Device Profiling


This guide will walk you through how to conduct Passive Risk Analysis through Device Profiling with AXN Manage.

What you'll do:

Using Device Profiling Test Application

Opening the Test Application will profile your device using JavaScript:


...and provide your Session ID:


Session ID identifies your profiling session.

It can be any length/value, and is used to obtain your session's results.

Keep this Session ID on-hand. It will be used in the following step.

Using the Device Profiling Postman Project

Open the Postman Project. Then, generate an access token using the first request in the collection: Get Token.

This token will allow you to make requests to the AXN Verify API.


To generate an Access Token, use any API Key/Secret pair from ID DataWeb Admin > Workflows.

Place them in Postman under Get Token > Authorization, as Username and Password.

Your response body will contain a property: access_token. This token ensures that your next request is authenticated.

Grab the Session ID you created with your Test Application, and add it to the body of the next request, Get Score, under apSessionId.


Use the Bearer token obtained from the previous step to authenticate your request.

Click SEND, and within milliseconds, you'll receive the results from your Session.

Scroll further, and you'll find the property, policyDecision.

This value expresses a decision (should the transaction proceed, or halt) made from assessing the information gathered from running your Test Application.

If your Device or User Activity was found to be of high-risk (fraud), this output would inform you of any fraudulent activity found, and the transaction (session) would be prevented from proceeding further.

Understanding the results

The results of this API call provide the full risk score of your device.

For a high-level overview of all the results received

For a detailed-look at any one of your result's properties

For more information on policyDecision, and how it relates to your application

What’s Next

Next - let's challenge the user with MFA.