Skip to main content

Prove Unified Authentication Solution

Prove Unified Authentication simplifies and strengthens your authentication security by automatically choosing the right authenticator based on trusted device recognition and authenticator availability—reducing friction while protecting against fraud.

Prove Unified Authentication Terminology

  • Prove Key: Non extractable cryptographic key used for verification by Prove.
  • Bind: Establishes possession of the phone number to register the Prove Key.
  • Customer-Initiated Bind: Registry of a Prove Key based on customer-supplied possession of the phone number.

Prove’s possession flow

Diagram illustrating Prove's unified authentication possession flow
1

Unify Call

The Unify call generates the OAuth token, initiates the session, and accepts the phone number input.
2

Client-Side SDK

The client-side SDK initiates the authentication.
  • Mobile Channels: Checks for a bound Prove Key first. If one isn’t present, it falls back to SMS OTP and places the Prove Key.
  • Desktop Channels: Uses Instant Link for the possession check.
3

Unify Status Call

The Unify Status call results indicate whether authentication passed or failed. success=true indicates either the customer passed the possession check and completed the bind or authenticated using the Prove Key.
4

Subsequent Authentication

If authentication passed, this customer is eligible to authenticate using the Prove Key on future authentications while the Prove Key is bound.
Only mobile channels are now supported for customer-supplied possession.
Diagram illustrating the Unify flow using customer-supplied possession
1

Unify Call

The Unify call with possessionType=none initiates the session and accepts the phone number input.
2

Client-Side SDK

The client-side SDK initiates the authentication. It checks for a bound Prove Key first, then places the Prove Key if not already present.
3

Unify Status Call (First)

The Unify Status call either indicates the customer authenticated using the Prove Key or that possession is required.
4

Customer Possession Check

If possession is required, your app needs to perform a customer-supplied possession check such as SMS OTP. If the customer passes the possession check, proceed to the Unify bind step.
5

Unify Bind Call

The Unify Bind call completes the customer-initiated bind registering the Prove Key.
6

Subsequent Authentication

This consumer is eligible to use the Prove Key for future authentications while the Prove Key is bound.