Review the steps for implementing Verified Users
Prompt Customer
Determine Type of Flow
isMobile
is true, set mobile
as the possessionType
for the Start()
function on the server, otherwise you can set desktop
:Call the Verify Endpoint
Verify()
function. This function takes these required parameters:possessionType
: either desktop
or mobile
to describe which type of device the customer is starting their flow on.
phoneNumber
: the phone number of the customer.
firstName
: the first name of the customer.
lastName
: the last name of the customer.
finalTargetURL
: required when possessionType=desktop
. This should be a URL you maintain. Once the customer clicks the Instant Link, they will be redirected to this URL. It should instruct the customer to continue the workflow. Maximum length is 128 characters.
smsMessage
: a field to customize the message body sent in the Instant Link or OTP SMS message. Otherwise, you can use Prove defaults.
clientCustomerId
: a client-generated unique ID for a specific customer. You can link calls related to the same customer, across different requests or sessions. The client defines the format of this ID.
clientRequestId
: a client-generated unique ID for a specific request. You can identify specific requests using this field. You determine the format of this ID.
allowOTPRetry
: set to true
to allow the customer to re-enter the OTP up to three times. Defaults to false
.
authToken
: send this to your client-side code through the Authenticate()
function - it’s a JSON Web Token (JWT) tied to the current flow and used for the possession checks. It expires after 15 minutes.
correlationId
: save this in your current session, then pass it in to VerifyStatus()
of the same flow. The correlation ID ties together different system calls for the same Prove flow. It can aids in troubleshooting. The session expires in 15 minutes from when the correlation ID returns from the Verify()
call.
possessionResult
: will return pending
since the possession check needs to complete first.
verifyResult
: pending
since the verification check needs to complete first.
success
: the result of the combination of verifyResult
and possessionResult
. A result of pending
is returned until the Verify and Possession checks are completed.
authToken
in a response to the front end.Authenticate
authToken
, build the authenticator for both the mobile and desktop flows.withOtpFallback(startStep: OtpStartStep | OtpStartStepFn, finishStep: OtpFinishStep | OtpFinishStepFn)
, requires implementing the OtpStartStep
and OtpFinishStep
. When returning the phone number in the functions, ensure you return an object with the field phoneNumber
to the resolve()
function. The default implementation is below, but you can also view the other tabs if you wish to enable advanced capabilities.The OTP session has a two minute timeout from when it’s sent through Short Message Service (SMS) to when the customer can enter in the OTP./v3/start
endpoint. In this case, you’ve already prompted for a phone number so you don’t need to prompt for it in the client SDK.Since you passed the phone number in the Start()
function, call resolve(null)
to communicate to the SDK you have the customer’s agreement to deliver the SMS message. Ensure you return an object to resolve()
function.reject('some error message')
method to communicate to the SDK any issues while trying to obtain the phone number or the OTP. Report an error if the customer cancels the SMS transaction or presses the back button to leave the screen.In the finish step, call the resolve(result: OtpFinishResult)
method to return the collected OTP value in which result
variable has OnSuccess
value for OtpFinishResultType
and the OTP value wrapped in OtpFinishInput
.withInstantLinkFallback(startStep: InstantLinkStartStep | InstantLinkStartStepFn, retryStep?: InstantLinkRetryStep | InstantLinkRetryStepFn)
requires implementing the InstantLinkStartStep
interface and optionally the InstantLinkRetryStep
interface if you wish for advanced capabilities. When returning the phone number in the functions, ensure you return an object with the field phoneNumber
to the resolve()
function.The Instant Link session has a three minute timeout from when it’s sent through Short Message Service (SMS) to when the customer can click the received link./v3/start
endpoint. In this case, you’ve already prompted for a phone number so you don’t need to prompt for it in the client SDK.Since you passed the phone number in the Start()
function, call resolve(null)
to communicate to the SDK you have the customer’s agreement to deliver the SMS message. Ensure you return an object to resolve()
function.AuthFinishStep
function finishes.wss: device.uat.prove-auth.proveapis.com
and wss: device.prove-auth.proveapis.com
.Verify Mobile Number
AuthFinishStep
, you’ll specify a function to call once the possession checks complete on the mobile phone. This endpoint on your back end server calls the VerifyStatus()
function to validate the phone number. The AuthFinishStep
then completes.Validate Possession and Ownership of Mobile Phone
POST /verify-status
to make the next call in the flow to the VerifyStatus()
function.This function requires the Correlation ID which is returned by the Verify()
function.success
: The result of the combination of Verify Result and Possession Result. Possible values are true
or false
.
possessionResult
: either success
if the possession check was successful or failed
if it failed.
verifyResult
: either success
if the verification was successful or failed
if it failed, or not_applicable
if possession failed.
Access the Portal
Find Your Project
Configure Webhook
Authenticate Webhook
whsec_your_secret
with the secret provided by the Portal.Parse the Webhook Payload
Field Definitions
Access Production
identityId
will result in no further notifications for that identity.
In the event your customer provides an updated phone number, we’d recommend initiating a new verification with the updated identity information. If verification is successful, Prove will monitor the updated phone number.