Profile Access
Profile Access API is utilised to recieve each of the usecases mentioned, under Account profile protection
Account Profile Access Integration
Step 1: Front End Integration
In your dedicated Forter portal, you will receive a JavaScript snippet for both sandbox and production. For native mobile apps, you will receive links to download Forter's Native SDKs. You'll paste the JS script on the appropriate pages of your website or call mobile SDK methods on relevant mobile app screens so that it can load and asynchronously collect important behavioral data from your customer. The script or mobileUID generated by the mobile SDK will also generate a unique token for each user on your site that should be included in the Account Profile Access API Request Body.
Step 2: accountAccessRequest API
accountAccessRequest API Request
Forter can provide a decision to approve a frictionless account details change or suggest that Multi-Factor Auth if suspicious activity is detected. The relevant access type is denoted as the "UPDATE_PAYMENT" enum of the "accessRequestType" parameter in the request body. For the full API see, please see the Customer Account Profile Update section for more details.
The Primary Data Points for the Account Profile Access API request in the context of card testing are:
- Account ID
- AccessRequestType
UPDATE_PAYMENT - Details of the new item added to the user profile (phone, address, payment method).
- ConnectionInformation - Cyber intelligence data to analyze browsing behavior, device and connection quality such as IP address, user agent and data collected via JS / mobile SDK
For full details, please see the Account Profile Protection API Reference section for more details.
{
"accountId": "e520-ba9a-367-60b",
"eventTime": 1415287568000,
"connectionInformation": {
"customerIP": "10.0.0.127",
"userAgent": "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.73 Safari/537.36",
"forterTokenCookie": "2315688945984"
},
"channelType": "WEB",
"accountOwner": {
"email": "[email protected]",
"accountId": "e520-ba9a-367-60b",
"created": 1415273168
},
"newPaymentMethods": {
"billingDetails": {
"personalDetails": {
"firstName": "John",
"lastName": "Smith",
"email": "[email protected]"
},
"address": {
"address1": "235 Montgomery st.",
"city": "San Francisco",
"country": "US",
"zip": "94104"
}
},
"creditCard": {
"nameOnCard": "John R. H. Smith",
"bin": "424242",
"cardBrand": "VISA",
"lastFourDigits": "4242",
"expirationMonth": "03",
"expirationYear": "2025",
"verificationResults": {
"avsFullResult": "Y",
"cvvResult": "M"
}
}
},
"accessRequestType": "UPDATE_PAYMENT"
}Account Profile Update API Response
The Account Profile Access API response will include the Forter decision and potential recommendations, as well as a correlation ID that should be stored and used when the merchant provides additional updates (e.g. result of MFA).
Key Fields:
forterDecision: The latest Forter decision regarding the attempted action. Said fields may hold one of various options:
- "APPROVE" for approved signup requests, where user should be allowed to register for a new accounts;
- "DECLINE" for declined signup requests, where user should be declined from registering for new accounts;
- "VERIFICATION_REQUIRED" for signup requests, where user should be triggered an additional verification (via email, sms, etc.,;
- "NOT_REVIEWED".
recommendation: A specific recommendation for an action that might help the customer to complete their transaction/action (e.g. verify phone via SMS, verify via push notification, verify email, perform a 3DS check, etc.)
originalOrderId: Unique order/transaction identifier for which this access request is referring to, if relevant.
{
"forterDecision": "DECLINE",
"decisionReason": "",
"accountId": "e520-ba9a-367-60b",
"originalOrderId": "HGJ7512345H3DE",
"recommendation": ""
}NIR - add use cases for profile access request + response + consider if profile access should be nested or main tab
Updated 3 days ago