Forgot Password Risk API

Edit Page New Page Revisions

Handles the recording of successful password reset attempts, allowing for the evaluation of the risk associated with these events.

Forgot Password Risk API

The Successful Password Reset API is designed to provide fraud fighter teams with the capability to record and evaluate the risk associated with successful password reset attempts. By integrating this API, organizations can monitor and respond to suspicious activities related to password resets, thereby reduce the fraudulent activity with account.

Request Structure

Endpoint: POST /v1/reset-password

Hostname: https://a.sensfrx.ai

Headers:

  • Authorization: Basic Auth encoded in Base64.

  • Content-Type: application/json

Request Body:

  {
    "ev": "reset_password_succeeded",
    "uID": "15",
    "dID": "JWT-Device-Token",
    "uex": {
      "email": "admin15@yopmail.com",
      "username": "admin15"
    },
    "h": {
      "ip": "45.252.74.134",
      "ua": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36",
      "ho": "demo.sensfrx.ai",
      "rf": "https://demo.sensfrx.ai/login.php",
      "ac": {
        "a": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9",
        "ae": "gzip, deflate, br",
        "al": "en-US,en;q=0.9,hi;q=0.8,mr;q=0.7"
      },
      "url": "http://demo.sensfrx.ai/login.php"
    }
  }

POST Parameters:

  • ev (string): Event type, which should be reset_password_succeeded OR reset_password_failed

  • uID (string): Unique identifier for the user.

  • dID (string): Unique identifier for the device.

  • timestamp (string): The time of the password reset attempt in ISO 8601 format.

  • h (object): Header information.

    • ip (string): IP address of the user.

    • ua (string): User agent string.

    • ho (string): Hostname of the reset password page.

    • url (string): URL of the reset password page.

Response

Response Example:

{
    "status": "allow",
    "severity": "low",
    "risk_score": 10,
    "shadow_mode": "0",
    "device": {
        "device_id": "772OPWI5OEceA%2F0oFOdtdZHEU28ZmdGKL09LWSuRrDo8LVwrn6GMQEM9QbKY1KfZb44sVbt2qETTwIoNtnRN2EiqVl0ueYDpmvYFJ2orxTnJz9ysq3%2F%2Bq5sTaCrvY6yAkXsTCg%3D%3D",
        "name": "Chrome on Windows 10",
        "ip": "45.252.74.134",
        "location": "Aurangabad, MH, IN"
    },
    "message": "Reset Password Request successfully reached."
}

Example Code Snippets

Python

import requests
import json

url = "https://a.sensfrx.ai/v1/reset-password"
headers = {
    "Authorization": "Basic NDE0NzE5ODIzMzEzOTMyNzphdkxHeUF5VE5wY0hxdUg2",
    "Content-Type": "application/json"
}
data = {
    "ev": "reset_password_succeeded",
    "uID": "15",
    "dID": "device123",
    "timestamp": "2023-05-25T10:30:45.052Z",
    "h": {
        "ip": "45.252.74.134",
        "ua": "Mozilla/5.0",
        "ho": "demo.sensfrx.ai",
        "url": "http://demo.sensfrx.ai/reset-password.php"
    }
}

response = requests.post(url, headers=headers, json=data)
print(response.json())

JavaScript (Node.js)

const axios = require('axios');

const url = "https://a.sensfrx.ai/v1/reset-password";
const headers = {
    "Authorization": "Basic NDE0NzE5ODIzMzEzOTMyNzphdkxHeUF5VE5wY0hxdUg2",
    "Content-Type": "application/json"
};
const data = {
    ev: "reset_password_succeeded",
    uID: "15",
    dID: "device123",
    timestamp: "2023-05-25T10:30:45.052Z",
    h: {
        ip: "45.252.74.134",
        ua: "Mozilla/5.0",
        ho: "demo.sensfrx.ai",
        url: "http://demo.sensfrx.ai/reset-password.php"
    }
};

axios.post(url, data, { headers })
    .then(response => console.log(response.data))
    .catch(error => console.error('Error:', error));

Java

import java.net.HttpURLConnection;
import java.net.URL;
import java.io.OutputStream;
import org.json.JSONObject;

public class ApiIntegration {
    public static void main(String[] args) {
        try {
            URL url = new URL("https://a.sensfrx.ai/v1/reset-password");
            HttpURLConnection conn = (HttpURLConnection) url.openConnection();
            conn.setRequestMethod("POST");
            conn.setRequestProperty("Authorization", "Basic NDE0NzE5ODIzMzEzOTMyNzphdkxHeUF5VE5wY0hxdUg2");
            conn.setRequestProperty("Content-Type", "application/json");
            conn.setDoOutput(true);

            JSONObject data = new JSONObject();
            data.put("ev", "reset_password_succeeded");
            data.put("uID", "15");
            data.put("dID", "device123");
            data.put("timestamp", "2023-05-25T10:30:45.052Z");

            JSONObject h = new JSONObject();
            h.put("ip", "45.252.74.134");
            h.put("ua", "Mozilla/5.0");
            h.put("ho", "demo.sensfrx.ai");
            h.put("url", "http://demo.sensfrx.ai/reset-password.php");

            data.put("h", h);

            OutputStream os = conn.getOutputStream();
            os.write(data.toString().getBytes());
            os.flush();
            os.close();

            if (conn.getResponseCode() != HttpURLConnection.HTTP_OK) {
                throw new RuntimeException("Failed : HTTP error code : " + conn.getResponseCode());
            }
            conn.disconnect();
        } catch (Exception e) {
            e.printStackTrace();
        }
    }
}

Ruby

require 'net/http'
require 'json'

url = URI("https://a.sensfrx.ai/v1/reset-password")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Post.new(url)
request["Authorization"] = "Basic NDE0NzE5ODIzMzEzOTMyNzphdkxHeUF5VE5wY0hxdUg2"
request["Content-Type"] = "application/json"

data = {
    ev: "reset_password_succeeded",
    uID: "15",
    dID: "device123",
    timestamp: "2023-05-25T10:30:45.052Z",
    h: {
        ip: "45.252.74.134",
        ua: "Mozilla/5.0",
        ho: "demo.sensfrx.ai",
        url: "http://demo.sensfrx.ai/reset-password.php"
    }
}

request.body = data.to_json
response = http.request(request)
puts response.read_body

PHP

<?php
$curl = curl_init();

curl_setopt_array($curl, array(
  CURLOPT_URL => "https://a.sensfrx.ai/v1/reset-password",
  CURLOPT_RETURNTRANSFER => true,
  CURLOPT_ENCODING => "",
  CURLOPT_MAXREDIRS => 10,
  CURLOPT_TIMEOUT => 30,
  CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
  CURLOPT_CUSTOMREQUEST => "POST",
  CURLOPT_POSTFIELDS => json_encode(array(
    "ev" => "reset_password_succeeded",
    "uID" => "15",
    "dID" => "device123",
    "timestamp" => "2023-05-25T10:30:45.052Z",
    "h" => array(
        "ip" => "45.252.74.134",
        "ua" => "Mozilla/5.0",
        "ho" => "demo.sensfrx.ai",
        "url" => "http://demo.sensfrx.ai/reset-password.php"
    )
  )),
  CURLOPT_HTTPHEADER => array(
    "Authorization: Basic NDE0NzE5ODIzMzEzOTMyNzphdkxHeUF5VE5wY0hxdUg2",
    "Content-Type: application/json"
  ),
));

$response = curl_exec($curl);
$err = curl_error($curl);

curl_close($curl);

if ($err) {
  echo "cURL Error #:" . $err;
} else {
  echo $response;
}
?>

Next Steps for Integration

  1. Integrate Fake Registration Risk API:

    • Evaluate the risk associated with new user registrations.

    • Helps detect and block fake or bot-driven registration attempts.

  2. Continuous Monitoring and Improvements:

    • Regularly monitor the API responses and adjust your security policies accordingly.


Previous Page

Left

Next Page

Right

On this page