Implement Prove Pre-Fill
1
Prompt Customer
- No Mobile Auth
- Mobile Auth
Create or update your first screen to prompt for phone number and challenge data.
Page Summary Description: We can prefill some of this request like your name, address, and contact info for you.
Page Summary Description: We can prefill some of this request like your name, address, and contact info for you.
| Contracted Solution | Customer Prompt Language Requirements | Required Challenge Data |
|---|---|---|
| Prove Pre-Fill | Customer can choose one from the following prompts: “Last 4 SSN/ITIN” “SSN/ITIN” “MM/DD/YYYY” “MM/YYYY” “MM/DD” | Last 4 SSN/ITIN Full SSN* Full DOB DOB - Month and Year DOB - Month and Day *If the customer is applying to open a demand deposit account (DDA), the customer must enter their full social security number (SSN) for the challenge |
| Prove Pre-Fill with KYC | ”Full SSN/ITIN” | Full SSN |
| If the customer doesn’t have a mobile number, exit the Prove flow and present a manual application. Customers without a mobile number still have a path forward to continue with their application. |
2
Determine Type of Flow
- Web SDK
- Android SDK
- iOS SDK
You can determine if the customer is on a mobile or desktop browser using this example. If the
isMobile is true, set mobile as the flowType for the Start() function on the server, otherwise you can set desktop:3
Initialize the Flow
- No Mobile Auth
- Mobile Auth
You need to send a request to your back end server with the phone number, flow type, and an optional challenge to start the flow. This can either be the date of birth or last four digits of the social security number.
- Web SDK
- Android SDK
- iOS SDK
4
Call the Start Endpoint
On the back end, you’ll start a Prove flow with a call to the The function returns the following fields:
Start() function. This function takes these required parameters:-
flowType: eitherdesktopormobileto describe which type of device the customer is starting their flow on. -
finalTargetURL: required whenflowType=desktop. This should be a URL you maintain. Once the customer clicks the Instant Link, they will be redirected to this URL. It should instruct the customer to continue the workflow. Maximum length is 128 characters.
-
ssn: full or last four digits of the customer’s social security number. You can pass it intoStart()orChallenge(). -
dob: date of birth in one of these formats:YYYY-MM-DD,YYYY-MM,MM-DD. You can pass it intoStart()orChallenge(). -
allowOTPRetry: set totrueto allow the customer to re-enter the OTP up to three times. Defaults tofalse.For OTP retries, make sure to implement client SDK changes in the next step.
- No Mobile Auth
- Mobile Auth
-
authToken: send this to your client-side code through theAuthenticate()function - it’s a JSON Web Token (JWT) tied to the current flow and used for the possession checks. It expires after 15 minutes. -
correlationId: save this in your current session, then pass it in to each of theValidate(),Challenge(), andComplete()function calls of the same flow. The correlation ID ties together different system calls for the same Prove flow. It can aids in troubleshooting. The session expires in 15 minutes from when the correlation ID returns from theStart()call. -
next: map of the next API call you need to make.
authToken in a response to the front end.5
Authenticate
Once you have the 
authToken, build the authenticator for both the mobile and desktop flows.- Web SDK
- Android SDK
- iOS SDK
Configure OTP
To set the One-Time Password (OTP) handler,withOtpFallback(startStep: OtpStartStep | OtpStartStepFn, finishStep: OtpFinishStep | OtpFinishStepFn), requires implementing the OtpStartStep and OtpFinishStep. When returning the phone number in the functions, ensure you return an object with the field phoneNumber to the resolve() function.The OTP session has a two minute timeout from when it’s sent through Short Message Service (SMS) to when the customer can enter in the OTP.- Default
- Prompt for Phone Number
- Resend
- Retry OTP
- Phone Number Change
Follow these instructions if you are implementing OTP and you are passing in the phone number on the Call the
/v3/start endpoint. In this case, you’ve already prompted for a phone number so you don’t need to prompt for it in the client SDK.Since you passed the phone number in the Start() function, call resolve(null) to communicate to the SDK you have the customer’s agreement to deliver the SMS message. Ensure you return an object to resolve() function.reject('some error message') method to communicate to the SDK any issues while trying to obtain the phone number or the OTP. Report an error if the customer cancels the SMS transaction or presses the back button to leave the screen.In the finish step, call the resolve(result: OtpFinishResult) method to return the collected OTP value in which result variable has OnSuccess value for OtpFinishResultType and the OTP value wrapped in OtpFinishInput.Configure Instant Link
To set the Instant Link handler,withInstantLinkFallback(startStep: InstantLinkStartStep | InstantLinkStartStepFn, retryStep?: InstantLinkRetryStep | InstantLinkRetryStepFn) requires implementing the InstantLinkStartStep interface and optionally the InstantLinkRetryStep interface if you wish for advanced capabilities. When returning the phone number in the functions, ensure you return an object with the field phoneNumber to the resolve() function.The Instant Link session has a three minute timeout from when it’s sent through Short Message Service (SMS) to when the customer can click the received link.- Default
- Prompt for Phone Number
- Resend
- Phone Number Change
Follow these instructions if you are implementing Instant Link and you are passing in the phone number on the
/v3/start endpoint. In this case, you’ve already prompted for a phone number so you don’t need to prompt for it in the client SDK.Since you passed the phone number in the Start() function, call resolve(null) to communicate to the SDK you have the customer’s agreement to deliver the SMS message. Ensure you return an object to resolve() function.OTP
Page Summary
| Flow | Page Summary Language |
|---|---|
| Mobile | Enter verification code. Please enter the code we just sent to (XXX) XXX-XXXX. |
Instant Link
Page Summary
| Flow | Page Summary Language |
|---|---|
| Desktop | Check your Phone. A text message with a link was just sent to the phone ending in XXXX (last 4 digits of mobile number). |
Alternate path for customers
If the customer can’t authenticate through Instant Link or SMS one-time password (OTP), customer exits the Prove flow. Present a manual application as an alternate method of verification.Reference the Quick Start Guide to get started.In the desktop flow, a WebSocket opens for three minutes on the desktop browser while waiting for the customer to select the link in the text message. Once clicked, the WebSocket closes and theAuthFinishStep function finishes.6
Verify Mobile Number
In the
AuthFinishStep, you’ll specify a function to call once the possession checks complete on the mobile phone. This endpoint on your back end server calls the Validate() function to validate the phone number. If it was successful, the server returns the results from the Challenge() function including customer information. Refer to the following example fields that return and then prefill on a form for the customer to verify. The AuthFinishStep then completes. In the event of cancellation, the server makes a call to the Validate() function and returns success=false.- Web SDK
- Android SDK
- iOS SDK
7
Validate Mobile Phone
Once the possession checks finish on the mobile device, the finish handler on the client-side SDK executes. You then make a request to your server such as 
Page Summary Description: Please enter your phone number to begin the account creation process.The function returns the following fields:
POST /verify to make the next call in the flow to the Validate() function.Page Summary Requirements
Page Summary Language: Let’s Get StartedPage Summary Description: Please enter your phone number to begin the account creation process.
Data entry prompt requirements
Prompt for the mobile number within the input field.Opt out
Allow customers to select “I don’t have a mobile number” which sends the customer to a manual form to allow customers without mobile numbers to still apply.Reference the Quick Start Guide to get started.This function requires the Correlation ID which is returned by theStart() function.-
success:trueif customer info returned. -
individual: customer information in a map. -
next: map of the next API you need to call you need to make.
success=true, return the customer information in a response to the front end to prefill the form.8
Verify the Customer Information
Display fields and requirements
Pre-Fill
Pre-Fill
| Required Display Field | Display Requirements | Editable Field |
|---|---|---|
| First Name | Yes - unmasked | Yes |
| Last Name | Yes - unmasked | Yes |
| Address | Yes - unmasked | Yes |
| Extended Address | Yes - unmasked | Yes |
| City | Yes - unmasked | Yes |
| State | Yes - unmasked | Yes |
| Postal Code | Yes - unmasked | Yes |
| Phone Number | Yes - unmasked | No |
| Social Security Number (SSN) | Mask first five, display last four | Yes* |
| Date of Birth | Yes - MM/DD/YYYY | Yes** |
| * Upon edit, clear data and require customer to enter full SSN. | ||
| **Upon edit, clear the data and require customer to enter the full date of birth. |
Pre-Fill with KYC
Pre-Fill with KYC
| Required Display Field | Display Requirements | Editable Field |
|---|---|---|
| First Name | Yes - unmasked | Yes |
| Last Name | Yes - unmasked | Yes |
| Address | Yes - unmasked | Yes |
| Extended Address | Yes - unmasked | Yes |
| City | Yes - unmasked | Yes |
| State | Yes - unmasked | Yes |
| Postal Code | Yes - unmasked | Yes |
| Phone Number | Yes - unmasked | No |
| Social Security Number | Mask first five, display last four | No, full SSN entered at beginning of process. |
| Date of Birth | Yes - MM/DD/YYYY | Yes* |
| * Upon edit, clear the data and require customer to enter the full date of birth. |
Complete() call can then verify the customer information.- Web SDK
- Android SDK
- iOS SDK
9
Call the Complete Endpoint
This function is the final call in the flow that verifies the customer information.This function takes these required parameters:
-
Correlation ID: this is the ID returned by the
Start()function. - Individual: customer information in a map.
The function returns the following fields:
-
Success:
trueif customer information returned. -
Next: map of the next API call you need to make, in this case,
Done.
Test your Prove implementation
Next, reference the Sandbox test scenarios to test users and simulate different behaviors encountered in production.Production LaunchTo launch in Production, please contact your Prove representative.