Skip to main content
POST
/
v3
/
unify
Initiate Possession Check
package main

import (
	"fmt"
	"strings"
	"net/http"
	"io"
)

func main() {

	url := "https://platform.uat.proveapis.com/v3/unify"

	payload := strings.NewReader("{\n  \"finalTargetUrl\": \"https://www.example.com/landing-page\",\n  \"proveId\": \"a07b94ce-218c-461f-beda-d92480e40f61\",\n  \"smsMessage\": \"#### is your verification code.\",\n  \"clientRequestId\": \"71010d88-d0e7-4a24-9297-d1be6fefde81\",\n  \"ipAddress\": \"192.168.0.1\",\n  \"deviceId\": \"bf9ea15d-7dfa-4bb4-a64c-6c26b53472fc\",\n  \"clientCustomerId\": \"e0f78bc2-f748-4eda-9d29-d756844507fc\",\n  \"checkReputation\": true,\n  \"emailAddress\": \"sbutrimovichb@who.int\",\n  \"possessionType\": \"mobile\",\n  \"phoneNumber\": \"2001004011\",\n  \"clientHumanId\": \"7bfbb91d-9df8-4ec0-99a6-de05ecc23a9e\",\n  \"rebind\": true,\n  \"allowOTPRetry\": true\n}")

	req, _ := http.NewRequest("POST", url, payload)

	req.Header.Add("Authorization", "Bearer <token>")
	req.Header.Add("Content-Type", "application/json")

	res, _ := http.DefaultClient.Do(req)

	defer res.Body.Close()
	body, _ := io.ReadAll(res.Body)

	fmt.Println(res)
	fmt.Println(string(body))

}
{
  "success": "pending",
  "authToken": "eyJhbGciOi...",
  "correlationId": "713189b8-5555-4b08-83ba-75d08780aebd"
}
Use the following base URLs when integrating :https://platform.uat.proveapis.com - North America Sandbox Environmenthttps://platform.proveapis.com - North America Production Environmenthttps://platform.uat.eu.proveapis.com - European Union Sandbox Environmenthttps://platform.eu.proveapis.com - European Union Production Environment

Authorizations

Authorization
string
header
required

The access token received from the /token endpoint. Refer to the Authentication page for more details.

Body

application/json
clientRequestId
string
required

A client-generated unique ID for a specific session. This can be used to identify specific requests. The format of this ID is defined by the client - Prove recommends using a GUID, but any format can be accepted. Do not include Personally Identifiable Information (PII) in this field.

Example:

"71010d88-d0e7-4a24-9297-d1be6fefde81"

possessionType
string
required

The type of device being used - either desktop if using a desktop, mobile for iOS/Android native apps and mobile web, or none if no possession check is required.

Example:

"mobile"

allowOTPRetry
boolean

If true, the customer can re-enter the OTP up to three times. Code must also be implemented. See client-side SDK guide for more details.

Example:

true

checkReputation
boolean

If true, TrustScore verification will be performed.

Example:

true

clientCustomerId
string

A client-generated unique ID for a specific customer.

Example:

"e0f78bc2-f748-4eda-9d29-d756844507fc"

clientHumanId
string

A client-generated unique ID to identify a specific customer across business lines.

Example:

"7bfbb91d-9df8-4ec0-99a6-de05ecc23a9e"

deviceId
string

The unique identifier for the Prove Key on the device.

Example:

"bf9ea15d-7dfa-4bb4-a64c-6c26b53472fc"

emailAddress
string

The email address of the customer. Acceptable characters are: alphanumeric with symbols '@.+'.

Example:

"sbutrimovichb@who.int"

finalTargetUrl
string

The URL where the end user will be redirected at the end of Instant Link flow. Required when possessionType=desktop. Acceptable characters are: alphanumeric with symbols '-._+=/:?'. Max length is 128 characters.

Example:

"https://www.example.com/landing-page"

ipAddress
string

The IP address of the customer. Acceptable characters are: Alphanumeric with '.:' symbols.

Example:

"192.168.0.1"

phoneNumber
string

The mobile phone number. US phone numbers can be passed in with or without a leading +1. International phone numbers require a leading +1. Use the appropriate endpoint URL based on the region the number originates from. Acceptable characters are: alphanumeric with symbols '+'.

Required except when MobileAuth is used in US or a valid ProveID is provided.

Example:

"2001004011"

proveId
string

A unique ID to identify a specific customer obtained from a previous successful authentication.

Required if phoneNumber is not present and mobileAuth is not enabled in the US or phoneNumber is not present in the EU.

Example:

"a07b94ce-218c-461f-beda-d92480e40f61"

rebind
boolean

If true, rebinds the Prove Key with the newly verified phone number.

Example:

true

smsMessage
string

The message body sent in the Instant Link (flowType=desktop) or OTP (flowType=mobile) SMS message. If not provided, the following default messages will be used: Instant Link: "Complete your verification. If you did not make this request, do not click the link. ####" The verification URL replaces ####. OTP: "#### is your temporary code to continue your application. Caution: for your security, don't share this code with anyone." Use ####, #####, or ###### to generate 4-6 digit verification codes respectively. Default language is English. Max length is 160 characters. Non-ASCII characters are allowed.

Example:

"#### is your verification code."

Response

Successful Request.

correlationId
string
required

The unique ID that Prove generates for the flow. To continue the flow, the field will also be used for each of the subsequent API calls in the same flow - it cannot be reused outside of a single flow.

Example:

"713189b8-5555-4b08-83ba-75d08780aebd"

success
string
required

The status of the Unify request.

Example:

"pending"

authToken
string

The one-time use JWT for the client-side SDK.

Example:

"eyJhbGciOi..."

I