Skip to content

Verify authentication

Jump to bottom
jasoncymatic edited this page Dec 16, 2021 · 6 revisions

Verify user's authentication

access_token

Cymatic's apis are protected through access tokens, so you need to make sure you have one. If you need to know more click here.

attempt_token

Every login attempt is unique, that is why our client side script fingerprints the attempt with a unique jwt. Make sure to have Cymatic's client side script in place and set up in your login form. If you need to know more click here

Request

curl -X POST \
    -H "Content-Type: application/json" \
    -H "Authorization: Bearer ${access_token}" \
    -d '{"token":"aaa.bbb.ccc"}' \
    "https://api.cymatic.io/verify"

Respond

{
  ipintel : {
    geo : {
      velocity : {
        valid : true,
        details : {
          distance : 5,
          lapsed   : 1
        }
      },
      fence : {
        valid : true,
        details : {
          distance : 5
        }
      }
    }
  },
  credentials : {
    password : {
      valid : true,
      details : {
          vulnerabilities : [
            "No uppercase characters",
            "No numeric characters",
            "No special symbols"
          ],
          darkweb : 100,
          in_dictionary : false
      }
    }
  }
}

Response Field Definitions

  • ipintel : "Object Ip intel payload"
    • geo : "Object geo section"
      • velocity : "Object velocity section"
        • valid : "Boolean does this attempt has a valid velocity based on cymatic config : Default true"
        • details : "Object details of how this was calculated, will be empty if settings off : Default {}"
          • distance : "Number kilometers travel from last login"
          • lapsed : "Number hours lapsed from last login"
      • fence : "Object fence section"
        • valid : "Boolean does this attempt has a valid fence based on cymatic config : Default true"
        • details : "Object details of how this was calculated, will be empty if settings off : Default {}"
          • distance : "Number kilometers travel from last login"
  • credentials : "Object credentials payload"
    • password : "Object password section"
      • valid : "Boolean does this attempt has valid a password baed on cymatic's credefence config : Default true"
      • details : "Object details of how this was calculated, will be empty if credefence off : Default {}"
        • vulnerabilities : "Array of String vulnerabilities"
        • darkweb : "Number times this password was breached"
        • in_dictionary : "Boolean is this password part of a dictionary"

© 2021 Cymatic Security Inc. | 833-210-0800 | info@cymatic.io | 148 Wind Chime Court, STE A., Raleigh, NC 27615

Clone this wiki locally