Bot Detection

Prove Bot Detection solution

Prove Bot Detection helps businesses tell real humans apart from malicious bots in real time, before fraud happens. It passively verifies whether a phone is truly tied to a human device, not a virtual machine, emulator, or IoT SIM. By analyzing phone reputation, activity patterns, and Prove’s proprietary device intelligence, we can flag suspicious automation instantly, without adding friction for legitimate customers.

The following endpoints apply to this flow:

/verify

Implementation steps

Gather Required Inputs

Collect the phone number from your CRM or database.

Call the Verify Endpoint

Make a request to the /v3/verify endpoint including the Authorization header. Generate a bearer token as outlined on the Authentication page.

cURL

curl -X POST "https://platform.uat.proveapis.com/v3/verify" \
-H "Authorization: Bearer <YOUR_ACCESS_TOKEN>" \
-H "Content-Type: application/json" \
-d '{
    "phoneNumber": "2001004051",
    "verificationType": "bot",
    "clientRequestId": "5454545",
    "clientHumanId": "343434",
    "clientCustomerId": "34343465656456"
}'

Include the following required parameters:

phoneNumber: the phone number of the customer.
verificationType: the type of verification. Set this value to bot.

The optional parameters you can also send in the request body include:

clientRequestId: client-generated unique ID for a specific session. Use this to identify specific requests.
emailAddress: the email address of the customer.

ipAddress: the IP address of the customer’s device.

userAgent: the user agent of the customer.

clientCustomerId: the client-generated unique ID for a specific customer. Use this to link calls related to the same customer, across different requests or sessions.

clientHumanId: a client-generated unique ID for a consumer across business lines.

proveId: the Prove ID associated with the customer, if known.

Process the Response

The response includes comprehensive identity information and verification results:

Example Response

{
    "success": "true",
    "correlationId": "a87b452e-1935-4f0f-a54b-fad569212b1a",
    "clientRequestId": "",
    "clientCustomerId": "34343465656456",
    "clientHumanId": "343434",
    "phoneNumber": "2001004051",
    "proveId": "e67223a6-ef6b-4db9-ab56-29f1357a23d1",
    "provePhoneAlias": "9530c146-7f44-450e-a9c1-b13822df2fc3",
    "identity": {
        "assuranceLevel": "AL1",
        "reasons": [
            "AL1a"
        ]
    },
    "evaluation": {
        "authentication": {
            "result": "pass"
        },
        "risk": {
            "result": "pass"
        }
    }
}

success: the result of the verification.
correlationId: the unique ID that Prove generates for the flow.
clientRequestId: the client-generated unique ID for a specific session, provided in the request.
phoneNumber: the phone number provided in the request.
proveId: the unique Prove-assigned ID tied to the consumer.
provePhoneAlias: the unique Prove-assigned ID tied to the phone number.
identity: the verified identity information. This object has:
- assuranceLevel: the confidence level (AL-1, AL0, AL1).
- reasons: array of reasons for the assigned assurance level. Refer to the Assurance Levels documentation for more details.
evaluation: object containing the results of the authentication and risk evaluations. Refer to the Global Fraud Policy for more details.

Optional parameters that may also return in the response if sent in the request:

clientCustomerId: the client-generated unique ID for a specific customer.
clientHumanId: a client-generated unique ID for a consumer across business lines.

Best Practices

Check the success field to handle different verification outcomes appropriately.
Save the proveId and correlationId for future reference and to enable cross-domain linking if needed.
Use assurance levels to implement adaptive security policies based on transaction risk.

Sandbox testing

Test users

You must use Bot Detection project credentials when working with Bot Detection sandbox test users. Attempting to use these test users with different project credentials results in an unauthorized access error.

The following test users are available for testing Bot Detection using the /v3/verify endpoint in the Sandbox environment. Use these test users to simulate different verification scenarios and outcomes.

Phone Number	First Name	Last Name	Verification Type	Expected Outcome
`2001004051`	Ewen	Brimilcome	`bot`	Success
`2001004052`	Hilary	Kumaar	`bot`	Failed

Use these test phone numbers exactly as shown. The sandbox environment doesn’t validate real customer information.

Testing steps

Ewen
Hilary

Use test user Ewen Brimilcome to verify a successful verification:

curl -X POST "https://platform.uat.proveapis.com/v3/verify" \
  -H "Authorization: Bearer <YOUR_ACCESS_TOKEN>" \
  -H "Content-Type: application/json" \
  -d '{
    "verificationType": "bot",
    "phoneNumber": "2001004051"
  }'

Use test user Hilary Kumaar to simulate a failed verification:

curl -X POST "https://platform.uat.proveapis.com/v3/verify" \
  -H "Authorization: Bearer <YOUR_ACCESS_TOKEN>" \
  -H "Content-Type: application/json" \
  -d '{
    "verificationType": "bot",
    "phoneNumber": "2001004052",
    "clientRequestId": "5454545",
    "clientCustomerId": "34343465656456",
    "clientHumanId": "343434"
  }'

​Prove Bot Detection solution

​Implementation steps

​Sandbox testing

​Test users

​Testing steps

Prove Bot Detection solution

Implementation steps

Sandbox testing

Test users

Testing steps