Account Authentication Attempt API Use Cases

The Forter Authentication Attempt API is called after the Account Profile Access or Account Login APIs, because its role is to provide Forter with the results of the additional authentication carried out after an attempt at login or profile access has been made. Types of additional authentication include multi-factor authentication, one time passwords, and payment method verification.

Whether or not the user can pass the challenge is very important data in protecting your customers’ accounts. The Account Authentication Attempt API is used to provide Forter with the results of the additional authentication for account login.

Account Authentication Attempt API Request

The Authentication Attempt API provides Forter with more information about the customer verification. Forter can update its evaluation of the customer and provide you with appropriate decision updates (e.g. Forer might recommend to approve the customer if the verification succeeded, or suggest an alternative form of authentication if it failed).

The primary data points needed for the Account Authentication Attempt API are:

  • accountID
  • AdvancedAuthenticationMethod which contains information about the method of authentication done (email, phone, etc..),
  • correlation ID that was provided in the Login / Profile Access API response and is used to link the authentication attempt data to the original event that was decisioned.
  • ConnectionInformation - data that enables Forter to analyze browsing behavior, device and connection quality such as IP address, user agent and data collected via JS / mobile SDK
  "accountId": "e520-ba9a-367-60b",
  "eventTime": 1415287568000,
  "connectionInformation": {
    "customerIP": "",
    "userAgent": "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.73 Safari/537.36",
    "forterTokenCookie": "2315688945984",
  "additionalAuthenticationMethod": {
    "verificationOutcome": "SUCCESS",
    "correlationId": "HGJ7512345H3DE",
    "phoneVerification": {
      "phone": "15557654321",
      "smsVerified": {
        "sent": true,
        "timeSent": 1389567341,
        "timeVerified": 1388560227
      "phoneType": "HOME",
      "resourceOperation": "ADD"

Account Authentication Attempt API Response

The API response for the Account Authentication Attempt API will contain Forter’s decision regarding the attempted action based on both the evaluation of the customer’s reputation and the additional authentication performed.

  "forterDecision": "APPROVE",
  "recommendation": "",
  "accountId": "e520-ba9a-367-60b"