Prove Identity Sandbox Testing
Learn more about simulating the Prove Identity flow using the Sandbox environment
When you interact with the Sandbox environment, you’ll be able to use test users to simulate different behaviors. Simulate the possession checks using the client-side SDK.
The testing environment doesn’t send text messages or validate real customer information.
If an unexpected code is returned, reference the Error and Status Codes page.
sandbox test users can only be used with project credentials. Attempting to use these test users with different project credentials will result in an unauthorized access error.
Test Users List
Short-Term Test User
Use this test user when performing initial testing with cURL or Postman. This test user skips the client-side SDK authentication to walk you through the sequence of API calls.
| Phone Number | First Name | Last Name | Address | City | State | Zip | Date of Birth | Social Security Number | |
|---|---|---|---|---|---|---|---|---|---|
| 2001001695 | Milo | Pinson | 6377 Birchwood Hill | Littleton | CO | 80161-2001 | 1/17/1981 | 847350596 | mpinsonm@dyndns.org |
After initial short-term testing, implement the client-side SDK and use the remaining test users to test your implementation.
Prove Pre-Fill Test Users
Use the following list of test users to test Pre-Fill. Review the Testing Steps below for expected behavior per step.
| Phone Number | First Name | Last Name | Address | City | State | Zip | Date of Birth | Social Security Number | |
|---|---|---|---|---|---|---|---|---|---|
| 2001001693 | Marcia | Longo | 00 Mallard Park | New Orleans | LA | 70165 | 7/19/1982 | 470806227 | mlongok@amazonaws.com |
| 2001001688 | Nevin | Chattey | 9398 Scott Plaza | Austin | TX | 78744 | 3/20/1980 | 542742985 | nchatteyf@techcrunch.com |
| 2001001687 | Agretha | Chene | 4861 Jay Junction | Boston | MS | 02208 | 12/29/1994 | 369956933 | achenee@printfriendly.com |
Mobile Auth Test Users
Use the following list of test users to test Pre-Fill with the Mobile Auth add-on. Review the Testing Steps below for expected behavior per step.
| Phone Number | First Name | Last Name | Address | City | State | Zip | Date of Birth | Social Security Number | |
|---|---|---|---|---|---|---|---|---|---|
| 5550000000 | Cathee | Simmonett | 49 Moulton Plaza | Athens | GA | 30610 | 10/6/1962 | 771240999 | csimmonettj@toplist.cz |
| 5555555555 | Van | Moors | 9 Prairie Rose Court | Columbus | MS | 39705 | 1/7/1976 | 409890062 | vmoorsd@rakuten.co.jp |
| 2001004030 | Madelon | Giberd | 71 Walton Trail 33 Park Meadow Crossing | Memphis Colorado Springs | TN CO | 38150 80940 | 6/20/1970 | 669871372 | mgiberdu@admin.ch |
KYC Test Users
You can test Know Your Customer (KYC) and CIP functionality with the following test users. This applies if you purchased the KYC add-on. Review the Testing Steps below for expected behavior per step
| Phone Number | First Name | Last Name | Address | City | State | Zip | Date of Birth | Social Security Number | |
|---|---|---|---|---|---|---|---|---|---|
| 2001004004 | Johnnie | Lammiman | 0571 Gale Court | White Plains | NY | 10633 | 12/08/1977 | 111258802 | jlammiman4@xinhuanet.co |
| 2001004001 | Sebastian | Limmer | 2302 Ronald Regan Park | Dayton | OH | 45470 | 12/23/1977 | 347465324 | slimmer1@canalblog.com |
| 2001004002 | Leena | Tomashov | 4984 Sage Hill | Saint Louis | MO | 63104 | 5/13/1965 | 115925498 | ltomashov2@joomla.org |
Testing Steps
Now that you’ve done client-side, server-side, and CX implementation, follow the step-by-step instructions to test each test user and ensure your implementation follows expected behavior.
Follow the steps below to test the Prove Pre-Fill flow with Marcia Longo. This user will pass the entire Pre-Fill flow and return success=true in the /complete response.
Prompt Customer
Start the onboarding flow on the initial screen and enter the PII for Marcia Longo.
Initiate Start Request
Your front end will send this data to the back end. Your back end will then send the phone number, flow type, and challenge to the /start endpoint. The response will provide an auth token, correlation ID, and the next endpoint to call.
The final target URL must be sent if performing a desktop flow.
Send Auth Token to the Front End
Your back end will send the authToken to the front end SDK to do the possession handling.
The front end will run OTP handling. You will see the following page. Use 1234 to simulate a successful OTP.
The front end will run OTP handling. You will see the following page. Use 1234 to simulate a successful OTP.
The front end will run Instant Link handling. You will see the following page until the authentication is simulated.
Verify Mobile Number
Once the front end finishes the possession check, the back end calls the /validate endpoint with the correlation ID to authenticate the trustworthiness of the phone number.
The response provides:
challengeMissing=falsedue to passing the challenge into the /start call.success=truephoneNumberthat was initially passed./v3/challengeas the next endpoint to call.
The back end will then call the /challenge endpoint with the correlation ID. The response will provide PII for Marcia, "success": true, and the next endpoint to call.
Review PII
You will see the following page. The form will be prefilled with the PII returned from the /challenge endpoint. Confirm the provided information without editing it. The back end will then call the /complete endpoint with the correlation ID and you will have a successful flow. Send the user on through your onboarding flow.
Follow the steps below to test the Prove Pre-Fill flow with Marcia Longo. This user will pass the entire Pre-Fill flow and return success=true in the /complete response.
Prompt Customer
Start the onboarding flow on the initial screen and enter the PII for Marcia Longo.
Initiate Start Request
Your front end will send this data to the back end. Your back end will then send the phone number, flow type, and challenge to the /start endpoint. The response will provide an auth token, correlation ID, and the next endpoint to call.
The final target URL must be sent if performing a desktop flow.
Send Auth Token to the Front End
Your back end will send the authToken to the front end SDK to do the possession handling.
The front end will run OTP handling. You will see the following page. Use 1234 to simulate a successful OTP.
The front end will run OTP handling. You will see the following page. Use 1234 to simulate a successful OTP.
The front end will run Instant Link handling. You will see the following page until the authentication is simulated.
Verify Mobile Number
Once the front end finishes the possession check, the back end calls the /validate endpoint with the correlation ID to authenticate the trustworthiness of the phone number.
The response provides:
challengeMissing=falsedue to passing the challenge into the /start call.success=truephoneNumberthat was initially passed./v3/challengeas the next endpoint to call.
The back end will then call the /challenge endpoint with the correlation ID. The response will provide PII for Marcia, "success": true, and the next endpoint to call.
Review PII
You will see the following page. The form will be prefilled with the PII returned from the /challenge endpoint. Confirm the provided information without editing it. The back end will then call the /complete endpoint with the correlation ID and you will have a successful flow. Send the user on through your onboarding flow.
Follow the steps below to test the Prove Pre-Fill flow with Agretha Chene. This user falls out of the Pre-Fill flow at the Validate step and returns success=false in the /validate response.
Prompt Customer
Start the onboarding flow on the initial screen and enter the PII for Agretha Chene.
Initiate Start Request
Your front end will send this data to the back end. Your back end will then send the phone number, flow type, and challenge to the /start endpoint. The response will provide an auth token, correlation ID, and the next endpoint to call.
The final target URL must be sent if performing a desktop flow.
Send Auth Token to the Front End
Your back end will send the authToken to the front end SDK to do the possession handling.
The front end will run OTP handling. You will see the following page. Use 1234 to simulate a succesful OTP. Agretha will fail the authentication due to risk - results are returned in the next step.
The front end will run OTP handling. You will see the following page. Use 1234 to simulate a succesful OTP. Agretha will fail the authentication due to risk - results are returned in the next step.
The front end will run Instant Link handling. You will see the following page until the authentication is simulated.
Verify Mobile Number
Once the front end finishes the possession check, the back end calls the /validate endpoint with the correlation ID to authenticate the trustworthiness of the phone number.
This user fails /validate.
The Prove flow is terminated. The front end should proceed to an alternative authentication method.
Follow the steps below to test the Prove Pre-Fill flow with Nevin Chattey. This user falls out of the Pre-Fill flow at the Validate step and returns success=false in the /validate response.
Prompt Customer
Start the onboarding flow on the initial screen and enter the PII for Nevin Chattey.
Initiate Start Request
Your front end will send this data to the back end. Your back end will then send the phone number, flow type, and challenge to the /start endpoint. The response will provide an auth token, correlation ID, and the next endpoint to call.
The final target URL must be sent if performing a desktop flow.
Send Auth Token to the Front End
Your back end will send the authToken to the front end SDK to do the possession handling.
The front end will run OTP handling. You will see the following page. Enter any number in the front end. Nevin will fail the authentication regardless of the number entered - results are returned in the next step.
The front end will run OTP handling. You will see the following page. Enter any number in the front end. Nevin will fail the authentication regardless of the number entered - results are returned in the next step.
The front end will run Instant Link handling. You will see the following page until the authentication is simulated.
Verify Mobile Number
Once the front end finishes the possession check, the back end calls the /validate endpoint with the correlation ID to authenticate the trustworthiness of the phone number.
This user fails /validate.
The Prove flow is terminated. The front end should proceed to an alternative authentication method.
Follow the steps below to test the Prove Pre-Fill flow with Mobile Auth add-on for Cathee Simmonett. This user will fail Mobile Auth on mobile but pass the OTP. This user will pass the entire Pre-Fill flow and return success=true in the /complete response.
Begin Application
Start the onboarding flow on the initial screen. The customer will be prompted to accept the terms and conditions.
Initiate Start Request
Cathee’s phone number needs to be passed into Start() due to Sandbox limitations. However, in Production the customers phone number does not need to be passed into Start() when Mobile Auth is enabled. The client-side SDK will prompt for phone number only if Mobile Auth fails.
Your front end will send data to the back end. Your back end will then send the phone number and flow type to the /start endpoint. The response will provide an auth token, correlation ID, and the next endpoint to call.
The final target URL must be sent if performing a desktop flow.
Send Auth Token to the Front End
Your back end will send the authToken to the front end SDK to do the possession handling.
The system fails Mobile Auth and the client-side SDK prompts for the phone number.
The front end will then run OTP handling. You will see the following page. Use 1234 to simulate a successful OTP.
The system fails Mobile Auth and the client-side SDK prompts for the phone number.
The front end will then run OTP handling. You will see the following page. Use 1234 to simulate a successful OTP.
The front end will run Instant Link handling. You will see the following page until the authentication is simulated.
Verify Mobile Number
Once the front end finishes the possession check, the back end calls the /validate endpoint with the correlation ID to authenticate the trustworthiness of the phone number. The response provides:
challengeMissing=truesince you did not enter challenge data into the /start call.success=truephoneNumberthat was initially passed./v3/challengeas the next endpoint to call.
Prompt for Challenge Data
The front end will prompt the user with this screen. Enter the PII for Cathee Simmonett. This screen will look different depending on what challenge data you want to receive.
The back end will then call the /challenge endpoint with the correlation ID and challenge data. The response will provide PII for Cathee, "success": true, and the next endpoint to call.
Review PII
You will see the following page. The form will be prefilled with the PII returned from the /challenge endpoint. Confirm the provided information. The back end will then call the /complete endpoint with the correlation ID and you will have a successful flow.
Follow the steps below to test the Prove Pre-Fill flow with Mobile Auth add-on for Van Moors. This user will pass Mobile Auth on mobile. He will pass the entire Pre-Fill flow and return success=true in the /complete response.
Begin Application
Start the onboarding flow on the initial screen. The customer will be prompted to accept the terms and conditions.
Initiate Start Request
Your front end will send data to the back end. Your back end will send an empty phone number and the flow type to the /start endpoint. The response will provide an auth token, correlation ID, and the next endpoint to call.
The final target URL must be sent if performing a desktop flow.
Send Auth Token to the Front End
Your back end will send the authToken to the front end SDK to do the possession handling.
This user passes Mobile Auth.
This user passes Mobile Auth.
If on desktop, the system fails Mobile Auth and the client-side SDK prompts for the phone number.
The front end will then run Instant Link handling. You will see the following page until the authentication is simulated.
Verify Mobile Number
Once the front end finishes the possession check, the back end calls the /validate endpoint with the correlation ID to authenticate the trustworthiness of the phone number. The response provides:
challengeMissing=truesince you did not enter challenge data into the /start call.success=truephoneNumberthat was initially passed./v3/challengeas the next endpoint to call.
Prompt for Challenge Data
The front end will prompt the user with this screen. Enter the PII for Van Moors. This screen will look different depending on what challenge data you want to receive.
The back end will then call the /challenge endpoint with the correlation ID and challenge data. The response will provide PII for Van, "success": true, and the next endpoint to call.
Review PII
You will see the following page. The form will be prefilled with the PII returned from the /challenge endpoint. Confirm the provided information. The back end will then call the /complete endpoint with the correlation ID and you will have a successful flow.
Follow the steps below to test the Prove Pre-Fill flow with Mobile Auth add-on for Madelon Giberd. This user will fail Mobile Auth on mobile but pass the OTP. This user will pass the entire Pre-Fill flow and return success=true in the /complete response.
Begin Application
Start the onboarding flow on the initial screen. The customer will be prompted to accept the terms and conditions.
Initiate Start Request
Madelon’s phone number needs to be passed into Start() due to Sandbox limitations. However, in Production the customers phone number does not need to be passed into Start() when Mobile Auth is enabled. The client-side SDK will prompt for phone number only if Mobile Auth fails.
Your front end will send data to the back end. Your back end will then send the phone number and flow type to the /start endpoint. The response will provide an auth token, correlation ID, and the next endpoint to call.
The final target URL must be sent if performing a desktop flow.
Send Auth Token to the Front End
Your back end will send the authToken to the front end SDK to do the possession handling.
The system fails Mobile Auth and the client-side SDK prompts for the phone number.
The front end will then run OTP handling. You will see the following page. Use 1234 to simulate a successful OTP.
The system fails Mobile Auth and the client-side SDK prompts for the phone number.
The front end will then run OTP handling. You will see the following page. Use 1234 to simulate a successful OTP.
The front end will run Instant Link handling. You will see the following page until the authentication is simulated.
Verify Mobile Number
Once the front end finishes the possession check, the back end calls the /validate endpoint with the correlation ID to authenticate the trustworthiness of the phone number. The response provides:
challengeMissing=truesince you did not enter challenge data into the /start call.success=truephoneNumberthat was initially passed./v3/challengeas the next endpoint to call.
Prompt for Challenge Data
The front end will prompt the user with this screen. Enter the PII for Madelon Giberd. This screen will look different depending on what challenge data you want to receive.
The back end will then call the /challenge endpoint with the correlation ID and challenge data. The response will provide PII for Madelon, "success": true, and the next endpoint to call.
Review PII
You will see the following page. The form will be prefilled with the PII returned from the /challenge endpoint. Confirm the provided information. The back end will then call the /complete endpoint with the correlation ID and you will have a successful flow.
Follow the steps below to test the Prove Pre-Fill flow with KYC add-on for Johnnie Lammiman. This user will pass the entire Pre-Fill flow and return success=true in the /complete response as well as return high MultiCIP and no hits against mock-configured KYC watchlists.
Prompt Customer
Start the onboarding flow on the initial screen and enter the PII for Johnnie Lammiman.
Initiate Start Request
Your front end will send this data to the back end. Your back end will then send the phone number, flow type, and challenge to the /start endpoint. The response will provide an auth token, correlation ID, and the next endpoint to call.
The final target URL must be sent if performing a desktop flow.
Send Auth Token to the Front End
Your back end will send the authToken to the front end SDK to do the possession handling.
The front end will run OTP handling. You will see the following page. Use 1234 to simulate a successful OTP.
The front end will run OTP handling. You will see the following page. Use 1234 to simulate a successful OTP.
The front end will run Instant Link handling. You will see the following page until the authentication is simulated.
Verify Mobile Number
Once the front end finishes the possession check, the back end calls the /validate endpoint with the correlation ID to authenticate the trustworthiness of the phone number. The response provides:
challengeMissing=falsedue to passing the challenge into the /start call.success=truephoneNumberthat was initially passed./v3/challengeas the next endpoint to call.
The back end will then call the /challenge endpoint with the correlation ID. The response will provide PII for Johnnie, "success": true, and the next endpoint to call.
Review PII
You will see the following page. The form will be prefilled with the PII returned from the /challenge endpoint. Confirm the provided information. The back end will then call the /complete endpoint with the correlation ID and you will have a successful flow. You will receive simulated KYC and CIP results in the response. This user passes both checks.
Follow the steps below to test the Prove Pre-Fill flow with KYC add-on for Sebastian Limmer. This user will proceeed through the entire Pre-Fill flow. The /complete response will return success=true but also returns 4 simulated hits against KYC watchlists.
Prompt Customer
Start the onboarding flow on the initial screen and enter the PII for Sebastian Limmer.
Initiate Start Request
Your front end will send this data to the back end. Your back end will then send the phone number, flow type, and challenge to the /start endpoint. The response will provide an auth token, correlation ID, and the next endpoint to call.
The final target URL must be sent if performing a desktop flow.
Send Auth Token to the Front End
Your back end will send the authToken to the front end SDK to do the possession handling.
The front end will run OTP handling. You will see the following page. Use 1234 to simulate a successful OTP.
The front end will run OTP handling. You will see the following page. Use 1234 to simulate a successful OTP.
The front end will run Instant Link handling. You will see the following page until the authentication is simulated.
Verify Mobile Number
Once the front end finishes the possession check, the back end calls the /validate endpoint with the correlation ID to authenticate the trustworthiness of the phone number. The response provides:
challengeMissing=falsedue to passing the challenge into the /start call.success=truephoneNumberthat was initially passed./v3/challengeas the next endpoint to call.
The back end will then call the /challenge endpoint with the correlation ID. The response will provide PII for Sebastian, "success": true, and the next endpoint to call.
Review PII
You will see the following page. The form will be prefilled with the PII returned from the /challenge endpoint. Confirm the provided information. The back end will then call the /complete endpoint with the correlation ID and you will have a successful flow. You will receive KYC and IDV data in the /complete response. This user fails the KYC check. Send the user through your exception process.
Follow the steps below to test the Prove Pre-Fill flow with KYC add-on for Leena Tomashov. This user will fail the Pre-Fill flow at the Complete step and return multiCIPConfidence=low.
Prompt Customer
Start the onboarding flow on the initial screen and enter the PII for Leena Tomashov.
Initiate Start Request
Your front end will send this data to the back end. Your back end will then send the phone number, flow type, and challenge to the /start endpoint. The response will provide an auth token, correlation ID, and the next endpoint to call.
The final target URL must be sent if performing a desktop flow.
Send Auth Token to the Front End
Your back end will send the authToken to the front end SDK to do the possession handling.
The front end will run OTP handling. You will see the following page. Use 1234 to simulate a successful OTP.
The front end will run OTP handling. You will see the following page. Use 1234 to simulate a successful OTP.
The front end will run Instant Link handling. You will see the following page until the authentication is simulated.
Verify Mobile Number
Once the front end finishes the possession check, the back end calls the /validate endpoint with the correlation ID to authenticate the trustworthiness of the phone number. The response provides:
challengeMissing=falsedue to passing the challenge into the /start call.success=truephoneNumberthat was initially passed./v3/challengeas the next endpoint to call.
The back end will then call the /challenge endpoint with the correlation ID. The response will provide PII for Leena, "success": true, and the next endpoint to call.
Review PII
You will see the following page. The form will be prefilled with the PII returned from the /challenge endpoint. Confirm the provided information. The back end will then call the /complete endpoint with the correlation ID. You will receive KYC and IDV data in the /complete response. This user fails the Complete step indicating Prove was unable to validate their identity. In addition, this user fails the CIP check. Send the user through a step-up authentication method.
Follow the steps below to test the Prove Pre-Fill flow with Marcia, Cathee, Van, Johnnie, Sebastian or Leena. This will introduce failures into the flow and return success=false at various points.
Send Auth Token to the Front End
Your back end will send the authToken to the front end SDK to do the possession handling. During the mobile flow, use 1111 to simulate a failed OTP when presented with the following OTP page.
Once the front end finishes the possession check, the back end calls the /validate endpoint with the correlation ID to authenticate the trustworthiness of the phone number.
The test user then fails /validate.
The Prove flow is terminated and the front end proceeds to another authentication method.
Send Auth Token to the Front End
Your back end will send the authToken to the front end SDK to do the possession handling. During the mobile flow, use 1111 to simulate a failed OTP when presented with the following OTP page.
Once the front end finishes the possession check, the back end calls the /validate endpoint with the correlation ID to authenticate the trustworthiness of the phone number.
The test user then fails /validate.
The Prove flow is terminated and the front end proceeds to another authentication method.
Prompt Customer
Start the onboarding flow on the initial screen and enter the wrong SSN or DOB for the user.
Verify Mobile Number
Once the front end finishes the possession check, the back end calls the /validate endpoint with the correlation ID to authenticate the trustworthiness of the phone number. The response provides:
challengeMissing=falsedue to passing the challenge into the /start call.success=truephoneNumberthat was initially passed./v3/challengeas the next endpoint to call.
The back end will then call the /challenge endpoint with the correlation ID. The user then fails /challenge. Send the user through the exception process.
Review PII
When viewing the following page, prefilled with the user’s PII, change the last name.
The back end will then call the /complete endpoint with the correlation ID and the edited information. The user will fail /complete. Send the user through the exception process.
| Phone Number | First Name | Last Name | Address | City | State | Zip | Date of Birth | Social Security Number | |
|---|---|---|---|---|---|---|---|---|---|
| 2001004000 | Martina | Goodram | 28965 Homewood Plaza | Little Rock | AR | 72204 | 7/26/1995 | 490959347 | mgoodram0@nasa.gov |
After initial short-term testing, implement the client-side SDK and use the remaining test users to test your implementation. Reference the Quick Start Guide to gather the required components.
Prove Identity Test Users
For each of the test users, simulate the flow in the staging environment to test out your implementation to ensure it’s working. Reference the Outcomes Table to review scenarios to test and interpretation of success and failed states.
Mobile Flow Testing
When prompted for your one-time password (OTP) during mobile flow testing, you must use 1234 to simulate a successful OTP. Any other combination of numbers simulates a failure. Use the Benji Harper user to test your OTP setup.
| Phone Number | First Name | Last Name | Address | City | State | Zip | Date of Birth | Social Security Number | |
|---|---|---|---|---|---|---|---|---|---|
| 2001004009 | Benji | Harper | 27 Financial Place | Bakersfield | CA | 93301-2425 | 09/02/1994 | 565252770 | bharperd@superstars.com |
| 2001001699 | Carney | Reinisch | 582 Coleman Point | San Antonio | TX | 78230 | 3/3/2000 | 166521601 | creinischq@php.net |
| 2001001698 | Enid | Wildt | 861 Karstens Circle | Washington | DC | 20409 | 6/18/1996 | 212285822 | ewildtp@eepurl.com |
Prove Identity Outcomes and Test Scenarios
The following table provides Prove Identity outcome possibilities including which sandbox users to test with and interpretations of each success and failed state in Production. The Prove Identity Test Users table has the comprehensive list of test users including mock data.
Sandbox Troubleshooting Tips
Reference the table for help troubleshooting when success=false in an API response. To troubleshoot an API response in Production, refer to the Prove Identity Outcomes and Test Scenarios.
| Server Side Call | Behavior Resulting in success=false | Troubleshooting Tips |
|---|---|---|
/start | Not Applicable | Error and Status Codes page for common 400 response errors |
/validate | Prove Identity Sandbox user intended to fail this step: Carney Reinisch | Test Scenario Table for which test users fail each scenario |
/validate | Client-Side SDK Authenticate() function wasn’t called.* * Required for all sandbox users except Martina Goodram. | Client-side SDK implementation guide |
/validate | Wrong OTP entered | Client-side SDK implementation guide |
/complete | The First Name, Last Name, or Social Security Number isn’t associated with the phone number entered. You entered Cathy Blazevic’s phone number with different last4. | Test Scenario Table for which test users fail each scenario |
If you receive 400 or 500 response errors when running these test scenarios, refer to the Error and Status Codes page.
If you still have issues, send your correlationId from a failing request. Use either the Support button in the Portal or contact your account representative.
For Production access, contact your sales representative.