Skip to main content

Auth Initial (Possession)

POST 

/prove/auth

Starts the possession step of the Prefill flow, confirming the applicant controls the supplied mobile number. Choose a channel via type:

  • otp — Prove sends the applicant a one-time passcode over SMS. Complete the step by submitting the code to Auth Final (POST /prove/auth/{session_id}).
  • magic_link — Prove returns an auth_url (a Magic Link). Present it to the applicant; after they tap it, poll Auth Final to read the result.

The response carries the engine-minted session_id (echo it back on Auth Final as the {session_id} path parameter) and an Agc-Applicant-Id response header identifying the applicant record. Pass Agc-Applicant-Id back on later calls to update the same applicant instead of creating a new one.

Request

Responses

Possession step initiated

Response Headers
    Agc-Applicant-Id

    The applicant id

    Agc-Api-Version

    We update the API major version whenever we introduce breaking changes. Internally, we update minor and patch versions whenever we add functionality and backward-compatible updates

    X-Rate-Limit

    The current limit on a 5-minute window.

    X-Rate-Limit-Remaining

    The remaining calls on a 5-minute window.

    Timestamp

    The timestamp of the request reception.