Prove Unified Authentication solution

Prove Unified Authentication simplifies and strengthens your authentication security by automatically choosing the right authenticator based on trusted device recognition and authenticator availability—reducing friction while protecting against fraud.

Pain points

  • Fragmented Systems: The current authentication landscape is a broken, high-friction patchwork of different solutions that fail to work together, creating a frustrating experience for users.
  • Costly & Insecure Methods: Widely used methods like SMS OTP are proving to be expensive, unreliable, and highly vulnerable to fraud, leading to significant financial losses for businesses.
  • Poor User Recognition: Existing technologies struggle to recognize the same user across different channels (e.g., web vs. mobile app) or when they change devices, forcing repetitive and unnecessary re-authentication.
  • Flawed New Technologies: Next-generation solutions like passkeys and device fingerprinting are not foolproof, suffering from unreliable syncing, new attack vectors, and an inability to adapt to user device changes.
  • Risky Onboarding: The customer onboarding process is often tedious and frustrating, which not only drives potential customers away but also creates security vulnerabilities for attackers to exploit with stolen identities.

Value drivers

  1. Seamless User Experience: Unified Auth offers a “recognize once and everywhere” approach, allowing users to be identified passively and persistently across all digital channels and devices without unnecessary friction.
  2. Drastically Reduced Fraud & Costs: By moving away from vulnerable SMS systems, it provides a more secure, multi-layered cryptographic key system that stops sophisticated account takeover attacks and significantly cuts operational costs.
  3. Increased Conversion & Compliance: The solution creates a frictionless user journey that improves business conversion rates while helping companies meet critical security and data privacy regulations like multi-factor authentication and PSD2/3.
  4. Intelligent Key Management: The solution provides a single, cohesive platform that intelligently establishes and manages a user’s cryptographic keys to create a unified, stronger authentication.
  5. Future-Proof Design: It is built to accommodate the future of connected technology, prepared for the increasing number of devices per user.

Inputs & Outputs

Prove Binding via a Welcome Solution: Verified User or Pre-Fill can be used to create a new identity, and bind that identity to a device. Prove Binding via Unified Authentication: Enrolling a user in Unified Authentication to allow device binding. Authenticate an Existing User: Allows Unified Authentication, or another solution, so check for a bind and authenticate the existing user.

Prove Binding via a Welcome Solution

This path assumes that the customer has existing users. Clients must batch enroll their existing users using Identity Resolution/Identity Manager such as via Verified Users or for batch/bulk uploads to pre-create the Prove Key.

Prove Binding (or re-binding) via Unified Authentication

Input parameters

FieldField TypeUnified AuthenticationDescription
phoneNumberstringRequiredThe number of the mobile phone. Acceptable characters are: alphanumeric with symbols ’+’.
phoneNumber (date last verified)stringThe last date that a possession check was completed for a phone number. The format is YYYY-MM-DD. Acceptable characters are: numeric with symbol ’-‘
verificationTypestringProve offers different verification methods based on your use case and authorization level required. Available verification methods are: bot verifiedUsers prefill prefillForBusiness accountOpening identityResolution
firstNamestringThe verified first name of the user.
lastNamestringThe verified last name of the user.
emailAddressstringRequiredThe email address associated with the phone number.
email (date last verified)stringThe date the email address was last verified (e.g., 2023-01-01 ).
addresslist of objects
addressstringThe street address of the individual.
extendedAddressstringThe apartment number or other extended address information.
citystringThe city of the individual.
regionstringThe state or locality of the individual.
postalCodestringThe zip code of the individual. It can be either 5 digits (XXXXX) or ZIP+4 (XXXXX-XXXX).
dateOfbirthstringThe date of birth associated with the phone number.
nationalIdstringThe user’s national ID, such as the full or last four digits of their SSN.
ipAddressstringThe IP address of the user.
userAgentstringThe user agent of the session of the individual.
avsResultlist of objects
identityIDstring
provePhoneAliasstring
correlationIdstringA unique ID that links all calls for the same flow. This is a crucial field to save for subsequent calls.
clientRequestIdstringYour unique request identifier.
clientCustomerIdstringA client-generated unique ID for a specific customer. This can be used by clients to link calls related to the same customer, across different requests or sessions.
clientHumanIDstringA client-generated unique ID for a specific customer that has been identity proofed. This can be used by clients to link calls related to the same customer, across different requests or sessions. The format of this ID is defined by the client - Prove recommends using a GUID, but any format can be accepted. Do not include personally identifiable information (PII) in this field.
businessNamestringThe legal business name of the business attempting a verification.
authTokenstringA bearer token for use by the Prove client SDK.

Output parameters

FieldField TypeDescriptionUnified Authentication
successbooleanTrue if the API call was successful.
phoneNumberstringThe number of the mobile phone.
verifyResultstringThe result of the verification according to the Global Fraud Policy.
assuranceLevelstringProve’s tiered confidence metric, ranging from -1 to 3, that dynamically adapts to user behavior and various authentication keys. It allows for adaptive security policies, meaning you can require different levels of verification for different types of transactions. This is a key attribute of the Prove Key. Possible values are: “AL-1”, “AL0”, “AL1”, “AL2”, “AL3”.
correlationIdstringThe unique ID that Prove generates for the flow. To continue the flow, the field will also be used for each of the subsequent API calls in the same flow - it cannot be reused outside of a single flow.
proveIdstringA globally unique identifier in Prove language that represents a user (or business). If provided to a customer, this ID is “salted” to make it specific to that customer before being shared. It links a user’s keys to their National ID and is the center of our universe linking identity data and events throughout our fabric.
proveKeystring
identityIdstring
clientRequestIDstring
clientHumanIDstringA client-generated unique ID for a specific customer that has been identity proofed. This can be used by clients to link calls related to the same customer, across different requests or sessions. The format of this ID is defined by the client - Prove recommends using a GUID, but any format can be accepted. Do not include personally identifiable information (PII) in this field.
clientCustomerIdstringA client-generated unique ID for a specific customer. This can be used by clients to link calls related to the same customer, across different requests or sessions.
identitylist of objects
firstNamestringThe first name of the individual.
lastNamestringThe last name of the individual.
nationalIdstringThe national identity number of the individual.
dateOfBirthstringThe date of birth of the individual in one of these formats: YYYY-MM-DD, YYYY-MM, or MM-DD. Acceptable characters are: numeric with symbol ’-’.
email(s)list of objects
email1stringThe email address of the customer. Acceptable characters are: alphanumeric with symbols ’@.+’.
email2stringThe email address of the customer. Acceptable characters are: alphanumeric with symbols ’@.+’.
addresslist of objects
addressstringThe street address of the individual.
extendedAddressstringThe apartment number or other extended address information.
citystringThe city of the individual.
regionstringThe state or locality of the individual.
zipCodestringThe zip code of the individual. It can be either 5 digits (XXXXX) or ZIP+4 (XXXXX-XXXX).
business(es)list of objects
businessNamestringThe legal business name.
businessAddresslist of objects
addressstringThe street address of the individual.
extendedAddressstringThe apartment number or other extended address information.
citystringThe city of the individual.
regionstringThe state or locality of the individual.
zipCodestringThe zip code of the individual. It can be either 5 digits (XXXXX) or ZIP+4 (XXXXX-XXXX).
tradeNamestringThe doing business as (DBA) name of the legal business entity.
taxIdstringThe Employee identification Number or Tax Identification Number of the business.
relatedPersonslist of objects
firstNamestringThe first name of the individual.
middlesNamestringThe middle name of the individual.
lastNamestringThe last name of the individual.
titlestringThe title of the related person.
registrationFilingstring
datestringThe date of the registration filing.
registrationTypestringThe type of registration.
regionstringThe state or locality of the business registration.
identityIdstringA unique ID that Prove generates to refer to a specific identity.
verifyResultstringThe result of the Verify process. Possible values are success, pending, and failed. If the Verify result is pending, clients will need to call the Verify Status API to get a result.
possessionResultstringThe result of the possession check. Possible values are pending and not_applicable, based on the possessionType passed in the input. Clients will have to call the Verify Status API to get a result if possessionResult=pending.
successstringThe result of the combination of verifyResult and possessionResult. Possible values are true, pending, and false. The value will be pending until the results of both Verify and Possession are returned or one of them fails, blocking the other.
allowOTPRetrybooleanIf true, the customer can re-enter the OTP up to three times. Code must also be implemented. See client-side SDK guide for more details.

Authenticate an Existing User

Input parameters

FieldField TypeUnified AuthenticationDescription
phoneNumberstringRequiredThe number of the mobile phone. Acceptable characters are: alphanumeric with symbols ’+’.
phoneNumber (date last verified)stringThe last date that a possession check was completed for a phone number. The format is YYYY-MM-DD. Acceptable characters are: numeric with symbol ’-‘
verificationTypestringProve offers different verification methods based on your use case and authorization level required. Available verification methods are: bot verifiedUsers prefill prefillForBusiness accountOpening identityResolution
firstNamestringThe verified first name of the user.
lastNamestringThe verified last name of the user.
emailAddressstringRequiredThe email address associated with the phone number.
email (date last verified)stringThe date the email address was last verified (e.g., 2023-01-01 ).
addresslist of objects
addressstringThe street address of the individual.
extendedAddressstringThe apartment number or other extended address information.
citystringThe city of the individual.
regionstringThe state or locality of the individual.
postalCodestringThe zip code of the individual. It can be either 5 digits (XXXXX) or ZIP+4 (XXXXX-XXXX).
dateOfbirthstringThe date of birth associated with the phone number.
nationalIdstringThe user’s national ID, such as the full or last four digits of their SSN.
ipAddressstringThe IP address of the user.
userAgentstringThe user agent of the session of the individual.
avsResultlist of objects
identityIDstring
provePhoneAliasstring
correlationIdstringA unique ID that links all calls for the same flow. This is a crucial field to save for subsequent calls.
clientRequestIdstringYour unique request identifier.
clientCustomerIdstringA client-generated unique ID for a specific customer. This can be used by clients to link calls related to the same customer, across different requests or sessions.
clientHumanIDstringA client-generated unique ID for a specific customer that has been identity proofed. This can be used by clients to link calls related to the same customer, across different requests or sessions. The format of this ID is defined by the client - Prove recommends using a GUID, but any format can be accepted. Do not include personally identifiable information (PII) in this field.
businessNamestringThe legal business name of the business attempting a verification.
authTokenstringA bearer token for use by the Prove client SDK.

Output parameters

FieldField TypeDescriptionUnified Authentication
successbooleanTrue if the API call was successful.
phoneNumberstringThe number of the mobile phone.
verifyResultstringThe result of the verification according to the Global Fraud Policy.
assuranceLevelstringProve’s tiered confidence metric, ranging from -1 to 3, that dynamically adapts to user behavior and various authentication keys. It allows for adaptive security policies, meaning you can require different levels of verification for different types of transactions. This is a key attribute of the Prove Key. Possible values are: “AL-1”, “AL0”, “AL1”, “AL2”, “AL3”.
correlationIdstringThe unique ID that Prove generates for the flow. To continue the flow, the field will also be used for each of the subsequent API calls in the same flow - it cannot be reused outside of a single flow.
proveIdstringA globally unique identifier in Prove language that represents a user (or business). If provided to a customer, this ID is “salted” to make it specific to that customer before being shared. It links a user’s keys to their National ID and is the center of our universe linking identity data and events throughout our fabric.
proveKeystring
identityIdstring
clientRequestIDstring
clientHumanIDstringA client-generated unique ID for a specific customer that has been identity proofed. This can be used by clients to link calls related to the same customer, across different requests or sessions. The format of this ID is defined by the client - Prove recommends using a GUID, but any format can be accepted. Do not include personally identifiable information (PII) in this field.
clientCustomerIdstringA client-generated unique ID for a specific customer. This can be used by clients to link calls related to the same customer, across different requests or sessions.
identitylist of objects
firstNamestringThe first name of the individual.
lastNamestringThe last name of the individual.
nationalIdstringThe national identity number of the individual.
dateOfBirthstringThe date of birth of the individual in one of these formats: YYYY-MM-DD, YYYY-MM, or MM-DD. Acceptable characters are: numeric with symbol ’-’.
email(s)list of objects
email1stringThe email address of the customer. Acceptable characters are: alphanumeric with symbols ’@.+’.
email2stringThe email address of the customer. Acceptable characters are: alphanumeric with symbols ’@.+’.
addresslist of objects
addressstringThe street address of the individual.
extendedAddressstringThe apartment number or other extended address information.
citystringThe city of the individual.
regionstringThe state or locality of the individual.
zipCodestringThe zip code of the individual. It can be either 5 digits (XXXXX) or ZIP+4 (XXXXX-XXXX).
business(es)list of objects
businessNamestringThe legal business name.
businessAddresslist of objects
addressstringThe street address of the individual.
extendedAddressstringThe apartment number or other extended address information.
citystringThe city of the individual.
regionstringThe state or locality of the individual.
zipCodestringThe zip code of the individual. It can be either 5 digits (XXXXX) or ZIP+4 (XXXXX-XXXX).
tradeNamestringThe doing business as (DBA) name of the legal business entity.
taxIdstringThe Employee identification Number or Tax Identification Number of the business.
relatedPersonslist of objects
firstNamestringThe first name of the individual.
middlesNamestringThe middle name of the individual.
lastNamestringThe last name of the individual.
titlestringThe title of the related person.
registrationFilingstring
datestringThe date of the registration filing.
registrationTypestringThe type of registration.
regionstringThe state or locality of the business registration.
identityIdstringA unique ID that Prove generates to refer to a specific identity.
verifyResultstringThe result of the Verify process. Possible values are success, pending, and failed. If the Verify result is pending, clients will need to call the Verify Status API to get a result.
possessionResultstringThe result of the possession check. Possible values are pending and not_applicable, based on the possessionType passed in the input. Clients will have to call the Verify Status API to get a result if possessionResult=pending.
successstringThe result of the combination of verifyResult and possessionResult. Possible values are true, pending, and false. The value will be pending until the results of both Verify and Possession are returned or one of them fails, blocking the other.
allowOTPRetrybooleanIf true, the customer can re-enter the OTP up to three times. Code must also be implemented. See client-side SDK guide for more details.