Guides

Interpreting Results — API

The /slverify Response

Every /slverify call returns a JSON object with four main output sections, plus a top-level policyDecision that summarizes the result.

{
  "errorCode": "",
  "errorDescription": "",
  "transaction_id": "c66130ad-5551-1111-1111-2716ef0bf31a",
  "userAttributes": [
    // attributes collected from the user during this step
  ],
  "acquiredAttributes": [
    // attributes acquired from Checkers about this transaction
  ],
  "userAssertionList": [
    // individual assertion results from each Checker
  ],
  "mbun": "fcbdc4a9-c369-1111-1111-851051fc2f84",
  "forwardApiKey": "",
  "policyObligation": false,
  "policyDecision": "approve"
}

The Four Output Sections

User Attributes

Attributes collected from the user during verification with their consent. For example, full name, address, date of birth, or phone number.

Acquired Attributes

Attributes acquired from Checkers about the transaction — not submitted by the user. Examples include the mobile carrier associated with a phone number, the state where a driver's license was issued, or an assertion score.

Assertions

Individual test results produced by each configured Checker. For example: "link.fullName_address": "pass" indicates the Checker confirmed that the provided full name is linked to the provided address.

Policy Decision

The policyDecision field summarizes the verification outcome for this step. See the Policy Decision Values section below.

Policy Decision Values

ValueMeaning
approveUser verified to the level specified in your policy
denyUser did not meet the verification policy
obligationAdditional step required — handle by reading forwardApiKey
no_decisionPolicy not configured on this step, or a transaction error occurred

Obligation Handling

When the API returns policyDecision: "obligation", the response includes two additional fields that tell you what to do next:

  • policyObligation: true — confirms there is a configured next step
  • forwardApiKey — the API key for the next step in the workflow

Obligation Example

{
  "forwardApiKey": "67890",
  "policyObligation": true,
  "policyDecision": "obligation"
}

Your application should use forwardApiKey as the apikey value for the next /slverify (or other API) call. Load the appropriate UI for the next step, collect the required attributes, and submit them.

Obligation Flow

  1. Receive policyDecision: "obligation" from step A
  2. Read forwardApiKey — this is the API key for step B
  3. Collect required attributes for step B
  4. Submit to /slverify using forwardApiKey as apikey and the original transaction_id as asi
  5. Receive new policyDecision for step B — may be approve, deny, or another obligation

Retry Obligations

If a user fails a verification step and your policy allows retries with remaining attempts, the API returns an obligation back to the same API key:

{
  "forwardApiKey": "12345",
  "policyObligation": true,
  "policyDecision": "obligation"
}

Note that forwardApiKey matches the current step's API key — this indicates a retry. Present the step again and allow the user to resubmit.

When the user exhausts all retry attempts, the API responds with the appropriate terminal decision (deny) or advances to the next step (obligation with a different forwardApiKey).

Session Linking: transaction_id and asi

The transaction_id returned in the first API call is the session identifier for the entire user journey. Pass it as asi in all subsequent calls to link the session.

First call response (retrieve the session ID):

{
  "transaction_id": "76ceb32b-yyyy-xxxx-zzzz-55e54bf93fc3",
  "policyDecision": "obligation",
  "forwardApiKey": "67890"
}

Subsequent call input (link back to the session):

{
  "asi": "76ceb32b-yyyy-xxxx-zzzz-55e54bf93fc3",
  "apikey": "67890",
  "credential": "[email protected]"
}

The transaction_id / asi is also the same value as jti in the ID Token (for Gateway / Hybrid flows) and is used for reporting, billing, and Admin Console analytics.

Full Response Example

{
  "errorCode": "",
  "errorDescription": "",
  "transaction_id": "c66130ad-5551-4abc-def0-2716ef0bf31a",
  "userAttributes": [
    {
      "attributeType": "FullName",
      "values": { "fname": "Jane", "lname": "Smith" },
      "dateCreated": "02/08/2022 21:09:55 UTC"
    },
    {
      "attributeType": "InternationalAddress",
      "values": {
        "country": "US",
        "locality": "Arlington",
        "route": "Main Ave",
        "administrative_area_level_1": "VA",
        "street_number": "123",
        "postal_code": "22201"
      },
      "dateCreated": "02/08/2022 21:09:55 UTC"
    }
  ],
  "acquiredAttributes": [
    {
      "attributeType": "AssertionScore",
      "values": { "assertionScore": "88" },
      "dateCreated": "02/08/2022 21:09:57 UTC"
    }
  ],
  "userAssertionList": [
    {
      "provider": "Experian",
      "serviceOffering": "Experian Precise ID",
      "dateAsserted": "02/08/2022 21:09:55 UTC",
      "assertions": {
        "link.fullName_address": "pass",
        "test.address90DaysOld": "pass",
        "test.addressIsResidential": "pass",
        "link.lastName_phone": "pass",
        "test.fraudulentActivityAddress": "pass"
      }
    }
  ],
  "mbun": "fcbdc4a9-c369-4def-ab12-851051fc2f84",
  "forwardApiKey": "",
  "policyObligation": false,
  "policyDecision": "approve"
}

Updated 2 months ago