REST Endpoint Reference

Here you can find the description and guidance of how Actions can be validated by using AuthenticAction service Rest API.

Validate Session

POST /api/v1/validate

Validates the authenticated action. This request is usually made by the application backend to validate authenticity and correctness of the action requested by the client. A successful response specifies whether biometric and values were collected and matched and overall verification status of the Action.

Prerequisites:

An organization has been set in the AuthenticAction Service and you have been provided with the apiKey (Organization API Key) to perform AuthenticAction validations.

A session for AuthenticAction was initiated by the client with the designated ironvest-session-id.

CURL Example:
curl 'https://<Validation Endpoint>/api/v1/validate'
-H 'Content-Type: application/json'
-H 'apikey: <apiKey>'
--data-raw $'{ "cid": "<Client ID>", "csid": "<User Session ID>", "userID": "<User ID>", "additionalData": {"sessionData":[{"key": "amount", "value": 35, "synonyms": ["amount"]}, {"key": "payeeID", "value": 6, "synonyms": ["payeeList"]}, {"key": "accountNumber", "value": "66666666", "synonyms": ["account_number"]}, {"key": "notes", "value": "Wire transfer", "synonyms": ["notes"]}]}}'
--compressed
CURL Example (with mTLS enabled endpoint)
curl -X POST —cert <path_to_the_certificate> —key <path_to_the_certificate_private_key> 'https://<Validation Endpoint>/api/v1/validate'
-H 'Content-Type: application/json'
-H 'apikey: <apiKey>'
--data-raw $'{ "cid": "<Client ID>", "csid": "<User Session ID>", "userID": "<User ID>", "additionalData": {"sessionData":[{"key": "amount", "value": 35, "synonyms": ["amount"]}, {"key": "payeeID", "value": 6, "synonyms": ["payeeList"]}, {"key": "accountNumber", "value": "66666666", "synonyms": ["account_number"]}, {"key": "notes", "value": "Wire transfer", "synonyms": ["notes"]}]}}'
--compressed

Headers

Request Body

The value specified in sessionData can be either string or decimal number. The value matching is agnostic to the type of the value used.

Response

The request was successfully processed. The results details are specified in the response body.
{
    "verifiedAction": false,
    "indicators": {
        "iv_is_values_match": true,
        "iv_is_biometrics_match": false,
        "iv_is_values_collected": true,
        "iv_is_biometrics_collected": true,
        "iv_user_enrolled": false,
        "iv_spoof_detected": false
    }
}

Successful response contains the following details:

verifiedAction - boolean, designates the overall status

indicators - validation details

  • iv_is_values_match - form field values were collected and matched

  • iv_is_biometrics_match - biometric data was collected and matched

  • iv_is_values_collected - no form field values were collected for the activity

  • iv_is_biometrics_collected - no biometric data was collected for the activity

  • iv_user_enrolled - indicates if user was actively enrolled, version 2024-09-1 and up

  • iv_spoof_detected - indicates if a spoof attempt was detected, version 2024-09-1 and up

One of the possible values for errorMassgae is "processing", indicating that data received during the activity has not been fully processed yet. If an optional "retryAfterMS" period is specified, a subsequent request should be issued after waiting for the specified period of time for higher probability of a final response.

{
  "errorMessage": "processing",
  "retryAfterMS": 50
}
PreviousThe AuthenticAction Data

Last updated