Contact
March 30, 2023

tru.ID's Reachability API

Greg Holmes
Developer Advocate
Curious?

Discover how SIM-based authentication can help you with a free 30 min consultation

Contact us
Follow us on

Verifying that a user or a device is who they say they are is important to get right — whether for an initial authentication or as part of the verification flow when updating a key piece of information on your account.

You’ll have experienced this many times logging into your bank, your email account, social media, or a number of other platforms. In most cases, it involves receiving a code via SMS, and then have to enter this into a website or a mobile app, or tell it to someone on the phone. However, this method has serious security flaws and UX drawbacks, as most IAM professionals now recognise. An alternative form of mobile security is needed.

If you’re reading this, you’ll likely have heard of tru.ID’s PhoneCheck, SubscriberCheck, or SIMCheck to help your flows become silent, more secure, and a better experience for the users of your applications. But have you heard of our Device Reachability?

In order to verify possession, tru.ID needs to be directly connected to the mobile network operator that provides the services to a given user/mobile phone number. Most global carriers and large carriers in big markets have already rolled out support for SIM-based verification, but several are still building the capabilities to support it.

What this means for your application is that you might need to lean on existing means of verifying phone number possession, or default to alternate factors for carriers that are not yet supported by the tru.ID Platform. This is why we have built a handy API to check Device Reachability for you.

What is Device Reachability?

Device Reachability is an API that returns the following three pieces of information:

  1. Is the device on a mobile network? (tru.ID’s SDKs can help you force the connection for the request to be over a cellular data connection if available)
  2. Does tru.ID have support for this mobile network operator?
  3. Which products (PhoneCheck, SubscriberCheck, SIMCheck) does tru.ID have for this mobile network operator?

How Reachability works

When should I use this?

The three status checks listed above (PhoneCheck, SubscriberCheck, and SIMCheck) won't charge you unless they reach the `COMPLETED` status. However, the user experience could be impacted unless a Device Reachability check is first made.

Two possible reasons to use a Device Reachability check are:

  1. You have a mobile web application, which requires the use of a web browser. There is no way to force a cellular data connection on a web browser. So it’s important to first check the connection is cellular, and then check that tru.ID supports the user's mobile network operator.
  2. Your mobile application may require the knowledge of whether tru.ID supports the MNO in order to present a specific UX. (For example, if you carry out a Device Reachability check and the MNO is supported, you simply need to show a loading indicator while the tru.ID check is performed silently. Whereas if the MNO is not  supported, you might show an SMS OTP generator as your fallback method of verification.)

The tru.ID mobile application SDKs (Android, iOS, React Native, and Flutter) have native functionality to force a cellular data connection with the function `openWithDataCellular`. In case of failure, you could display a different UX / authentication flow. Because forcing a cellular data connection is not possible in the web browser, the Device Reachability check could output a request to turn off WiFi before proceeding.

The technical side: How do I use this?

To create a Reachability check, you’ll first need an access token:

{ curl -H "Authorization: Bearer {ACCESS_TOKEN}" https://{data_residency}.api.tru.id/coverage/v0.1/device_ip }

If the device has a mobile IP address and the mobile network operator supports tru.ID, a successful response will show the network details and supported products (PhoneCheck, SubscriberCheck, SIMCheck).

A response may look like this:

{
	"network_id": "23410",
	"network_name": "O2 UK",
	"country_code": "GB",
	"network_aliases": [
		"23411",
		"23412",
		"23413"
	],
	"products": [
		{
			"product_id": "pck",
			"product_name": "PhoneCheck"
		},
		{
			"
	]
}

Conclusion

We hope this blog post has helped introduce you to tru.ID’s Device Reachability, how it works, and when you would need to use it when implementing tru.ID’s Checks in your authentication flows.

You can find more technical information regarding Device Reachability on the Developer Documentation page and the API specifications.

If you have any questions, feel free to contact help@tru.id, get involved in our dedicated Slack group, or get in touch with Sales.

tru.ID logo
Platform
DocsAPI referenceStatus
Company
TeamCareersPress
Resources
SupportContact salesTermsPrivacy
Subscribe
Our regular email about digital identity, cybersecurity and tru.ID news we're certain you'll find informative.
Subscribe
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
tru.ID is an Industry Member of
GSMA logo white
tru.ID is a
Fido alliance member logo
2023 4Auth Limited. All rights reserved. tru.ID is the trading name of 4Auth Limited.