The basic workflow of Control starts with collecting data from the device. When end users log in with valid credentials, you make a POST to the Kount Login API to get a response of Accept, Block, or Challenge.
Depending on the response and based on your policies, you may either allow access, deny access, or challenge your end user using your existing step-up authentication.
Data collection
The Control workflow begins with data collection from the browser application or from the mobile SDK. The Kount browser data collector is a basic JavaScript SDK downloaded at runtime. Our mobile SDK can be integrated into your mobile application. Only one data collection should be made per session.
Authentication
After your end user’s login credentials have been posted to your authentication service, there are two paths:
- Valid Credentials — If your end user presented valid credentials, you POST to the Kount Login Decision API prior to granting access. The response to this API call is Allow, Block, or Challenge.
- Invalid Credentials — If your end user fails authentication, you decline access and POST to the failed-attempt API. This API increases velocities and informs the Kount ML and AI models for future login attempts.
Challenge
If the login decision results in a Challenge, send the outcome of the login challenge to Kount to better update our AI models and to update information for use within the portal.