Skip to main content
Version: v6


Verify logins by analyzing the behavioral pattern of each user and matching it to in-app login history. Logins initiated at unfamiliar locations will increase the Incognia risk score and can be used to trigger step-up authentication.

We secure digital logins by matching the historical location fingerprint and the login history of the initiating user, to their real-time location. Logins initiated at unfamiliar locations will result in a higher risk score.

Prevent fraudsters from taking over user accounts by continually analyzing user location behavior. If Incognia detects suspicious location activity you can trigger additional authentication to confirm the user is legitimate.

Assess new login


This method registers a new login for the given installation and account with the available information, returning a risk assessment and the evidence behind it.


AuthorizationstringRequiredBearer token generated in Authenticating section.

Body Parameters

installation_idstringRequiredInstallation ID of the device from which the signup originates.
typestringRequiredType of the assessment. The login type is supported for this case.
account_idstringRequiredID of the user account performing the login attempt.
"installation_id": "LX2K9uIfkPIL2UIXxQCqSXDTPKkG8gLG2heKnlMrwAaCLV2KHxuji1WLElDrFBlWYJLCwbkghZVmp5WVb6UAjfxlgcExS3W1fgQ4j0ikcp7Z8x9dGTaYcVFXVf0fupbcvhI8Nh0RO9oy+3NavbBX7Q",
"account_id": "c3ab8ff13720e8ad9047dd39466b3c8974e592c2fa383d4a3960714caef0c4f2",
"type": "login"

Sample cURL:

curl -XPOST -H "Content-type: application/json" -H "Authorization: Bearer <token>" -d @body.json ""

Response body

For a 200-OK response, these are the fields you should expect as a result:

Response fieldTypeDescription
idstringUnique identifier for the login event.
risk_assessmentenumThe risk assessment result. One of high_risk, low_risk or unknown_risk. For more information refer to Understanding risk assessments.
reasonsarrayThe reasons for the risk assessment. For more information refer to Understanding risk assessments.
evidenceobjectThe supporting evidence for the risk assessment. For more information refer to Understanding risk assessments.
device_idstringUnique identifier for the user's device.

Register a new login without evaluating it

To register a login without evaluating its risk assessment, add the ?eval=false query parameter. The full URL becomes:

Turning off the risk assessment evaluation allows you to register a new login, but the response will be an empty JSON (i.e., {}). For instance, if you're using the risk assessment only for some logins you still should register all the other ones: this will avoid any bias on the risk assessment computation.