Prove Identity Manager

Identity lifecycle management - enroll, batch enroll, get, lookup by phone number, cross-domain, and disenroll - that maintains a persistent customer identity record keyed to a phone number for recognition across sessions and domains.

OpenAPI Specification

prove-openapi.yml Raw ↑
openapi: 3.0.1
info:
  title: Prove API
  description: >-
    Phone-centric identity verification and authentication API. The Prove API
    (v3) uses a consumer's mobile phone number and cryptographic possession
    signals to power the Pre-Fill verification flow (start, validate, challenge,
    complete), Unified Authentication / Trust Score (unify, unify-bind,
    unify-status), identity discovery (discover, fetch), phone-based Auth, and a
    persistent Identity Manager. All endpoints are OAuth 2.0 (client-credentials)
    secured; obtain a Bearer access token from the /token endpoint and send it as
    `Authorization: Bearer <token>` on every subsequent request.
  termsOfService: https://www.prove.com/legal/terms
  contact:
    name: Prove Developer Support
    url: https://developer.prove.com
  version: '3.0'
servers:
  - url: https://api.prove.com/v3
    description: Production
  - url: https://platform.proveapis.com/v3
    description: Production (platform host)
  - url: https://platform.uat.proveapis.com/v3
    description: UAT / Sandbox
security:
  - bearerAuth: []
tags:
  - name: Authentication
    description: OAuth 2.0 token issuance.
  - name: Identity Verification
    description: Ordered Pre-Fill verification flow - start, validate, challenge, complete.
  - name: Trust Score
    description: Unified Authentication possession and trust evaluation.
  - name: Pre-Fill
    description: Identity discovery and verified attribute retrieval.
  - name: Auth
    description: Phone-based authentication and device binding.
  - name: Identity
    description: Persistent identity lifecycle management.
  - name: Domain
    description: Cross-domain linking of identity scopes.
paths:
  /token:
    post:
      operationId: v3TokenRequest
      tags:
        - Authentication
      summary: Issue an OAuth 2.0 access token
      description: >-
        Exchange a client ID and client secret for a short-lived Bearer access
        token using the OAuth 2.0 client-credentials grant. The returned
        access_token must be sent as `Authorization: Bearer <token>` on all
        other Prove API calls.
      requestBody:
        required: true
        content:
          application/x-www-form-urlencoded:
            schema:
              $ref: '#/components/schemas/TokenRequest'
      responses:
        '200':
          description: A new access token.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/TokenResponse'
        '401':
          $ref: '#/components/responses/Unauthorized'
      security: []
  /start:
    post:
      operationId: v3StartRequest
      tags:
        - Identity Verification
      summary: Start a Pre-Fill verification flow
      description: >-
        Initiates the identity verification session against a mobile phone
        number, indicates whether the session is desktop or mobile, and returns a
        correlation ID plus an auth token and the set of allowed next calls.
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/V3StartRequest'
      responses:
        '200':
          description: Flow started.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/V3StartResponse'
        '400':
          $ref: '#/components/responses/BadRequest'
        '401':
          $ref: '#/components/responses/Unauthorized'
  /validate:
    post:
      operationId: v3ValidateRequest
      tags:
        - Identity Verification
      summary: Validate the started flow
      description: >-
        Validates the initiated flow against the correlation ID returned by
        /start and confirms phone possession. The response Next field indicates
        whether a challenge is required before completing.
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/V3ValidateRequest'
      responses:
        '200':
          description: Flow validated.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/V3FlowResponse'
        '400':
          $ref: '#/components/responses/BadRequest'
        '401':
          $ref: '#/components/responses/Unauthorized'
  /challenge:
    post:
      operationId: v3ChallengeRequest
      tags:
        - Identity Verification
      summary: Challenge the customer
      description: >-
        When /validate returns `v3-challenge` in its Next field, submit a
        knowledge challenge (date of birth and/or last four of SSN) to raise
        assurance before completing the flow.
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/V3ChallengeRequest'
      responses:
        '200':
          description: Challenge evaluated.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/V3FlowResponse'
        '400':
          $ref: '#/components/responses/BadRequest'
        '401':
          $ref: '#/components/responses/Unauthorized'
  /complete:
    post:
      operationId: v3CompleteRequest
      tags:
        - Identity Verification
      summary: Complete the Pre-Fill flow
      description: >-
        Final call in the flow. Submits the customer's claimed identity for
        real-time reconciliation against the phone number and returns the IDV /
        KYC evaluation and prefilled identity attributes.
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/V3CompleteRequest'
      responses:
        '200':
          description: Flow completed.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/V3CompleteResponse'
        '400':
          $ref: '#/components/responses/BadRequest'
        '401':
          $ref: '#/components/responses/Unauthorized'
  /unify:
    post:
      operationId: v3UnifyRequest
      tags:
        - Trust Score
      summary: Start a Unified Authentication flow
      description: >-
        Initiates a Unify (Unified Authentication) flow that passively recognizes
        a returning customer by phone possession and an optional bound Prove Key,
        returning a correlation ID and the set of allowed next calls.
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/V3UnifyRequest'
      responses:
        '200':
          description: Unify flow started.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/V3FlowResponse'
        '400':
          $ref: '#/components/responses/BadRequest'
        '401':
          $ref: '#/components/responses/Unauthorized'
  /unify-bind:
    post:
      operationId: v3UnifyBindRequest
      tags:
        - Trust Score
      summary: Bind a Prove Key to a Unify session
      description: >-
        Binds a Prove Key to the phone number of a Unify session and returns the
        possession result so the customer can be passively recognized on future
        visits.
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/V3CorrelationRequest'
      responses:
        '200':
          description: Prove Key bound.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/V3FlowResponse'
        '400':
          $ref: '#/components/responses/BadRequest'
        '401':
          $ref: '#/components/responses/Unauthorized'
  /unify-status:
    post:
      operationId: v3UnifyStatusRequest
      tags:
        - Trust Score
      summary: Get Unify session status and trust result
      description: >-
        Checks the status of a Unify session and returns the possession and trust
        evaluation used to make a risk-aware authentication decision.
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/V3CorrelationRequest'
      responses:
        '200':
          description: Unify status.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/V3UnifyStatusResponse'
        '400':
          $ref: '#/components/responses/BadRequest'
        '401':
          $ref: '#/components/responses/Unauthorized'
  /discover:
    get:
      operationId: v3DiscoverRequest
      tags:
        - Pre-Fill
      summary: Discover available identity attributes
      description: >-
        Returns which verified identity attributes Prove can provide for the
        session's phone number; the discovered attribute keys are then passed to
        /fetch to retrieve their values.
      responses:
        '200':
          description: Discoverable attributes.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/DiscoverResponse'
        '401':
          $ref: '#/components/responses/Unauthorized'
  /fetch:
    get:
      operationId: v3FetchRequest
      tags:
        - Pre-Fill
      summary: Fetch verified identity attribute values
      description: >-
        Fetches the authoritative values for the identity attributes surfaced by
        /discover so onboarding forms can be prefilled with verified data.
      responses:
        '200':
          description: Attribute values.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/FetchResponse'
        '401':
          $ref: '#/components/responses/Unauthorized'
  /server/auth/start:
    post:
      operationId: authStartRequest
      tags:
        - Auth
      summary: Start a phone authentication flow
      description: >-
        Begins a phone-based authentication flow for a known customer, returning
        an auth identifier used to drive the client possession challenge.
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/AuthStartRequest'
      responses:
        '200':
          description: Auth flow started.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/AuthResponse'
        '401':
          $ref: '#/components/responses/Unauthorized'
  /server/auth/continue:
    post:
      operationId: authContinueRequest
      tags:
        - Auth
      summary: Continue a phone authentication flow
      description: Continues an in-progress authentication flow with intermediate possession data.
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/AuthContinueRequest'
      responses:
        '200':
          description: Auth flow continued.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/AuthResponse'
        '401':
          $ref: '#/components/responses/Unauthorized'
  /server/auth/finish:
    post:
      operationId: authFinishRequest
      tags:
        - Auth
      summary: Finish a phone authentication flow
      description: >-
        Completes the auth flow and returns the final authentication result for
        the customer's phone possession.
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/AuthContinueRequest'
      responses:
        '200':
          description: Auth result.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/AuthResponse'
        '401':
          $ref: '#/components/responses/Unauthorized'
  /device/revoke:
    post:
      operationId: v3DeviceRevokeRequest
      tags:
        - Auth
      summary: Revoke a bound device
      description: Revokes a previously bound device / Prove Key so it can no longer be used for passive authentication.
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/DeviceRevokeRequest'
      responses:
        '200':
          description: Device revoked.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/SuccessResponse'
        '401':
          $ref: '#/components/responses/Unauthorized'
  /identity:
    get:
      operationId: v3BatchGetIdentities
      tags:
        - Identity
      summary: Batch get identities
      description: >-
        Returns a paginated page of enrolled identities. Pass the lastKey from a
        previous response as startKey to page forward.
      parameters:
        - name: startKey
          in: query
          required: false
          description: Pagination token returned as lastKey from a previous call.
          schema:
            type: string
      responses:
        '200':
          description: A page of identities.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/IdentityListResponse'
        '401':
          $ref: '#/components/responses/Unauthorized'
    post:
      operationId: v3EnrollIdentity
      tags:
        - Identity
      summary: Enroll an identity
      description: Enrolls a customer identity keyed to a phone number for persistent recognition across sessions.
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/EnrollIdentityRequest'
      responses:
        '200':
          description: Identity enrolled.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Identity'
        '400':
          $ref: '#/components/responses/BadRequest'
        '401':
          $ref: '#/components/responses/Unauthorized'
  /identity/batch:
    post:
      operationId: v3BatchEnrollIdentities
      tags:
        - Identity
      summary: Batch enroll identities
      description: Enrolls multiple customers (up to 100) in a single request for efficient bulk operations.
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
              properties:
                identities:
                  type: array
                  maxItems: 100
                  items:
                    $ref: '#/components/schemas/EnrollIdentityRequest'
      responses:
        '200':
          description: Identities enrolled.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/IdentityListResponse'
        '401':
          $ref: '#/components/responses/Unauthorized'
  /identity/{mobileNumber}/lookup:
    get:
      operationId: v3GetIdentitiesByPhoneNumber
      tags:
        - Identity
      summary: Get identities by phone number
      description: Returns enrolled identities associated with a given mobile number.
      parameters:
        - name: mobileNumber
          in: path
          required: true
          description: E.164 or local mobile number to look up.
          schema:
            type: string
      responses:
        '200':
          description: Matching identities.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/IdentityListResponse'
        '401':
          $ref: '#/components/responses/Unauthorized'
  /identity/{proveId}:
    get:
      operationId: v3GetIdentity
      tags:
        - Identity
      summary: Get an identity
      description: Returns a single enrolled identity by its Prove identity ID.
      parameters:
        - name: proveId
          in: path
          required: true
          schema:
            type: string
      responses:
        '200':
          description: The identity.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Identity'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '404':
          $ref: '#/components/responses/NotFound'
    delete:
      operationId: v3DisenrollIdentity
      tags:
        - Identity
      summary: Disenroll an identity
      description: Removes an enrolled identity by its Prove identity ID.
      parameters:
        - name: proveId
          in: path
          required: true
          schema:
            type: string
      responses:
        '200':
          description: Identity disenrolled.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/SuccessResponse'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '404':
          $ref: '#/components/responses/NotFound'
  /identity/{identityId}/cross-domain:
    post:
      operationId: v3CrossDomainIdentity
      tags:
        - Identity
      summary: Cross-domain identity
      description: Shares or resolves an enrolled identity across linked domains.
      parameters:
        - name: identityId
          in: path
          required: true
          schema:
            type: string
      responses:
        '200':
          description: Cross-domain result.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Identity'
        '401':
          $ref: '#/components/responses/Unauthorized'
  /domain/link:
    post:
      operationId: v3DomainLinkRequest
      tags:
        - Domain
      summary: Link a domain
      description: Initiates linking the current domain to another domain so identities can be shared.
      responses:
        '200':
          description: Link initiated.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/SuccessResponse'
        '401':
          $ref: '#/components/responses/Unauthorized'
  /domain/confirm-link:
    post:
      operationId: v3DomainConfirmLinkRequest
      tags:
        - Domain
      summary: Confirm a domain link
      description: Confirms a pending domain link request.
      responses:
        '200':
          description: Link confirmed.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/SuccessResponse'
        '401':
          $ref: '#/components/responses/Unauthorized'
  /domain/unlink:
    post:
      operationId: v3DomainUnlinkRequest
      tags:
        - Domain
      summary: Unlink a domain
      description: Removes a link between two domains.
      responses:
        '200':
          description: Link removed.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/SuccessResponse'
        '401':
          $ref: '#/components/responses/Unauthorized'
  /domain/id:
    get:
      operationId: v3DomainIDRequest
      tags:
        - Domain
      summary: Get domain details
      description: Returns details about the current domain.
      responses:
        '200':
          description: Domain details.
          content:
            application/json:
              schema:
                type: object
                additionalProperties: true
        '401':
          $ref: '#/components/responses/Unauthorized'
  /domain/linked:
    get:
      operationId: v3DomainLinkedRequest
      tags:
        - Domain
      summary: List linked domains
      description: Returns the list of domains linked to the current domain.
      responses:
        '200':
          description: Linked domains.
          content:
            application/json:
              schema:
                type: object
                additionalProperties: true
        '401':
          $ref: '#/components/responses/Unauthorized'
components:
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer
      bearerFormat: JWT
      description: OAuth 2.0 client-credentials Bearer access token obtained from POST /token.
    oauth2:
      type: oauth2
      flows:
        clientCredentials:
          tokenUrl: https://api.prove.com/v3/token
          scopes: {}
  responses:
    BadRequest:
      description: The request was malformed or failed validation.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
    Unauthorized:
      description: Missing, invalid, or expired access token.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
    NotFound:
      description: The requested resource was not found.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
  schemas:
    TokenRequest:
      type: object
      required:
        - grant_type
        - client_id
        - client_secret
      properties:
        grant_type:
          type: string
          enum:
            - client_credentials
          description: OAuth 2.0 grant type.
        client_id:
          type: string
          description: Prove-issued client ID.
        client_secret:
          type: string
          description: Prove-issued client secret.
    TokenResponse:
      type: object
      properties:
        access_token:
          type: string
        token_type:
          type: string
          example: Bearer
        expires_in:
          type: integer
          description: Access token lifetime in seconds.
        refresh_token:
          type: string
        refresh_expires_in:
          type: integer
    V3StartRequest:
      type: object
      required:
        - flowType
        - phoneNumber
      properties:
        flowType:
          type: string
          enum:
            - desktop
            - mobile
          description: Whether the session originates on desktop or mobile.
        phoneNumber:
          type: string
          description: Customer mobile phone number.
        finalTargetURL:
          type: string
          format: uri
          description: URL to redirect to at the end of a desktop (Instant Link) flow.
        emailAddress:
          type: string
        smsMessage:
          type: string
          description: Customizable SMS body; use #### as the OTP placeholder.
        ipAddress:
          type: string
        dob:
          type: string
          description: Date of birth (YYYY-MM-DD) used to seed reconciliation.
        ssn:
          type: string
          description: Full or last-four SSN.
        allowOTPRetry:
          type: boolean
    V3StartResponse:
      type: object
      properties:
        success:
          type: boolean
        correlationId:
          type: string
          description: Session correlation ID passed to all subsequent flow calls.
        authToken:
          type: string
        next:
          $ref: '#/components/schemas/Next'
    V3ValidateRequest:
      type: object
      required:
        - correlationId
      properties:
        correlationId:
          type: string
    V3CorrelationRequest:
      type: object
      required:
        - correlationId
      properties:
        correlationId:
          type: string
          pattern: '^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$'
    V3ChallengeRequest:
      type: object
      required:
        - correlationId
      properties:
        correlationId:
          type: string
        dob:
          type: string
          description: Date of birth (YYYY-MM-DD).
        ssn:
          type: string
          description: Last four of SSN.
    V3CompleteRequest:
      type: object
      required:
        - correlationId
        - individual
      properties:
        correlationId:
          type: string
        individual:
          $ref: '#/components/schemas/Individual'
    V3CompleteResponse:
      type: object
      properties:
        success:
          type: boolean
        evaluation:
          type: string
          description: Overall flow evaluation result.
        idv:
          type: object
          additionalProperties: true
          description: Identity verification result and reconciled attributes.
        kyc:
          type: object
          additionalProperties: true
          description: KYC screening result.
        next:
          $ref: '#/components/schemas/Next'
    V3FlowResponse:
      type: object
      properties:
        success:
          type: boolean
        correlationId:
          type: string
        next:
          $ref: '#/components/schemas/Next'
    V3UnifyRequest:
      type: object
      required:
        - phoneNumber
      properties:
        phoneNumber:
          type: string
        finalTargetURL:
          type: string
          format: uri
        emailAddress:
          type: string
        ipAddress:
          type: string
        smsMessage:
          type: string
        possessionType:
          type: string
          enum:
            - desktop
            - mobile
            - none
        clientCustomerId:
          type: string
        clientHumanId:
          type: string
        clientRequestId:
          type: string
        deviceId:
          type: string
        proveId:
          type: string
        rebind:
          type: boolean
        checkReputation:
          type: boolean
        allowOTPRetry:
          type: boolean
    V3UnifyStatusResponse:
      type: object
      properties:
        success:
          type: boolean
        correlationId:
          type: string
        evaluation:
          type: string
        possessionResult:
          type: string
        next:
          $ref: '#/components/schemas/Next'
    DiscoverResponse:
      type: object
      properties:
        success:
          type: boolean
        attributes:
          type: array
          items:
            type: string
          description: Keys of attributes available to fetch.
    FetchResponse:
      type: object
      properties:
        success:
          type: boolean
        individual:
          $ref: '#/components/schemas/Individual'
    AuthStartRequest:
      type: object
      required:
        - phoneNumber
      properties:
        phoneNumber:
          type: string
        clientRequestId:
          type: string
        finalTargetURL:
          type: string
          format: uri
    AuthContinueRequest:
      type: object
      required:
        - authId
      properties:
        authId:
          type: string
          description: Identifier returned by auth start.
    AuthResponse:
      type: object
      properties:
        success:
          type: boolean
        authId:
          type: string
        evaluation:
          type: string
        next:
          $ref: '#/components/schemas/Next'
    DeviceRevokeRequest:
      type: object
      properties:
        deviceId:
          type: string
        proveId:
          type: string
        phoneNumber:
          type: string
    EnrollIdentityRequest:
      type: object
      required:
        - phoneNumber
      properties:
        phoneNumber:
          type: string
        clientCustomerId:
          type: string
        clientHumanId:
          type: string
        clientRequestId:
          type: string
        deviceId:
          type: string
        identityAttributes:
          type: object
          additionalProperties: true
          description: Customer attributes to persist with the identity record.
    Identity:
      type: object
      properties:
        proveId:
          type: string
        phoneNumber:
          type: string
        clientCustomerId:
          type: string
        state:
          type: string
        identityAttributes:
          type: object
          additionalProperties: true
    IdentityListResponse:
      type: object
      properties:
        identities:
          type: array
          items:
            $ref: '#/components/schemas/Identity'
        lastKey:
          type: string
          description: Pagination token; pass as startKey for the next page.
    Individual:
      type: object
      properties:
        firstName:
          type: string
        lastName:
          type: string
        dob:
          type: string
        ssn:
          type: string
        emailAddresses:
          type: array
          items:
            type: string
        addresses:
          type: array
          items:
            $ref: '#/components/schemas/Address'
    Address:
      type: object
      properties:
        address:
          type: string
        city:
          type: string
        region:
          type: string
        postalCode:
          type: string
    Next:
      type: object
      additionalProperties:
        type: string
      description: >-
        Map of allowed next operations for the flow (for example
        `v3-challenge`, `v3-complete`).
    SuccessResponse:
      type: object
      properties:
        success:
          type: boolean
    Error:
      type: object
      properties:
        code:
          type: string
        message:
          type: string
        details:
          type: array
          items:
            type: object
            additionalProperties: true