Skip to main content
POST
/
v2
/
watch
/
predict
Predict outcome
curl --request POST \
  --url https://api.prelude.dev/v2/watch/predict \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "target": {
    "type": "phone_number",
    "value": "<string>"
  },
  "signals": {
    "ip": "127.0.0.1",
    "device_id": "<string>",
    "device_platform": "android",
    "device_model": "<string>",
    "os_version": "<string>",
    "app_version": "<string>",
    "user_agent": "<string>",
    "ja4_fingerprint": "<string>",
    "is_trusted_user": true
  },
  "dispatch_id": "<string>",
  "metadata": {
    "correlation_id": "<string>"
  }
}
'
{
  "id": "<string>",
  "prediction": "legitimate",
  "request_id": "<string>",
  "risk_factors": [
    "behavioral_pattern"
  ]
}

Authorizations

Authorization
string
header
required

Bearer authentication header of the form Bearer <token>, where <token> is your auth token.

Body

application/json
target
object
required

The prediction target. Only supports phone numbers for now.

signals
object

The signals used for anti-fraud. For more details, refer to Signals.

dispatch_id
string

The identifier of the dispatch that came from the front-end SDK.

Required string length: 36
Example:

"123e4567-e89b-12d3-a456-426614174000"

metadata
object

The metadata for this prediction.

Response

OK

id
string
required

The prediction identifier.

Example:

"prd_01jc0t6fwwfgfsq1md24mhyztj"

prediction
enum<string>
required

The prediction outcome.

Available options:
legitimate,
suspicious
request_id
string
required

A string that identifies this specific request. Report it back to us to help us diagnose your issues.

Example:

"3d19215e-2991-4a05-a41a-527314e6ff6a"

risk_factors
enum<string>[]

The risk factors that contributed to the suspicious prediction. Only present when prediction is "suspicious" and the anti-fraud system detected specific risk signals.

  • behavioral_pattern - The phone number past behavior during verification flows exhibits suspicious patterns.
  • device_attribute - The device exhibits characteristics associated with suspicious activity patterns.
  • fraud_database - The phone number has been flagged as suspicious in one or more of our fraud databases.
  • location_discrepancy - The phone number prefix and IP address discrepancy indicates potential fraud.
  • network_fingerprint - The network connection exhibits characteristics associated with suspicious activity patterns.
  • poor_conversion_history - The phone number has a history of poorly converting to a verified phone number.
  • prefix_concentration - The phone number is part of a range known to be associated with suspicious activity patterns.
  • suspected_request_tampering - The SDK signature is invalid and the request is considered to be tampered with.
  • suspicious_ip_address - The IP address is deemed to be associated with suspicious activity patterns.
  • temporary_phone_number - The phone number is known to be a temporary or disposable number.
Available options:
behavioral_pattern,
device_attribute,
fraud_database,
location_discrepancy,
network_fingerprint,
poor_conversion_history,
prefix_concentration,
suspected_request_tampering,
suspicious_ip_address,
temporary_phone_number
Example:
["suspicious_ip_address", "fraud_database"]