IronVest AuthenticAction Developer Documentation
  • AuthenticAction Client SDK
    • Components and Considerations
    • 📱Android Programming
    • 📱iOS Programming
    • 🖥️JavaScript Programming
  • Service Components
    • The AuthenticAction Service
    • The AuthenticAction Data
    • REST Endpoint Reference
Powered by GitBook
On this page
  1. Service Components

REST Endpoint Reference

Here you can find the description and guidance of how Actions can be validated by using AuthenticAction service Rest API.

Validate Session

POST /api/v1/validate

Validates the authenticated action. This request is usually made by the application backend to validate authenticity and correctness of the action requested by the client. A successful response specifies whether biometric and values were collected and matched and overall verification status of the Action.

Prerequisites:

An organization has been set in the AuthenticAction Service and you have been provided with the apiKey (Organization API Key) to perform AuthenticAction validations.

A session for AuthenticAction was initiated by the client with the designated ironvest-session-id.

CURL Example:
curl 'https://<Validation Endpoint>/api/v1/validate'
-H 'Content-Type: application/json'
-H 'apikey: <apiKey>'
--data-raw $'{ "cid": "<Client ID>", "csid": "<User Session ID>", "userID": "<User ID>", "additionalData": {"sessionData":[{"key": "amount", "value": 35, "synonyms": ["amount"]}, {"key": "payeeID", "value": 6, "synonyms": ["payeeList"]}, {"key": "accountNumber", "value": "66666666", "synonyms": ["account_number"]}, {"key": "notes", "value": "Wire transfer", "synonyms": ["notes"]}]}}'
--compressed
CURL Example (with mTLS enabled endpoint)
curl -X POST —cert <path_to_the_certificate> —key <path_to_the_certificate_private_key> 'https://<Validation Endpoint>/api/v1/validate'
-H 'Content-Type: application/json'
-H 'apikey: <apiKey>'
--data-raw $'{ "cid": "<Client ID>", "csid": "<User Session ID>", "userID": "<User ID>", "additionalData": {"sessionData":[{"key": "amount", "value": 35, "synonyms": ["amount"]}, {"key": "payeeID", "value": 6, "synonyms": ["payeeList"]}, {"key": "accountNumber", "value": "66666666", "synonyms": ["account_number"]}, {"key": "notes", "value": "Wire transfer", "synonyms": ["notes"]}]}}'
--compressed

Headers

Name
Type
Description

apiKey*

string

Authentication token.

Request Body

Name
Type
Description

cid*

String

Customer ID

csid*

String

Customer Session ID

userID*

String

User ID

additionalData*

Json

Activity related data. Example:

{

"sessionData":[{

"key":"amount",

"value":50,

"synonyms":["total"]}],

"action": "WireTransfer"

}

additionalData:sessionData*

Json list

List of form fields values, can be empty

additionalData:action*

String

Action name. Meaningful name for validation and presentation purposes.

isEnrollment

Bool

Supported starting version 2024-09-1 In case an active enrollment to biometrics is enforced, this flag indicates that the validate request is made in context of the enrollment and if the session is successful the user will be marked as enrolled.

The value specified in sessionData can be either string or decimal number. The value matching is agnostic to the type of the value used.

Response

The request was successfully processed. The results details are specified in the response body.
{
    "verifiedAction": false,
    "indicators": {
        "iv_is_values_match": true,
        "iv_is_biometrics_match": false,
        "iv_is_values_collected": true,
        "iv_is_biometrics_collected": true,
        "iv_user_enrolled": false,
        "iv_spoof_detected": false
    }
}
Error message in response indicates application level error
{
  "errorMessage": "string"
}
{
    "success": false,
    "error": "relevant error message"
}

Successful response contains the following details:

verifiedAction - boolean, designates the overall status

indicators - validation details

  • iv_is_values_match - form field values were collected and matched

  • iv_is_biometrics_match - biometric data was collected and matched

  • iv_is_values_collected - no form field values were collected for the activity

  • iv_is_biometrics_collected - no biometric data was collected for the activity

  • iv_user_enrolled - indicates if user was actively enrolled, version 2024-09-1 and up

  • iv_spoof_detected - indicates if a spoof attempt was detected, version 2024-09-1 and up

One of the possible values for errorMassgae is "processing", indicating that data received during the activity has not been fully processed yet. If an optional "retryAfterMS" period is specified, a subsequent request should be issued after waiting for the specified period of time for higher probability of a final response.

{
  "errorMessage": "processing",
  "retryAfterMS": 50
}
PreviousThe AuthenticAction Data

Last updated 7 months ago