denyRisk Request
Send the
denyRisk
request if the evaluateRisk
API determines a sign-in event was risky, but the site's user challenge response has been successful.Send the request to: https://userservices-auth.vip.symantec.com/vipuserservices/AuthenticationService_1_10
denyRisk
denyRisk
input fields.Input Field | Required? | Type | Purpose |
|---|---|---|---|
requestId | Y | String | A unique identifier of the request for the enterprise application. The request ID accepts from 4 to 40 alphanumeric characters and underscores. This identifier may be useful for troubleshooting purposes. |
UserId | Y | String | Unique ID for the user, such as the user email address, the user logon name, or a unique ID that maps to user logon name. The user ID accepts from 1 to 128 international characters. The user ID is not case-sensitive in look-up operations. |
EventId | Y | String | The ID of the current event generated by IA. |
VerifyMethod | N | String | Method that is used to challenge a risky sign-in event, from 1 to 64 characters. |
IAAuthData | N | String | "Fingerprint" of the device. Sending no IAAuthData field or an empty IAAuthData field does not return an error. However, in this case, the RememberDevice field is always set to false . Further, the device is not remembered even if the user has chosen to always have the device recognized. |
RememberDevice | N | Boolean | Sets "true" if the user has chosen to always have device recognized. The device tag is then bound to the user. If the user elects not to have the device recognized, this value is "false." This field is ignored if an empty IAAuthData field is sent or if an IAAuthData field is not present in the request. |
FriendlyName | N | String | A descriptive name provided by the user during registration. If the user did not provide a name, a default friendly name is used. |
KeyValuePair | N | List | List of key and value strings. |