Prove Unified Authentication Overview
Learn about the components that make up the Prove Unified Authentication solution
Prove Unified Authentication solution
Prove Unified Authentication simplifies and strengthens your authentication security by automatically choosing the right authenticator based on trusted device recognition and authenticator availability—reducing friction while protecting against fraud.Pain points
- Fragmented Systems: The current authentication landscape is a broken, high-friction patchwork of different solutions that fail to work together, creating a frustrating experience for users.
- Costly & Insecure Methods: Widely used methods like SMS OTP are proving to be expensive, unreliable, and highly vulnerable to fraud, leading to significant financial losses for businesses.
- Poor User Recognition: Existing technologies struggle to recognize the same user across different channels (e.g., web vs. mobile app) or when they change devices, forcing repetitive and unnecessary re-authentication.
- Flawed New Technologies: Next-generation solutions like passkeys and device fingerprinting are not foolproof, suffering from unreliable syncing, new attack vectors, and an inability to adapt to user device changes.
- Risky Onboarding: The customer onboarding process is often tedious and frustrating, which not only drives potential customers away but also creates security vulnerabilities for attackers to exploit with stolen identities.
Value drivers
- Seamless User Experience: Unified Auth offers a “recognize once and everywhere” approach, allowing users to be identified passively and persistently across all digital channels and devices without unnecessary friction.
- Drastically Reduced Fraud & Costs: By moving away from vulnerable SMS systems, it provides a more secure, multi-layered cryptographic key system that stops sophisticated account takeover attacks and significantly cuts operational costs.
- Increased Conversion & Compliance: The solution creates a frictionless user journey that improves business conversion rates while helping companies meet critical security and data privacy regulations like multi-factor authentication and PSD2/3.
- Intelligent Key Management: The solution provides a single, cohesive platform that intelligently establishes and manages a user’s cryptographic keys to create a unified, stronger authentication.
- Future-Proof Design: It is built to accommodate the future of connected technology, prepared for the increasing number of devices per user.
Inputs & Outputs
Prove Binding via a Welcome Solution: Verified User or Pre-Fill can be used to create a new identity, and bind that identity to a device. Prove Binding via Unified Authentication: Enrolling a user in Unified Authentication to allow device binding. Authenticate an Existing User: Allows Unified Authentication, or another solution, so check for a bind and authenticate the existing user.Prove Binding via a Welcome Solution
This path assumes that the customer has existing users. Clients must batch enroll their existing users using Identity Resolution/Identity Manager such as via Verified Users or for batch/bulk uploads to pre-create the Prove Key.Prove Binding (or re-binding) via Unified Authentication
Input parameters
| Field | Field Type | Unified Authentication | Description |
|---|---|---|---|
phoneNumber | string | Required | The number of the mobile phone. Acceptable characters are: alphanumeric with symbols ’+’. |
phoneNumber (date last verified) | string | The last date that a possession check was completed for a phone number. The format is YYYY-MM-DD. Acceptable characters are: numeric with symbol ’-‘ | |
verificationType | string | Prove offers different verification methods based on your use case and authorization level required. Available verification methods are: bot verifiedUsers prefill prefillForBusiness accountOpening identityResolution | |
firstName | string | The verified first name of the user. | |
lastName | string | The verified last name of the user. | |
emailAddress | string | Required | The email address associated with the phone number. |
email (date last verified) | string | The date the email address was last verified (e.g., 2023-01-01 ). | |
address | list of objects | ||
address | string | The street address of the individual. | |
extendedAddress | string | The apartment number or other extended address information. | |
city | string | The city of the individual. | |
region | string | The state or locality of the individual. | |
postalCode | string | The zip code of the individual. It can be either 5 digits (XXXXX) or ZIP+4 (XXXXX-XXXX). | |
dateOfbirth | string | The date of birth associated with the phone number. | |
nationalId | string | The user’s national ID, such as the full or last four digits of their SSN. | |
ipAddress | string | The IP address of the user. | |
userAgent | string | The user agent of the session of the individual. | |
avsResult | list of objects | ||
identityID | string | ||
provePhoneAlias | string | ||
correlationId | string | A unique ID that links all calls for the same flow. This is a crucial field to save for subsequent calls. | |
clientRequestId | string | Your unique request identifier. | |
clientCustomerId | string | A client-generated unique ID for a specific customer. This can be used by clients to link calls related to the same customer, across different requests or sessions. | |
clientHumanID | string | A client-generated unique ID for a specific customer that has been identity proofed. This can be used by clients to link calls related to the same customer, across different requests or sessions. The format of this ID is defined by the client - Prove recommends using a GUID, but any format can be accepted. Do not include personally identifiable information (PII) in this field. | |
businessName | string | The legal business name of the business attempting a verification. | |
authToken | string | A bearer token for use by the Prove client SDK. |
Output parameters
| Field | Field Type | Description | Unified Authentication |
|---|---|---|---|
success | boolean | True if the API call was successful. | ✅ |
phoneNumber | string | The number of the mobile phone. | |
verifyResult | string | The result of the verification according to the Global Fraud Policy. | |
assuranceLevel | string | Prove’s tiered confidence metric, ranging from -1 to 3, that dynamically adapts to user behavior and various authentication keys. It allows for adaptive security policies, meaning you can require different levels of verification for different types of transactions. This is a key attribute of the Prove Key. Possible values are: “AL-1”, “AL0”, “AL1”, “AL2”, “AL3”. | |
correlationId | string | The unique ID that Prove generates for the flow. To continue the flow, the field will also be used for each of the subsequent API calls in the same flow - it cannot be reused outside of a single flow. | |
proveId | string | A globally unique identifier in Prove language that represents a user (or business). If provided to a customer, this ID is “salted” to make it specific to that customer before being shared. It links a user’s keys to their National ID and is the center of our universe linking identity data and events throughout our fabric. | ✅ |
proveKey | string | ||
identityId | string | ||
clientRequestID | string | ||
clientHumanID | string | A client-generated unique ID for a specific customer that has been identity proofed. This can be used by clients to link calls related to the same customer, across different requests or sessions. The format of this ID is defined by the client - Prove recommends using a GUID, but any format can be accepted. Do not include personally identifiable information (PII) in this field. | |
clientCustomerId | string | A client-generated unique ID for a specific customer. This can be used by clients to link calls related to the same customer, across different requests or sessions. | |
identity | list of objects | ||
firstName | string | The first name of the individual. | |
lastName | string | The last name of the individual. | |
nationalId | string | The national identity number of the individual. | |
dateOfBirth | string | The date of birth of the individual in one of these formats: YYYY-MM-DD, YYYY-MM, or MM-DD. Acceptable characters are: numeric with symbol ’-’. | |
email(s) | list of objects | ||
email1 | string | The email address of the customer. Acceptable characters are: alphanumeric with symbols ’@.+’. | |
email2 | string | The email address of the customer. Acceptable characters are: alphanumeric with symbols ’@.+’. | |
address | list of objects | ||
address | string | The street address of the individual. | |
extendedAddress | string | The apartment number or other extended address information. | |
city | string | The city of the individual. | |
region | string | The state or locality of the individual. | |
zipCode | string | The zip code of the individual. It can be either 5 digits (XXXXX) or ZIP+4 (XXXXX-XXXX). | |
business(es) | list of objects | ||
businessName | string | The legal business name. | |
businessAddress | list of objects | ||
address | string | The street address of the individual. | |
extendedAddress | string | The apartment number or other extended address information. | |
city | string | The city of the individual. | |
region | string | The state or locality of the individual. | |
zipCode | string | The zip code of the individual. It can be either 5 digits (XXXXX) or ZIP+4 (XXXXX-XXXX). | |
tradeName | string | The doing business as (DBA) name of the legal business entity. | |
taxId | string | The Employee identification Number or Tax Identification Number of the business. | |
relatedPersons | list of objects | ||
firstName | string | The first name of the individual. | |
middlesName | string | The middle name of the individual. | |
lastName | string | The last name of the individual. | |
title | string | The title of the related person. | |
registrationFiling | string | ||
date | string | The date of the registration filing. | |
registrationType | string | The type of registration. | |
region | string | The state or locality of the business registration. | |
identityId | string | A unique ID that Prove generates to refer to a specific identity. | |
verifyResult | string | The result of the Verify process. Possible values are success, pending, and failed. If the Verify result is pending, clients will need to call the Verify Status API to get a result. | |
possessionResult | string | The result of the possession check. Possible values are pending and not_applicable, based on the possessionType passed in the input. Clients will have to call the Verify Status API to get a result if possessionResult=pending. | |
success | string | The result of the combination of verifyResult and possessionResult. Possible values are true, pending, and false. The value will be pending until the results of both Verify and Possession are returned or one of them fails, blocking the other. | |
allowOTPRetry | boolean | If true, the customer can re-enter the OTP up to three times. Code must also be implemented. See client-side SDK guide for more details. |
Authenticate an Existing User
Input parameters
| Field | Field Type | Unified Authentication | Description |
|---|---|---|---|
phoneNumber | string | Required | The number of the mobile phone. Acceptable characters are: alphanumeric with symbols ’+’. |
phoneNumber (date last verified) | string | The last date that a possession check was completed for a phone number. The format is YYYY-MM-DD. Acceptable characters are: numeric with symbol ’-‘ | |
verificationType | string | Prove offers different verification methods based on your use case and authorization level required. Available verification methods are: bot verifiedUsers prefill prefillForBusiness accountOpening identityResolution | |
firstName | string | The verified first name of the user. | |
lastName | string | The verified last name of the user. | |
emailAddress | string | Required | The email address associated with the phone number. |
email (date last verified) | string | The date the email address was last verified (e.g., 2023-01-01 ). | |
address | list of objects | ||
address | string | The street address of the individual. | |
extendedAddress | string | The apartment number or other extended address information. | |
city | string | The city of the individual. | |
region | string | The state or locality of the individual. | |
postalCode | string | The zip code of the individual. It can be either 5 digits (XXXXX) or ZIP+4 (XXXXX-XXXX). | |
dateOfbirth | string | The date of birth associated with the phone number. | |
nationalId | string | The user’s national ID, such as the full or last four digits of their SSN. | |
ipAddress | string | The IP address of the user. | |
userAgent | string | The user agent of the session of the individual. | |
avsResult | list of objects | ||
identityID | string | ||
provePhoneAlias | string | ||
correlationId | string | A unique ID that links all calls for the same flow. This is a crucial field to save for subsequent calls. | |
clientRequestId | string | Your unique request identifier. | |
clientCustomerId | string | A client-generated unique ID for a specific customer. This can be used by clients to link calls related to the same customer, across different requests or sessions. | |
clientHumanID | string | A client-generated unique ID for a specific customer that has been identity proofed. This can be used by clients to link calls related to the same customer, across different requests or sessions. The format of this ID is defined by the client - Prove recommends using a GUID, but any format can be accepted. Do not include personally identifiable information (PII) in this field. | |
businessName | string | The legal business name of the business attempting a verification. | |
authToken | string | A bearer token for use by the Prove client SDK. |
Output parameters
| Field | Field Type | Description | Unified Authentication |
|---|---|---|---|
success | boolean | True if the API call was successful. | ✅ |
phoneNumber | string | The number of the mobile phone. | |
verifyResult | string | The result of the verification according to the Global Fraud Policy. | |
assuranceLevel | string | Prove’s tiered confidence metric, ranging from -1 to 3, that dynamically adapts to user behavior and various authentication keys. It allows for adaptive security policies, meaning you can require different levels of verification for different types of transactions. This is a key attribute of the Prove Key. Possible values are: “AL-1”, “AL0”, “AL1”, “AL2”, “AL3”. | |
correlationId | string | The unique ID that Prove generates for the flow. To continue the flow, the field will also be used for each of the subsequent API calls in the same flow - it cannot be reused outside of a single flow. | |
proveId | string | A globally unique identifier in Prove language that represents a user (or business). If provided to a customer, this ID is “salted” to make it specific to that customer before being shared. It links a user’s keys to their National ID and is the center of our universe linking identity data and events throughout our fabric. | ✅ |
proveKey | string | ✅ | |
identityId | string | ||
clientRequestID | string | ✅ | |
clientHumanID | string | A client-generated unique ID for a specific customer that has been identity proofed. This can be used by clients to link calls related to the same customer, across different requests or sessions. The format of this ID is defined by the client - Prove recommends using a GUID, but any format can be accepted. Do not include personally identifiable information (PII) in this field. | ✅ |
clientCustomerId | string | A client-generated unique ID for a specific customer. This can be used by clients to link calls related to the same customer, across different requests or sessions. | ✅ |
identity | list of objects | ||
firstName | string | The first name of the individual. | |
lastName | string | The last name of the individual. | |
nationalId | string | The national identity number of the individual. | |
dateOfBirth | string | The date of birth of the individual in one of these formats: YYYY-MM-DD, YYYY-MM, or MM-DD. Acceptable characters are: numeric with symbol ’-’. | |
email(s) | list of objects | ||
email1 | string | The email address of the customer. Acceptable characters are: alphanumeric with symbols ’@.+’. | |
email2 | string | The email address of the customer. Acceptable characters are: alphanumeric with symbols ’@.+’. | |
address | list of objects | ||
address | string | The street address of the individual. | |
extendedAddress | string | The apartment number or other extended address information. | |
city | string | The city of the individual. | |
region | string | The state or locality of the individual. | |
zipCode | string | The zip code of the individual. It can be either 5 digits (XXXXX) or ZIP+4 (XXXXX-XXXX). | |
business(es) | list of objects | ||
businessName | string | The legal business name. | |
businessAddress | list of objects | ||
address | string | The street address of the individual. | |
extendedAddress | string | The apartment number or other extended address information. | |
city | string | The city of the individual. | |
region | string | The state or locality of the individual. | |
zipCode | string | The zip code of the individual. It can be either 5 digits (XXXXX) or ZIP+4 (XXXXX-XXXX). | |
tradeName | string | The doing business as (DBA) name of the legal business entity. | |
taxId | string | The Employee identification Number or Tax Identification Number of the business. | |
relatedPersons | list of objects | ||
firstName | string | The first name of the individual. | |
middlesName | string | The middle name of the individual. | |
lastName | string | The last name of the individual. | |
title | string | The title of the related person. | |
registrationFiling | string | ||
date | string | The date of the registration filing. | |
registrationType | string | The type of registration. | |
region | string | The state or locality of the business registration. | |
identityId | string | A unique ID that Prove generates to refer to a specific identity. | |
verifyResult | string | The result of the Verify process. Possible values are success, pending, and failed. If the Verify result is pending, clients will need to call the Verify Status API to get a result. | |
possessionResult | string | The result of the possession check. Possible values are pending and not_applicable, based on the possessionType passed in the input. Clients will have to call the Verify Status API to get a result if possessionResult=pending. | |
success | string | The result of the combination of verifyResult and possessionResult. Possible values are true, pending, and false. The value will be pending until the results of both Verify and Possession are returned or one of them fails, blocking the other. | |
allowOTPRetry | boolean | If true, the customer can re-enter the OTP up to three times. Code must also be implemented. See client-side SDK guide for more details. |