Merchants > API Reference > Endpoints > Login

Login

To request a recommendation at this endpoint use the Login checkpoint.

Account takeover recommendations need to be enabled on your account before they can be used. Please speak to your account manager about enabling account takeover recommendations.

Field Status Definitions

Required Required fields must be sent. If the data is not sent Ravelin will return an error.

Important Important fields are crucial for performance where that data is relevant for your business.

Optional Optional fields are additional data points that can be shared with Ravelin.
These fields are unlikely to impact performance but may be visible in the Ravelin dashboard.

POST api.ravelin.com/v3/login

Show all

timestamp integer required

Unix timestamp with milliseconds (nanoseconds also accepted)

The login used by the customer.

authenticationMechanism object required

At least one authentication mechanism must be provided. More than one may be provided. For example a password and a oneTimeCode may be used to authenticate.

Any of the following:

password object optional

Provided if the customer is using a password to authenticate.

When sending a password authentication mechanism, we encourage you to also send hashed versions of the password in the hashedPassword, emailPasswordSHA256, and passwordSHA1SHA256 fields. We use these fields to check our breached credentials database.

Our breached credentials database contains data from various sources which is hashed in different ways. Sending hashedPassword, emailPasswordSHA256, and passwordSHA1SHA256 allows us to check the data from all our sources.

success boolean required

If the authentication was successful.

passwordHashed string optional

The SHA256 hash of the password.

For example: SHA256(password).

This is used to check the user's credentials against our breached credentials database and then discarded. This hash is not stored by Ravelin.

emailPasswordSHA256 string optional

The SHA256 hash of the email and password concatenated.

For example: SHA256(email + password) or SHA256("user@example.compassword123").

This is used to check the user's credentials against our breached credentials database and then discarded. This hash is not stored by Ravelin.

passwordSHA1SHA256 string optional

The SHA256 hash of the SHA1 hash of the password.

For example: SHA256(SHA1(password)).

This is used to check the user's credentials against our breached credentials database and then discarded. This hash is not stored by Ravelin.

failureReason optional

This is required if success is set to false.

One of the following:

BAD_PASSWORD - The login failed because the username and password combination was not correct.
UNKNOWN_USERNAME - The login failed because the username is not associated with an existing account.
AUTHENTICATION_FAILURE - The login failed because of an authentication failure.
INTERNAL_ERROR - The login failed because there was an internal error during the login flow.
RATE_LIMIT - The login failed because internal rate limits were hit.
BANNED_USER - The login failed because the user has been banned.

social object optional

Provided if the customer authenticates via a social login provider.

oneTimeCode object optional

Provided if a one time code such as those used by Google Authenticator is used.

success boolean required

If the authentication was successful.

failureReason string optional

This is required if success is set to false.

One of the following:

INVALID_CODE - The login failed because the code was not valid.
CODE_TIMEOUT - The login failed because of a timeout error.
INTERNAL_ERROR - The login failed because there was an internal error during the login flow.
RATE_LIMIT - The login failed because the rate limit was reached.
AUTHENTICATION_FAILURE - The login failed because of an authentication failure.
BANNED_USER - The login failed because the user has been banned.

u2f object optional

Provided if Universal 2nd Factor (U2F) authentication is used, as defined by the FIDO Alliance.

success boolean required

If the authentication was successful.

failureReason string optional

This is required if success is set to false.

One of the following:

INVALID_KEY - The login failed because the key was not valid.
TIMEOUT - The login failed because there was a timeout error during the login flow.
INTERNAL_ERROR - The login failed because there was an internal error during the login flow.
BANNED_USER - The login failed because the user has been banned.
RATE_LIMIT - The login failed because the rate limit was reached.

rsaKey object optional

Provided if an RSA key is used, such as a Yubikey.

success boolean required

If the authentication was successful.

failureReason string optional

This is required if success is set to false.

One of the following:

INVALID_KEY - The login failed because the key was not valid.
TIMEOUT - The login failed because there was a timeout error during the login flow.
INTERNAL_ERROR - The login failed because there was an internal error during the login flow.
BANNED_USER - The login failed because the user has been banned.
RATE_LIMIT - The login failed because the rate limit was reached.

smsCode object optional

Provided if a one time code was used sent via SMS.

success boolean required

If the authentication was successful.

phoneNumber string required

The number the SMS was sent to.

failureReason string optional

This is required if success is set to false.

One of the following:

INVALID_CODE - The login failed because the code was not valid.
CODE_TIMEOUT - The login failed because there was a timeout error during the login flow.
INTERNAL_ERROR - The login failed because there was an internal error during the login flow.
RATE_LIMIT - The login failed because the rate limit was reached.
BANNED_USER - The login failed because the user has been banned.
AUTHENTICATION_FAILURE - The login failed because of an authentication failure.

magiclink object optional

Provided if a one time link was sent to the customer via a trusted communication channel.

transport string required

The transportation mechanism for the magic link.

One of: email, or sms.

success boolean required

If the authentication was successful.

phoneNumber string optional

The number the link was sent to. Required if transport is sms.

email string optional

The email the link was sent to. Required if transport is email.

failureReason string optional

This is required if success is set to false.

One of the following:

INVALID_LINK - The login failed because the link was not valid.
TIMEOUT - The login failed because there was a timeout error during the login flow.
INTERNAL_ERROR - The login failed because there was an internal error during the login flow.
BANNED_USER - The login failed because the user has been banned.
RATE_LIMIT - The login failed because the rate limit was reached.

recaptcha object optional

Provided if reCAPTCHA was performed.

success boolean required

If the authentication was successful.

failureReason string optional

This is required if success is set to false.

One of the following:

TIMEOUT - The login failed because there was a timeout error during the login flow.
INTERNAL_ERROR - The login failed because there was an internal error during the login flow.
FAILED_TEST - The login failed because of a failed test.

bioMetric object optional

Provided if biometric authentication is used.

success boolean required

If the authentication was successful.

failureReason string optional

This is required if success is set to false.

One of the following:

TIMEOUT - The login failed because there was a timeout error during the login flow.
INTERNAL_ERROR - The login failed because there was an internal error during the login flow.
FAILED_TEST - The login failed because of a failed test.
BANNED_USER - The login failed because the user has been banned.

pushNotification object optional

Provided if a push notification is sent within an app to authenticate a customer.

success boolean required

If the authentication was successful.

failureReason string optional

This is required if success is set to false.

One of the following:

INTERNAL_ERROR - The login failed because there was an internal error during the login flow.
RATE_LIMIT - The login failed because internal rate limits were hit.
BANNED_USER - The login failed because the user has been banned.

username string important

The username of the customer. This is the unique string that ties this particular customer to the authentication mechanism used. Typically this is the email address.

success boolean important

If the login attempt was successful and access was granted.

app object important

The mobile or web app that this login was done from.

name string optional

The name or brand of the app, used to segment logins. Use the name that customer sees when installing and using the app, or the website title. Shouldn't repeat the platform or domain.

platform string optional

Where this app runs.

One of: ios, android, web, or mobile-web.

domain string optional

The domain from the URL of the web app, using the characters a-z0-9-..

Pattern: ^[a-z0-9-\.]+$

customerId string optional

customerId is the unique identifier for a customer. This identifier does not change even if the username is changed. This is optional for login events as you will see failed logins against usernames that do not exist in your system and therefore do not have a customerId. Please send this on login attempts where a customerId is available. If you have a Ravelin payment fraud integration, this should be the same customerId as used there.

custom object optional

Custom data that is relevant to your domain. This can be any JSON object.

device object optional

While Device is not a required field on the login event, it is highly recommended as it is a vital signal to account breaches. The most important Device fields are deviceId and ipAddress. deviceId can be generated using our JavaScript and mobile libraries.

deviceId string important

The ID of the device used by the customer to trigger this update.

ipAddress string important

The IP address of the device connecting to your services. Used in fraud and account-takeover detection.

When extracting this IP address, consider X-Forwarded-For.

language string optional

The ISO 639 code of your customer's device's preferred language, or the IET Language Tag (BCP 47) values from the browser's Accept-Language header.

userAgent string important

The browser user-agent string, if the device represents a web browser - window.navigator.userAgent.

model string important

The model/identifier name of the device if the device represents a native app. See here for iOS models: https://www.theiphonewiki.com/wiki/Models and here for Google Play supported models: http://storage.googleapis.com/play_public/supported_devices.csv.

os string important

The operating system that the device is running.

type string optional

The type of device.

One of: computer, phone, or tablet.

manufacturer string optional

The maker of the device.

location object optional

The geolocated position of the device.

country string important

A ISO 3166-1 Alpha 3 or Alpha 2 country code.

postalCode string important

The postal or zip code. If provided without latitude or longitude, Ravelin will perform coarse geolocation in some countries.

latitude number important

The latitude of the location.

longitude number important

The longitude of the location.

addresseeName string optional

The name of the person that will accept delivery of goods to this address.

street1 string optional

The street address of the location.

street2 string optional

The street address of the location.

neighbourhood string optional

The neighbourhood of the location.

zone string optional

The zone of the location.

city string optional

The city/village/town

region string optional

The state/county of the location.

poBoxNumber string optional

The PO box number related to the location.

custom object optional

Custom data that is relevant to your domain. This can be any json object. Please include any details that you think are relevant to fraud that our schema does not capture.

geohash string optional

deprecated

The geohash of the location.

custom object optional

Custom data that is relevant to your domain. This can be any json object. Please include any details that you think are relevant to fraud that our schema does not capture.

browser string optional

deprecated

The name of the web browser being used, if applicable. Prefer userAgent.

javascriptEnabled boolean optional

deprecated

Whether Javascript is enabled on the web browser.

cookiesEnabled boolean optional

deprecated

Whether cookies are enabled on the web browser.

screenResolution string optional

deprecated

The resolution of the screen on the device in the format XxY

location object optional

Location is optional as we are aware you will not typically have a location at login time. If you do have location as part of your flow this can be very useful to localise ongoing or repeat attackers.

country string important

A ISO 3166-1 Alpha 3 or Alpha 2 country code.

postalCode string important

The postal or zip code. If provided without latitude or longitude, Ravelin will perform coarse geolocation in some countries.

latitude number important

The latitude of the location.

longitude number important

The longitude of the location.

addresseeName string optional

The name of the person that will accept delivery of goods to this address.

street1 string optional

The street address of the location.

street2 string optional

The street address of the location.

neighbourhood string optional

The neighbourhood of the location.

zone string optional

The zone of the location.

city string optional

The city/village/town

region string optional

The state/county of the location.

poBoxNumber string optional

The PO box number related to the location.

custom object optional

Custom data that is relevant to your domain. This can be any json object. Please include any details that you think are relevant to fraud that our schema does not capture.

geohash string optional

deprecated

The geohash of the location.

POST https://api.ravelin.com/v3/login HTTP/1.1
Authorization: token ...
Content-Type: application/json

{
  "timestamp": 1512828988826,
  "login": {
    "username": "jsmith123@example.com",
    "success": false,
    "authenticationMechanism": {
      "password": {
        "passwordHashed": "ef92b778bafe771e89245b89ecbc08a44a4e166c06659911881f383d4473e94f",
        "emailPasswordSHA256": "1869a65c576bf844f00b2ef88aa352ffd2d5b348a383720772c0c416470fc74e",
        "passwordSHA1SHA256": "fe38f41dc87ffd6b26e432b7f9cb3475d5c1899edacb453c70ac1dcaafd73d26",
        "success": false,
        "failureReason": "BAD_PASSWORD"
      },
      "social": {
        "success": false,
        "failureReason": "TIMEOUT",
        "socialProvider": "facebook"
      },
      "oneTimeCode": {
        "success": false,
        "failureReason": "INVALID_CODE"
      },
      "u2f": {
        "success": false,
        "failureReason": "INVALID_KEY"
      },
      "rsaKey": {
        "success": false,
        "failureReason": "INVALID_KEY"
      },
      "smsCode": {
        "phoneNumber": "+447907283546",
        "success": false,
        "failureReason": "INVALID_CODE"
      },
      "magiclink": {
        "transport": "email",
        "phoneNumber": "+447907283546",
        "success": false,
        "failureReason": "INVALID_LINK"
      },
      "recaptcha": {
        "success": false,
        "failureReason": "TIMEOUT"
      },
      "bioMetric": {
        "success": false,
        "failureReason": "TIMEOUT"
      },
      "pushNotification": {
        "success": false,
        "failureReason": "INTERNAL_ERROR"
      }
    },
    "app": {
      "name": "Our App Lite",
      "platform": "web",
      "domain": "us.brand.com"
    },
    "customerId": "abc-123-XYZ"
  },
  "device": {
    "deviceId": "65fc5ac0-2ba3-4a3b-aa5e-f5a77b845260",
    "ipAddress": "81.152.92.84",
    "language": "en-US",
    "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36",
    "model": "Pixel XL",
    "os": "android",
    "type": "phone",
    "manufacturer": "google",
    "location": {
      "country": "GBR",
      "postalCode": "E1 1AA",
      "latitude": 51.503252,
      "longitude": -0.127899,
      "addresseeName": "John Smith",
      "street1": "123 fake st.",
      "street2": "floor 4, flat 48",
      "neighbourhood": "Hackney",
      "zone": "1",
      "city": "London",
      "region": "California",
      "poBoxNumber": "1234"
    }
  },
  "location": {
    "country": "GBR",
    "postalCode": "E1 1AA",
    "latitude": 51.503252,
    "longitude": -0.127899,
    "addresseeName": "John Smith",
    "street1": "123 fake st.",
    "street2": "floor 4, flat 48",
    "neighbourhood": "Hackney",
    "zone": "1",
    "city": "London",
    "region": "California",
    "poBoxNumber": "1234"
  }
}

Response

Show all

status integer

The HTTP response status code.

success boolean

If the request was successful this field is true.

timestamp string

A timestamp (ISO 8601) indicating when we finished handling the request.

data object

customerId string

The ID of the customer going through the login process.

action string

Our account takeover recommendation.

Use this to determine how you should handle the login.

Options:

ALLOW - We are confident the activity is from a genuine customer.
REVIEW - We suspect the activity is not from a genuine customer.
PREVENT - We are confident the activity is not from a genuine customer.
PERMIT - Legacy version of ALLOW.
WARN - Legacy version of REVIEW.
BLOCK - Legacy version of PREVENT.

score integer

The account takeover score, a value between 0 and 100. The higher the number the more fraudulent we think the customer is.

source string

The reason for our recommended action.

Do not implement any logic based upon this field as we may add values in the future without warning.

Options:

CLIENT_RULE - The action was based on a rule.
ML - The action was based on our machine learning fraud score.
RATE_LIMIT - This request was rate-limited. The action was based on the default action for rate-limited requests.

scoreId string

A unique ID for this score.

ato object

Further details about the account takeover recommendation.

loginId string

The ID of the login to which this recommendation applies.

action string

Our account takeover recommendation.

Use this to determine how you should handle the login.

Options:

ALLOW - We are confident the activity is from a genuine customer.
REVIEW - We suspect the activity is not from a genuine customer.
PREVENT - We are confident the activity is not from a genuine customer.
PERMIT - Legacy version of ALLOW.
WARN - Legacy version of REVIEW.
BLOCK - Legacy version of PREVENT.

rules object

passiveAction string

The action which would have been returned if all test rules were live.

Options:

ALLOW - We are confident the activity is from a genuine customer.
REVIEW - We suspect the activity is not from a genuine customer.
PREVENT - We are confident the activity is not from a genuine customer.
PERMIT - Legacy version of ALLOW.
WARN - Legacy version of REVIEW.
BLOCK - Legacy version of PREVENT.

triggered array

An array describing the rules which were triggered by this request.

ruleName string

The name of the rule which triggered.

ruleId string

The ID of the rule triggered.

ruleVersion integer

The version of the rule triggered.

triggered boolean

Whether the rule triggered.

description string

The description of the rule.

state string

Whether the rule was live (active) or in test mode (passive).

One of: active, or passive.

action string

The action associated with this rule.

Options:

ALLOW - We are confident the activity is from a genuine customer.
REVIEW - We suspect the activity is not from a genuine customer.
PREVENT - We are confident the activity is not from a genuine customer.
PERMIT - Legacy version of ALLOW.
WARN - Legacy version of REVIEW.
BLOCK - Legacy version of PREVENT.

credentialStatus object

Contains details about whether the credentials have been found in our breached credentials database.

passwordBreached boolean

Whether the password was found in our breached credentials database.

usernameBreached boolean

Whether the username was found in our breached credentials database.

customerChanges array

deprecated

changeId string

A unique ID given to the change.

customerId string

The ID of the customer going through the login process.

timestamp string

A timestamp indicating when we finished handling the request.

changeType string

The change type indicates what was actually changed on the customer record.

newValue object

The updated state of the customer record.

device object

The updated state of the customer's IP device.

deviceId string

The ID of the device that the customer is using.

deviceType string

The type of device the customer is using.

deviceManufacturer string

The manufacturer/brand of the device the customer is using.

deviceModel string

The model of the device the customer is using.

deviceOS string

The operating system of the device the customer is using.

ipAddress string

The IP address of the device the customer is using.

userAgent string

The browser user-agent string, if the device represents a web browser - window.navigator.userAgent.

timestamp string

A timestamp indicating when the customer state was updated.

ipAddr object

The updated state of the customer's IP address.

ipAddress string

The IP address used by the customer.

timestamp string

A timestamp indicating when the IP address was updated.

city string

The city associated with the IP address.

countryISO string

The two or three-letter country code associated with the IP address.

continentISO string

The two or three-letter continent code associated with the IP address.

isp string

The Internet Service Provider associated with the IP address.

ipAddrId string

A unique identifier for this IP address.

email object

The updated state of the customer's email.

email string

The email address used by the customer.

timestamp string

A timestamp indicating when the email was updated.

password object

The updated state of the customer's password.

telephone object

The updated state of the customer's telephone.

telephone string

The customer's telephone number.

telephoneCountry string

The customer's phone country

timestamp string

A timestamp indicating when the telephone was updated.

deliveryAddress object

The updated state of the customer's delivery address.

streetAddress1 string

The customer's first line of address.

streetAddress2 string

The customer's first line of address.

addressLocality string

The customer's locality.

addressRegion string

The customer's region.

addressCountry string

The customer's country.

addressCountryISO string

The customer's country ISO.

postOfficeBoxNumber string

The customer's PO box number.

postalCode string

The customer's postal code.

latitude string

The customer's latitude.

longitude string

The customer's longitude.

timestamp string

A timestamp indicating when the delivery address was updated.

locationId string

A unique identifier for this location.

billingAddress object

The updated state of the customer's delivery address.

streetAddress1 string

The customer's first line of address.

streetAddress2 string

The customer's first line of address.

addressLocality string

The customer's locality.

addressRegion string

The customer's region.

addressCountry string

The customer's country.

addressCountryISO string

The customer's country ISO.

postOfficeBoxNumber string

The customer's PO box number.

postalCode string

The customer's postal code.

latitude string

The customer's latitude.

longitude string

The customer's longitude.

timestamp string

A timestamp indicating when the billing address was updated.

locationId string

A unique identifier for this location.

previousValue object

The previous state of the customer record.

device object

The previous state of the customer's device.

deviceId string

The ID of the device that the customer is using.

deviceType string

The type of device the customer is using.

deviceManufacturer string

The manufacturer/brand of the device the customer is using.

deviceModel string

The model of the device the customer is using.

deviceOS string

The operating system of the device the customer is using.

ipAddress string

The IP address of the device the customer is using.

userAgent string

The browser user-agent string, if the device represents a web browser - window.navigator.userAgent.

timestamp string

A timestamp indicating when the previous customer state was set.

ipAddr object

The previous state of the customer's IP address.

ipAddress string

The IP address used by the customer.

timestamp string

A timestamp indicating when the previous IP address was set.

city string

The city associated with the IP address.

countryISO string

The two or three-letter country code associated with the IP address.

continentISO string

The two or three-letter continent code associated with the IP address.

isp string

The Internet Service Provider associated with the IP address.

ipAddrId string

A unique identifier for this IP address.

email object

The previous state of the customer's email.

email string

The email address used by the customer.

timestamp string

A timestamp indicating when the previous email was set.

password object

The previous state of the customer's password.

telephone object

The previous state of the customer's telephone.

telephone string

The customer's telephone number.

telephoneCountry string

The customer's phone country

timestamp string

A timestamp indicating when the previous telephone was set.

deliveryAddress object

The previous state of the customer's delivery address.

streetAddress1 string

The customer's first line of address.

streetAddress2 string

The customer's first line of address.

addressLocality string

The customer's locality.

addressRegion string

The customer's region.

addressCountry string

The customer's country.

addressCountryISO string

The customer's country ISO.

postOfficeBoxNumber string

The customer's PO box number.

postalCode string

The customer's postal code.

latitude string

The customer's latitude.

longitude string

The customer's longitude.

timestamp string

A timestamp indicating when the previous delivery address was set.

locationId string

A unique identifier for this location.

billingAddress object

The updated state of the customer's delivery address.

streetAddress1 string

The customer's first line of address.

streetAddress2 string

The customer's first line of address.

addressLocality string

The customer's locality.

addressRegion string

The customer's region.

addressCountry string

The customer's country.

addressCountryISO string

The customer's country ISO.

postOfficeBoxNumber string

The customer's PO box number.

postalCode string

The customer's postal code.

latitude string

The customer's latitude.

longitude string

The customer's longitude.

timestamp string

A timestamp indicating when the billing address was updated.

locationId string

A unique identifier for this location.

verificationURL string

A URL given to verify the customer changes.

changeSetId string

An ID that associates multiple changes together.

{
  "status": 200,
  "success": "true",
  "timestamp": "2021-08-27T12:19:31Z",
  "data": {
    "customerId": "39f54f7c-8ed7-41f8-5260-09881f69f675",
    "action": "ALLOW",
    "score": 20,
    "source": "RAVELIN",
    "scoreId": "4fd50782-b9f7-48be-64e1-820c7cf6dd51",
    "ato": {
      "loginId": "login-123",
      "action": "ALLOW",
      "rules": {
        "passiveAction": "REVIEW",
        "triggered": [
          {
            "ruleName": "Allow trusted customers",
            "ruleId": 123,
            "ruleVersion": 2,
            "triggered": true,
            "description": "This describes the rule.",
            "action": "ALLOW"
          }
        ]
      }
    }
  },
  "credentialStatus": {
    "passwordBreached": false,
    "usernameBreached": false
  },
  "customerChanges": [
    {
      "changeId": "9aa92ad0-ee23-4293-7fee-396dc738b195",
      "customerId": "39f54f7c-8ed7-41f8-5260-09881f69f675",
      "timestamp": "2021-08-27T12:19:31.035741497Z",
      "changeType": "DEVICE",
      "newValue": {
        "device": {
          "deviceId": "d61096b5-4ef8-4404-6666-eb9e8df1d754",
          "deviceType": "phone",
          "deviceManufacturer": "Samsung",
          "deviceModel": "SM-G960F",
          "deviceOS": "android",
          "ipAddress": "1c14:d7a:124f:3a00:400:cb7b:e4aa:af92",
          "userAgent": "Mozilla/5.0 (Linux; Android 10; SM-G960F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.152 Mobile Safari/537.36",
          "timestamp": "2021-08-27T12:19:31.035741497Z"
        },
        "ipAddr": {
          "ipAddress": "123.45.67",
          "timestamp": "2021-08-27T12:19:31.035741497Z",
          "city": "London",
          "countryISO": "GBR",
          "continentISO": "EU",
          "isp": "BT"
        },
        "email": {
          "email": "test@ravelin.com",
          "timestamp": "2021-08-27T12:19:31.035741497Z"
        },
        "password": {
          "timestamp": "2021-08-27T12:19:31.035741497Z"
        },
        "telephone": {
          "timestamp": "2021-08-27T12:19:31.035741497Z"
        },
        "deliveryAddress": {
          "streetAddress1": "1 Fraud Street",
          "streetAddress2": "Ravelin House.",
          "addressCountry": "Great Britain",
          "addressCountryISO": "GBR",
          "postOfficeBoxNumber": "123",
          "postalCode": "EC1V 9GB",
          "latitude": "51.0",
          "longitude": "1.01",
          "timestamp": "2021-08-27T12:19:31Z"
        },
        "billingAddress": {
          "streetAddress1": "1 Fraud Street",
          "streetAddress2": "Ravelin House.",
          "addressCountry": "Great Britain",
          "addressCountryISO": "GBR",
          "postOfficeBoxNumber": "123",
          "postalCode": "EC1V 9GB",
          "latitude": "51.0",
          "longitude": "1.0",
          "timestamp": "2021-08-27T12:19:31Z"
        }
      },
      "previousValue": {
        "device": {
          "deviceId": "d61096b5-4ef8-4404-6666-eb9e8df1d754",
          "deviceType": "phone",
          "deviceManufacturer": "Samsung",
          "deviceModel": "SM-G960F",
          "deviceOS": "android",
          "ipAddress": "1c14:d7a:124f:3a00:400:cb7b:e4aa:af92",
          "userAgent": "Mozilla/5.0 (Linux; Android 10; SM-G960F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.152 Mobile Safari/537.36",
          "timestamp": "2021-08-27T12:19:31.035741497Z"
        },
        "ipAddr": {
          "ipAddress": "123.45.67",
          "timestamp": "2021-08-27T12:19:31.035741497Z",
          "city": "London",
          "countryISO": "GBR",
          "continentISO": "EU",
          "isp": "BT"
        },
        "email": {
          "email": "test@ravelin.com",
          "timestamp": "2021-08-27T12:19:31.035741497Z"
        },
        "password": {
          "timestamp": "2021-08-27T12:19:31.035741497Z"
        },
        "telephone": {
          "timestamp": "2021-08-27T12:19:31.035741497Z"
        },
        "deliveryAddress": {
          "streetAddress1": "1 Fraud Street",
          "streetAddress2": "Ravelin House.",
          "addressCountry": "Great Britain",
          "addressCountryISO": "GBR",
          "postOfficeBoxNumber": "123",
          "postalCode": "EC1V 9GB",
          "latitude": "51.0",
          "longitude": "1.0",
          "timestamp": "2021-08-27T12:19:31Z"
        },
        "billingAddress": {
          "streetAddress1": "1 Fraud Street",
          "streetAddress2": "Ravelin House.",
          "addressCountry": "Great Britain",
          "addressCountryISO": "GBR",
          "postOfficeBoxNumber": "123",
          "postalCode": "EC1V 9GB",
          "latitude": "51.0",
          "longitude": "1.0",
          "timestamp": "2021-08-27T12:19:31Z"
        }
      },
      "verificationURL": "http://api/v2/change/verify?id=cmF2vbWVRlc3RCpzlhYTkyYWQwLRjNzM4YjN1cFsR1dHWVLWxZueELZWxpbnLTlvZ2ltNDI5My03ZmVlE5NQuLW3TCp2yM5NmZ0MjM==",
      "changeSetId": "aeb87294-a02d-4746-7d45-34770d51f308"
    }
  ]
}

Feedback

Was this page helpful?