Skip to main content
This guide takes you from a fresh account to your first successful verification. By the end, you will have confirmed a mobile identity through the Authmatech API and seen the response your integration is built on. It takes about five minutes.
Authmatech provides a sandbox so you can build and test without affecting production traffic or consuming live balance. See Testing & environments for details.
1

Get your credentials

Sign in to the Authmatech dashboard. Generate your API key and copy two values:
  • Client ID — sent as the X-CLIENT-ID header on every request.
  • API key — sent as the X-API-KEY header on every request.
Your API key grants full server-side access to your account. Never commit it to source control, expose it in browser code, or paste it into public forums. The key is shown once at generation — store it in a secrets manager. If it leaks, rotate it immediately from the dashboard.
2

Confirm a mobile identity with cURL

From your backend, run the request below. Replace the credentials and the mobileNumber. In a real integration, encryptedMobileNumber and operatorId come from the Authmatech SDK after mobile-network header enrichment — see How silent verification works.
curl -X POST https://service.authmatech.com/v1/api/verify \
  -H "X-API-KEY: YOUR_API_KEY" \
  -H "X-CLIENT-ID: YOUR_CLIENT_ID" \
  -H "Content-Type: application/json" \
  -d '{
    "mobileNumber": "+962791234567",
    "encryptedMobileNumber": "BASE64_ENCRYPTED_BLOB_FROM_SDK",
    "operatorId": "ZAIN_JO",
    "serviceType": "LOGIN",
    "sdkSessionId": "b1f2c3d4-..."
  }'
PartDescription
POST /v1/api/verifyThe Verify endpoint
X-API-KEYYour server-side API key
X-CLIENT-IDYour Client ID
mobileNumberThe number the customer claims, in E.164 format
encryptedMobileNumberThe encrypted proof of possession returned by the SDK
operatorIdThe mobile network operator that enriched the session
serviceTypeThe use case: REGISTRATION, LOGIN, RESET_PASS, UPDATE_DETAILS, or TRANSACTION
sdkSessionIdOptional — links the verification to a stored SDK session for Shield/Detect
3

Read the response

A successful request returns HTTP 200 OK. Authmatech wraps every response in a consistent envelope: a success flag, a messages array, and a data payload.
{
  "success": true,
  "messages": [
    { "type": "SUCCESS", "code": null, "message": null, "httpStatus": "OK", "technical": false, "arguments": null }
  ],
  "data": {
    "validNumber": true
  }
}
data.validNumber is the verdict: true means the customer controls the number they presented. Add ?maskMobile=true to also receive a masked copy of the confirmed number (e.g. ********67).If something is wrong, success is false and the messages array explains why. The most common first-call issues:
StatusLikely cause
401 UnauthorizedMissing or invalid X-API-KEY / X-CLIENT-ID
400 Bad RequestA required field is missing or the body is malformed
400 Bad RequestInsufficient or expired balance, or the product isn’t enabled for your account
See the Error reference for the full list.

Add intelligence to the decision

Once a number is verified, enrich the decision using the same session:

Trust score

Turn the signals into a single 0–100 trust score with a recommendation.

Shield assessment

Get a real-time risk decision: ALLOW, CHALLENGE, REVIEW, or BLOCK.

What’s next?

Authentication

Header details, credential types, and security best practices.

Web SDK

Run silent verification in the browser, end to end.

Verify guide

The full server-side verification flow and edge cases.

API reference

Every endpoint with an interactive playground.