evaluateRisk request

The evaluateRisk request assesses whether a particular sign-in event is considered risky.
Send the request to: https://userservices-auth.vip.symantec.com/vipuserservices/AuthenticationService_1_10
evaluateRisk
input fields
lists details about the
evaluateRisk
input fields.
evaluateRisk
input fields
Input Field
Required?
Type
Purpose
requestId
Y
String
A unique identifier of the request for the enterprise application.The request ID accepts from 4 to 40 alphanumeric characters and underscores.
This identifier may be useful for troubleshooting purposes.
UserId
Y
String
Unique ID for the user. The user ID could be the user email address, the logon name for the user, or a unique ID that maps to the logon name. The user ID accepts from 1 to 128 international characters.
The user ID is not case-sensitive in look-up operations.
This value is returned in the
evaluateRisk
response as
external.user.id
, for tracking purposes. See evaluateRisk response.
Ip
Y
String
IP address in IPV4 or IPV6 format. For example:
  • IPv4: 203.0.113.70
  • IPv6: 2001:0db8:85a3::8a2e:0370:7334
UserAgent
Y
String
Browser user agent. Should not exceed 250 characters.
IAAuthData
N
String
"Fingerprint" of the device, which is collected from browser.
IAAuthData
is required if Device Fingerprint or Trusted Device is enabled. However, the field can be empty.
Sending an empty
IAAuthData
field always returns a
Risky
response of
true
, with a
riskReason
of
Device Recognition
.
ResponseControl
N
Boolean
The following keys are supported:
  • IncludeRequestContext
    : Set this key to
    true
    to return more data from the request and about the request. Information that is returned includes the IP address and browser user agent (if provided) and IP location information, if available.
    If this field is set to
    false
    or if it is empty, no data is returned.
  • IncludeFingerprintDetails
    : Set this key to
    true
    to return uncompressed details of all fingerprint data obtained from the request.
    If this field is set to
    false
    or if it is empty, no data is returned.
IdPasswordVerification
N
Boolean
Request that the user name and password be verified for potential authentication breaches. The following keys are required:
The user name and password are hashed at the enterprise site and the cryptographic hash is sent to Symantec. Symantec does not receive nor captures any readable user data.
  • Nonce
    : A hex-encoded, 32-byte random value generated using a secure random number generator.
  • Prefix
    : Hex-encoded first 3 bytes of the cryptographic hash of the user name and password.
  • Challenge
    : Hex-encoded message authentication code (HMAC) generated using the nonce value and the cryptographic hash of the user name and password.
KeyValuePair
N
List
List of key and value strings.