Transactions

Verify transactions, including logins and payments, by analyzing the behavioral pattern of each user and matching it to in-app transaction history. Transactions initiated at unfamiliar locations will increase the Incognia risk score and can be used to trigger step-up authentication.

We secure digital transactions by matching the historical location fingerprint and the transaction history of the initiating user, to their real-time location. Transactions initiated at unfamiliar locations will result in a higher risk score. In-store transactions are secured when we match the user's real-time location with the indicated store.

Prevent fraudsters from taking over user accounts by continually analyzing user location behavior. If Incognia detects suspicious location activity you can trigger additional authentication to confirm the user is legitimate.

post
Assess new transaction

https://incognia.inloco.com.br/api/v2/authentication/transactions
This method registers a new transaction for the given installation with the available information, returning a risk assessment and the evidence behind it.
Request
Response
Request
Headers
Authorization
required
string
Bearer token generated in the Authenticating section
Content-Type
required
string
application/json
Body Parameters
installation_id
required
string
Installation ID from which the transaction originates.
type
required
string
Type of the transaction. Both login and payment types are supported.
account_id
required
string
ID of the user account performing the transaction.
addresses
optional
array
For payment type, a list of addresses related to the transaction may be given. Address types supported are shipping, billing and home. At least one of address_coordinates or structured_address are required when declaring an address. Incognia recommends declaring both fields.
Response
200: OK
The transaction was assessed successfully
{
"id": "dfe1f2ff-8f0d-4ce8-aed1-af8435143044",
"risk_assessment": "low_risk",
"evidence": {
// For a complete explanation of this part of the response,
// please refer to the evidence page in the docs.
"device_model": "Moto Z2 Play",
"known_account": true,
"location_services": {
"location_permission_enabled": true,
"location_sensors_enabled": true
},
"device_integrity": {
"probable_root": false,
"emulator": false,
"gps_spoofing": false,
"from_official_store": true
},
"device_fraud_reputation": "unknown",
"distance_to_trusted_location": 21.06295635345013,
"last_location_ts": "2022-11-01T22:45:53.299Z",
"sensor_match_type": "gps"
}
}
400: Bad Request
The request was malformed (missing required fields, invalid fields). The response body will contain error details.
{
"errors": [
"missing installation_id"
]
}
403: Forbidden
The provided token is invalid (or has expired)
Empty.
404: Not Found
Your request is correctly formatted but our service was unable to find device-related information (Installation ID). It usually occurs when there are issues with your SDK integration, so please check it on the My Apps Page.
Unable to find user installation. Please try again later and check your SDK integration
500: Internal Server Error
Some internal error happened. Try again or, if the problem persists, contact us.
Empty.
Sample login request body
Sample payment request body with shipping address
Sample login request body
{
"installation_id": "LX2K9uIfkPIL2UIXxQCqSXDTPKkG8gLG2heKnlMrwAaCLV2KHxuji1WLElDrFBlWYJLCwbkghZVmp5WVb6UAjfxlgcExS3W1fgQ4j0ikcp7Z8x9dGTaYcVFXVf0fupbcvhI8Nh0RO9oy+3NavbBX7Q",
"account_id": "c3ab8ff13720e8ad9047dd39466b3c8974e592c2fa383d4a3960714caef0c4f2",
"type": "login"
}
Sample payment request body with shipping address
{
"installation_id": "LX2K9uIfkPIL2UIXxQCqSXDTPKkG8gLG2heKnlMrwAaCLV2KHxuji1WLElDrFBlWYJLCwbkghZVmp5WVb6UAjfxlgcExS3W1fgQ4j0ikcp7Z8x9dGTaYcVFXVf0fupbcvhI8Nh0RO9oy+3NavbBX7Q",
"account_id": "c3ab8ff13720e8ad9047dd39466b3c8974e592c2fa383d4a3960714caef0c4f2",
"type": "payment",
"addresses": [
{
"type": "shipping",
"structured_address": {
"locale": "pt-BR",
"country_name": "Brasil",
"country_code": "BR",
"state": "SP",
"city": "São Paulo",
"borough": "",
"neighborhood": "Bela Vista",
"street": "Av. Paulista",
"number": "1578",
"complements" : "Andar 2",
"postal_code": "01310-200"
},
"address_coordinates": {
"lat": -23.561414,
"lng": -46.6558819
}
}
]
}

Sample cURL:

curl -XPOST -H "Content-type: application/json" -H "Authorization: Bearer <token>" -d @body.json "https://incognia.inloco.com.br/api/v2/authentication/transactions"

Response body

For a 200-OK response, these are the fields you should expect as a result:

Response field

Type

Description

id

string

Unique transaction identifier which can be used to verify if the assessment changed in later calls.

request_id

string

Unique request identifier. Used for audit purposes.

risk_assessment

string

Assessment result. It may be one of high_risk, low risk, unknown risk. For more information refer to Understanding risk assessments.

evidence

object

An object with supporting evidence for the risk assessment. For more information refer to Understanding risk assessments.

get
Coming soon: get the latest transaction assessment

https://incognia.inloco.com.br/api/v2/authentication/transactions/<id>
This method allows you to query the latest assessment for a given transaction event, identified by its id. Warning: This endpoint is coming soon. Please consult Incognia's team before using it.
Request
Response
Request
Path Parameters
id
required
string
Transaction ID of the event whose assessment is being queried.
Headers
Authorization
required
string
Bearer token generated in the Authenticating section.
Response
200: OK
The request is successful.
{
"id": "5e76a7ca-577c-4f47-a752-9e1e0cee9e49",
"request_id": "8afc84a7-f1d4-488d-bd69-36d9a37168b7",
"risk_assessment": "low_risk",
"evidence": {
// For a complete explanation of this part of the response,
// please refer to the evidence page in the docs.
"device_model": "Moto Z2 Play",
"geocode_quality": "good",
"location_events_near_address": 38,
"location_events_quantity": 288,
"location_services": {
"location_permission_enabled": true,
"location_sensors_enabled": true
},
"device_integrity": {
"probable_root": false,
"emulator": false,
"gps_spoofing": false,
"from_official_store": true
}
}
}
403: Forbidden
The provided token does not have the required permissions.
Empty.
404: Not Found
We were unable to find the given Sign Up event assessment in our database. Please check the given id.
Unable to find the given sign up id.
500: Internal Server Error
Some internal error happened. Try again or, if the problem persists, contact us.
Empty.

Sample cURL:

curl -H "Authorization: Bearer <token>" "https://incognia.inloco.com.br/api/v2/authentication/transactions/<id>"

Response body

For a 200-OK response, these are the fields you should expect as a result:

Response field

Type

Description

id

string

Unique transaction identifier which can be used to verify if the assessment changed in later calls.

request_id

string

Unique request identifier. Used for audit purposes.

risk_assessment

string

Assessment result. It may be one of high_risk, low risk, unknown risk. For more information refer to Understanding risk assessments.

evidence

object

An object with supporting evidence for the risk assessment. For more information refer to Understanding risk assessments.