API to request Forter decision on user attempting to access or update sensitive account information
Account Profile Access Request Body
Account Profile Access API Request
When a user is attempting to access restricted resources, Forter can provide a decision to approve access or suggest that MFA be used for further validation. The relevant access type is denoted as the accessRequestType parameter on the request.
Possible values are:
- "VIEW_PERSONAL_PREFERENCES"
- "UPDATE_PASSWORD"
- "UPDATE_PAYMENT"
- "UPDATE_PHONE"
- "UPDATE_EMAIL"
- "UPDATE_ADDRESS"
- "REDEEM_ACCOUNT_ASSETS"
- "SHARE_CREDENTIALS"
The data you send should correspond with the"accessRequestType"
(e.g. when the account phone is updated, we ask that you provide the new phone number).
This API typically has lower volume than the Login API.
The primary data points for the Account Profile Access API are:
- Account ID
- AccessRequestType as noted above
- Details of changes to the merchant profile. The new Email / Phone / Address / Payment method / PasswordUpdateTriggerType in correspondence to the accessRequestType
- ConnectionInformation - Data that enables us to analyze browsing behavior, device and connection quality such as IP address, user agent and data collected via the Forter JavaScript or Mobile SDK.
{
"accountId": "e520-ba9a-367-60b",
"eventTime": 1415287568000,
"connectionInformation": {
"customerIP": "10.0.0.127",
"userAgent": "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.73 Safari/537.36",
"forterTokenCookie": "2315688945984"
},
"channelType": "WEB",
"passwordUpdateTrigger": "USER_FORGOT_PASSWORD",
"accountOwner": {
"firstName": "John",
"lastName": "Smith",
"email": "[email protected]",
"accountId": "e520-ba9a-367-60b",
"created": 1415273168,
"pastOrdersSum": 1702.5,
"lastLoginIP": "203.12.55.12"
},
"accessRequestType": "UPDATE_PASSWORD"
}
Account Profile Access Response
The Account Profile Access API response includes the Forter decision and potential recommendations, as well as a correlation ID that should be stored and used when you provide additional updates (e.g. result of MFA, if we recommended additional verification and you did carry out this authentication step - see Authentication Attempt API below for more information on this use case).
{
"forterDecision": "DECLINE",
"recommendation": "MFA",
"accountId": "e520-ba9a-367-60b"
}