Skip to main content
Verification tells you a customer controls their number. Identity intelligence tells you whether to trust the action they’re about to take. Three products — Trust, Shield, and Detect — consume the same device and network signals and answer three different questions.
ProductQuestion it answersReturns
TrustHow confident are we in this identity?A 0–100 score + recommendation
ShieldShould we allow this specific action right now?A decision: ALLOW / CHALLENGE / REVIEW / BLOCK
DetectIs there a pattern of abuse around this identity?A list of anomalies + recommended action

Shared signals

All three accept the same building blocks in the request body, so you collect them once and reuse them:
  • device (DeviceSignal) — platform, OS version, model, app/SDK version, and integrity flags such as isRooted, isEmulator, vpnDetected, proxyDetected, and appIntegrityStatus.
  • network (NetworkSignal) — ipAddress, countryCode, operator, and connectionType.
  • mobileNumber, sessionId, and an optional sdkSessionId that links back to a verified SDK session.
  • metadataId — your own correlation id, echoed back on the response so you can join results to your records.
Pass the sdkSessionId from a recent verification so Shield and Detect can compare the live request against the device context captured at verification time. This is what powers consistency checks like “same device?” and “operator changed?”.

Authmatech Trust

Trust aggregates the signals into a single, identity-grade score so you can drop confidence into decisions as a number. 
{
  "transactionId": "TR-…",
  "trustScore": 85,
  "confidence": "HIGH",
  "recommendation": "ALLOW",
  "positiveFactors": ["network_stable", "device_known"],
  "riskFactors": ["velocity_spike"],
  "breakdown": { "network_score": 90, "device_score": 75 },
  "metadataId": "order-9921"
}
  • trustScore — 0–100; higher means more trustworthy.
  • confidenceHIGH, MEDIUM, or LOW.
  • recommendation — a suggested action: ALLOW, CHALLENGE, REVIEW, or BLOCK.
  • breakdown — the component scores behind the headline number.
Use Trust when you want one portable number to feed into rules you already run. See POST /v1/api/trust/score.

Authmatech Shield

Shield is decision-first. It evaluates the session and returns the action to take, with reason codes you can log and act on. 
{
  "transactionId": "SH-…",
  "riskScore": 42,
  "riskLevel": "MEDIUM",
  "decision": "CHALLENGE",
  "reasonCodes": ["velocity_check_failed", "operator_changed"],
  "sdkVerified": true,
  "deviceConsistencyLevel": "INCONSISTENT",
  "operatorConsistencyLevel": "CHANGED"
}
  • decisionALLOW, CHALLENGE, REVIEW, or BLOCK.
  • riskScore / riskLevel — 0–100 and LOW/MEDIUM/HIGH/CRITICAL (higher is riskier — the inverse of Trust).
  • sdkVerified — whether the referenced sdkSessionId was found and validated.
  • deviceConsistencyLevel / operatorConsistencyLevel — how the live session compares to the verified session.
Use Shield at the moment of a sensitive action — login, payout, password reset. See POST /v1/api/shield/assess.

Authmatech Detect

Detect looks across time and across your base. It builds a behavior timeline and surfaces anomalies rather than scoring a single action. 
{
  "transactionId": "DE-…",
  "riskLevel": "HIGH",
  "anomalies": [
    { "code": "MULTI_ACCOUNT", "description": "Multiple accounts on one device" },
    { "code": "VELOCITY_SPIKE", "description": "Unusual request rate" }
  ],
  "recommendedAction": "CHALLENGE",
  "anomalyScore": 50,
  "affectedCount": 2,
  "windowStats": { "request_count_1h": 12, "unique_devices_24h": 3 }
}
  • anomalies — typed findings such as multi-account behavior, velocity spikes, repeated failures, and unusual network patterns.
  • recommendedActionALLOW, MONITOR, CHALLENGE, or BLOCK.
  • anomalyScore — scales with the number of anomalies detected (capped at 100).
Use Detect to feed fraud-ops dashboards and batch reviews. See POST /v1/api/detect/analyze.

Choosing between them

  • Want one number to plug into existing rules? Use Trust.
  • Want a ready-made decision at the point of action? Use Shield.
  • Want to find patterns of abuse over time? Use Detect.
They compose well: many teams call Shield inline for the decision and run Detect continuously to catch slow-building abuse.
Each intelligence product must be enabled for your account. If a product isn’t on your plan, the API responds with 400 Bad Request and a message explaining it. Contact sales@authmatech.com to enable a product.