Incognia may provide one of three types of risk assessment:
high_risk
: Incognia identifies the action (e.g. sign up, login, etc.) performed by the device to be fraudulent.
low_risk
: Incognia identified the action performed by the device to be legitimate.
unknown_risk
: Incognia is unable to provide a precise assessment at the time of the request.
Subsequent requests for the same action and/or device may result in different assessments given that Incognia's algorithms improve over time.
The Incognia APIs rely on evidence to calculate risk assessments. Some evidence values pertain to all assessments, regardless of use case, while others are only relevant to specific use cases.
When parsing API responses, you should consider all evidence optional. Because new evidence can be added at any time, consider parsing the evidence field as a generic JSON object, unless you plan to use specific evidence to make a decision.
The table below describes possible evidence values, their meaning, and which use cases they impact.
Evidence | Description | Type | Use Cases |
| Model of the device used to perform the given action | string | All |
| Amount of recent location events associated with the device | integer | All |
| Whether or not the device has enabled location gathering, with | object with boolean flags | All |
| Indicates if the device is rooted ( | object with boolean flags | All |
| Indicates if a declared address was successfully geocoded by Incognia | enum ( | Onboarding |
| Number of location events near the declared address | integer | Onboarding |
| Indicates if the device appears on any watchlist or allowlist built with client reports | enum ( | All |
| Indicates if the device appears on an allowlist built by Incognia's models | enum ( | Login |
| Timestamps indicating the device's first and last locations known by Incognia near this address ( | object with UNIX timestamps | Onboarding |
| Distance between the device's current location and the closest location known to be frequented by the device | double | Login |
| Timestamp of the last location event associated with the device | UNIX timestamp | Login |
| Indicates which type of matching strategy was utilized to produce a result | string (see Understanding sensor match types below) | Login |
​
Match Type | Description |
| When Incognia is able to perform comparisons by GPS data |
| When Incognia is able to perform comparisons by WiFi sensors, but no matching connected networks are found |
| When Incognia is able to perform comparisons by connected WiFi networks |