TruValidate (formerly known as iovation) Fraud Check

This document outlines the two-step process for accessing TruValidate Fraud Check result from the credolab Portal after successful client-side integration.

  1. Log in to credolab Portal: To access the full range of features, you must log in to the credolab Portal. Provide your credentials and the system will verify and authenticate them. Upon successful authentication, you will be granted access to the platform's tools and resources.
  2. Request TruValidate Fraud Check: After logging in, you can request fraud check. This will initiate the processing of the data.

1. Log in to credolab Portal

POST /api/account/v1/login

Login Request Description

This API call obtains a security token value with the provided subscription credentials.
The token has an expiration time of 60 minutes.

Login Request Parameters

userEmail [string]User email
password [string]Password

Login Request Body Example (application/json)

    "userEmail": "[email protected]",
    "password": "TestPasswordValue"

Login Response

The API call will return the security token information.

Login Response Body Example (application/json)

    "access_token": "access_token_value",
    "token_type": "bearer",
    ".issued": "2018-04-08T11:01:41.92Z",
    ".expires": "2018-04-08T11:01:41.92Z",
  	"refresh_token": "refresh_token_value"


Date and time field format

The ISO 8601 standard is an International Standard for the representation of dates and times. This format contains date, time, as well as the T character that designates the start of the time and the he time zone designator Z (UTC - Coordinated Universal Time). Z stands for Zulu time. Zulu Time Zone is 0 hours ahead of Greenwich Mean Time. The pattern for this date and time format is yyyy-mm-ddThh:mm:ssZ

For Login endpoints responses credolab treats and returns mixed date and time values in UTC.

Sending the Access Token in the Request Header

When sending the access token in the request header field, the client must use the Bearer authentication scheme to transmit the access token.

Authorization: Bearer access_token_value

2. Getting your TruValidate (formerly known as iovation) Fraud Check Result

The process of requesting a TruValidate Fraud Check from the credolab Portal is similar to the process of obtaining dataset insights.


This endpoint assesses the risk of transactions based on the provided device and transaction details. The result is only available if TruValidate scoring has been set up.


referenceNumber [string]The unique identifier of the dataset for which the iovation score should be calculated
rulesetId [string]The identifier for the rule set to use for the transaction. The value is NOT CASE-SENSITIVE

Request Body

[required]The unique identifier for the end user's account or for the transaction
[optional]End user's IP address
transactionInsight[optional] Transaction attributes that can be optionally sent along with device information, that enable to be searched for fraud based on identity data.

Transaction Insight Parameters (optional)

email [string]Customer's email address."[email protected]"
eventId [string]ID associated with a transaction. This may be your own system tracking IDs"168200gsd851"
mobilePhoneNumber [string]The user's mobile phone number."+15032246010"

Request Body Example (application/json)

  "statedIp": "string",
  "accountCode": "string",
  "transactionInsight": {
    "additionalProp1": "string",
    "additionalProp2": "string",
    "additionalProp3": "string"

Response Result

The response result is the TruValidate fraud check result.

Main entityEntityNameDescriptionExample
Result AttributesaccountCode
The unique identifier for the end user's account or for the transaction"account_code"
Result AttributesrulesetId
The identifier for the rule set to use for the transaction"ruleset_id"
Result AttributesrequestedDate
Date/time when the api is triggered by the requestor. Timestamp ISO 8601 format: yyyy-mm-ddThh:mm:ss.ffffff. Though it's expressed in Unspecified time zone, but treated and stored by credolab in UTC."2020-12-16T02:26:50.046799"
Result Attributesrequestor
E-mail login of the users who triggered the API."[email protected]"
Result Attributesvalue
Fraud check result of the Blackbox analysis received from