Skip to main content

Documentation Index

Fetch the complete documentation index at: https://developer.prove.com/llms.txt

Use this file to discover all available pages before exploring further.

Prove Human Assurance solution

Prove Human Assurance helps businesses treat human presence as a first-class signal: in real time, it separates genuine people from malicious automation before downstream cost and fraud. It passively evaluates whether a phone number behaves like a human authenticator tied to a credible device, contrasting typical consumer-phone behavior with patterns common to virtual machines, emulators, and IoT SIM–class endpoints that often show up in scripted or tolling abuse. Signals draw on phone reputation and activity, longitudinal tenure and authentication history, and device-oriented intelligence from Prove’s identity graph. It is not a substitute for your own controls, and it does not treat IP address or browser fingerprint alone as proof of a real human behind the interaction. Typical program goals teams pair with Human Assurance include:
  • Catching SMS pumping and toll-style abuse before you send large volumes of OTP or challenge traffic
  • Slowing scripted signups and developer-style account abuse at the top of the funnel
  • Surfacing low-tenure or suspicious numbers that lack credible human usage before you fully onboard or entitle an account
The product is aimed at moments that matter—sign-in, signup, or high-risk steps—where you need a timely human-vs-automation read before an attacker racks up abuse or burns trust downstream. Human Assurance is not a complete anti-abuse or bot-management program on its own. It gives you strong phone-centric signals (with supporting device and tenure context) and structured /v3/verify outcomes—including assurance level and policy-related fields interpreted through Global Fraud Policy—so your application can allow, step up, or block.
Human Assurance is available globally.
Flowchart: Human Assurance from v3/verify through a Success decision to Success=False or Success=True, then Continuous Monitoring and a phone number change event after success

How fits together

At a high level, rests on Authenticate, Verify, and optionally Manage. They describe how the real-time product is structured, not a rigid checklist: your integration may combine or revisit them depending on channel, risk, and whether the customer already has a bound Prove Key.

Authenticate (possession)

Authenticate means proving possession of the phone number. Your app integrates Prove’s Authenticate SDK (Web, iOS, or Android) so the customer can complete possession on the device. That establishes trust in the device and number before or alongside your server-side checks. End-to-end setup—including how your back end coordinates with Prove—is covered in the Authenticate guide.

Verify

Verify is your back end calling POST /v3/verify with the verification type and the inputs your flow requires to obtain a verification result and, when successful, identifiers such as proveId that you can persist for later calls, support, and linking to other Prove capabilities. End-to-end setup, Sandbox testing, and response handling are in the Verify guide.

Manage

Manage applies when a verified identity meets Prove’s Global Fraud Policy: it can be enrolled for continuous monitoring of phone and related identity changes. Number changes, disconnects, and coverage moves are signals you want after day one, not only at signup. That path is documented under the Manage guide. Webhook notifications for those phone and identity change events are available in the US.

Related topics

Human Assurance AuthenticateHuman Assurance ConnectHuman Assurance ManageHuman Assurance VerifyAssurance Levels