices
  • Check the success field to handle different verification outcomes appropriately.
  • Save the proveId and correlationId for future reference and to enable cross-domain linking if needed.
  • Use assurance levels to implement adaptive security policies based on transaction risk.

Sandbox testing

Test users

Bot Detection sandbox test users can only be used with Bot Detection project credentials. Attempting to use these test users with different project credentials will result in an unauthorized access error.
The following test users are available for testing Bot Detection using the /v3/verify endpoint in the Sandbox environment. Use these test users to simulate different verification scenarios and outcomes.
Phone NumberFirst NameLast NameVerification TypeExpected Outcome
2001004051EwenBrimilcomebotSuccess
2001004052HilaryKumaarbotFailed
Use these test phone numbers exactly as shown. The sandbox environment doesn’t validate real customer information.

Testing steps

Use test user Ewen Brimilcome to verify a successful verification:
cURL
curl -X POST "https://platform.uat.proveapis.com/v3/verify" \
  -H "Authorization: Bearer <YOUR_ACCESS_TOKEN>" \
  -H "Content-Type: application/json" \
  -d '{
    "verificationType": "bot",
    "phoneNumber": "2001004051",
    "clientRequestId": "test-001"
  }'
Expected response:
{
    "success": "true",
    "correlationId": "e4f4e229-ce65-4b43-bdb4-551556b3b68a",
    "clientRequestId": "test-001",
    "phoneNumber": "2001004051",
    "assuranceLevel": "AL1",
    "clientCustomerId": "test-customer-001",
    "proveId": "b7e54823-0068-4e23-9e07-60d382518bcf",
    "provePhoneAlias": "4B2C41FC4VKDEO100F960011D0AD4A8050MEK19P4SF9PD23EFE27CD2C76A6FAA8375E60AC0550604F6G32D9ED60E06262CCC570F3C15F2D16900184E",
    "identity": {},
    "evaluation": {
        "authentication": {
            "result": "pass"
        },
        "risk": {
            "result": "pass"
        }
    }
}