Profile Access

post https://endpoint.forter.com/accounts/profile-access/[ID]

API to request Forter decision on user attempting to access or update sensitive account information

Account Profile Access API Overview

The Account Profile API is used to protect various sensitive assets in your account ecosystem, via authentication at the time access is requested.

Account Profile Access Use Cases

Use cases for this API include customers or users:

  • Accessing or updating their profile preferences
  • Attempting a password reset
  • Updating payment methods in the account
  • Note that the volume of these events is typically significantly lower than logins.

Account Profile Access Request Body

Account Profile Access API Request
When a user is attempting to access restricted resources, Forter can provide a decision to approve access or suggest that MFA be used for further validation. The relevant access type is denoted as the accessRequestType parameter on the request.

Possible values are:

  • "VIEW_PERSONAL_PREFERENCES"
  • "UPDATE_PASSWORD"
  • "UPDATE_PAYMENT"
  • "UPDATE_PHONE"
  • "UPDATE_EMAIL"
  • "UPDATE_ADDRESS"
  • "REDEEM_ACCOUNT_ASSETS"
  • "SHARE_CREDENTIALS"
    The data you send should correspond with the "accessRequestType" (e.g. when the account phone is updated, we ask that you provide the new phone number).
    This API typically has lower volume than the Login API.

The primary data points for the Account Profile Access API are:

  • Account ID
  • AccessRequestType as noted above
  • Details of changes to the merchant profile. The new Email / Phone / Address / Payment method / PasswordUpdateTriggerType in correspondence to the accessRequestType
  • ConnectionInformation - Data that enables us to analyze browsing behavior, device and connection quality such as IP address, user agent and data collected via the Forter JavaScript or Mobile SDK.
{
  "accountId": "e520-ba9a-367-60b",
  "eventTime": 1415287568000,
  "connectionInformation": {
    "customerIP": "10.0.0.127",
    "userAgent": "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.73 Safari/537.36",
    "forterTokenCookie": "2315688945984"
  },
  "channelType": "WEB",
  "passwordUpdateTrigger": "USER_FORGOT_PASSWORD",
  "accountOwner": {
    "firstName": "John",
    "lastName": "Smith",
    "email": "[email protected]",
    "accountId": "e520-ba9a-367-60b",
    "created": 1415273168,
    "pastOrdersSum": 1702.5,
    "lastLoginIP": "203.12.55.12"
  },
  "accessRequestType": "UPDATE_PASSWORD"
}

Account Profile Access Response

The Account Profile Access API response includes the Forter decision and potential recommendations, as well as a correlation ID that should be stored and used when you provide additional updates (e.g. result of MFA, if we recommended additional verification and you did carry out this authentication step - see Authentication Attempt API below for more information on this use case).

{
  "forterDecision": "DECLINE",
  "recommendation": "MFA",
  "accountId": "e520-ba9a-367-60b"
}
Language
Authorization
Basic
base64
: