Skip to main content
POST
/
v1
/
api
/
shield
/
assess
Assess fraud and risk for a session
curl --request POST \
  --url http://service.authmatech.com/v1/api/shield/assess \
  --header 'Content-Type: application/json' \
  --header 'X-API-KEY: <api-key>' \
  --header 'X-CLIENT-ID: <x-client-id>' \
  --data '
{
  "mobileNumber": "<string>",
  "metadataId": "<string>",
  "sessionId": "<string>",
  "sdkSessionId": "<string>",
  "device": {
    "platform": "<string>",
    "osVersion": "<string>",
    "model": "<string>",
    "appVersion": "<string>",
    "sdkVersion": "<string>",
    "isRooted": true,
    "isEmulator": true,
    "vpnDetected": true,
    "proxyDetected": true,
    "appIntegrityStatus": "<string>",
    "deviceId": "<string>"
  },
  "network": {
    "ipAddress": "<string>",
    "countryCode": "<string>",
    "operator": "<string>",
    "connectionType": "<string>"
  }
}
'
{}
Authmatech Shield evaluates device and network signals (and any linked sdkSessionId) and returns a real-time risk decision for the action in front of you. The response data includes:
FieldDescription
decisionALLOW, CHALLENGE, REVIEW, or BLOCK
riskScore / riskLevel0–100 and LOW/MEDIUM/HIGH/CRITICAL (higher is riskier)
reasonCodesWhy the decision was reached
sdkVerifiedWhether the referenced SDK session was found and validated
deviceConsistencyLevelSTABLE, INCONSISTENT, or UNKNOWN vs. the verified session
operatorConsistencyLevelSTABLE, CHANGED, or UNKNOWN vs. the verified session
transactionIdUnique id for this assessment (SH-…)
Requires the Shield product enabled. See the Trust, Shield & Detect guide.

Authorizations

X-API-KEY
string
header
required

Headers

X-CLIENT-ID
string
required

Body

application/json
mobileNumber
string
metadataId
string
sessionId
string
sdkSessionId
string
device
object
network
object

Response

200 - */*

OK

The response is of type object.