# Device monitoring ## Overview Solaris uses **device monitoring** as an additional layer of fraud prevention. Partners are required to collect **device fingerprints** from their (potential) customers' devices using the [Seon SDK](https://seon.io/resources/device-fingerprinting/) and then submit them to Solaris when [calling certain API endpoints](#actions-that-require-device-monitoring). Solaris will analyze the provided fingerprints when performing [Customer Due Diligence](/guides/kyc/cdd) checks and notify you of any suspected fraud using the [`PERSON_CHANGED`](/api-reference/onboarding/webhooks/webhook-events/paths/person_changed/post) webhook. This guide explains how to implement the Seon SDK in your solution (regardless of platform) to collect device fingerprints and when to provide them to Solaris. note New customers in the **German, French,** and **Italian branches** are **required** to consent to device monitoring. Customers in the **Spanish branch** may always opt out of device monitoring (i.e., customers are allowed to reject device monitoring). Although customers may later **withdraw** their consent to device monitoring, this may have adverse effects on the business relationship (e.g., immediate account block, termination of the business relationship). See the [section below](#step-6-customer-withdraws-consent) for more information. ## Device monitoring flow The following diagram illustrates the integration flow between the customer's device, your backend, and Solaris, using the example of recording a user activity (e.g., App Start or Consent Provided): ```mermaid sequenceDiagram autonumber actor Customer participant App as Partner App/FE participant Seon as Seon SDK participant BE as Partner Backend participant Sol as Solaris Note over Customer, App: Step 1: GDPR Consent Customer->>App: Opens App App->>Customer: Display GDPR Cookie Notice Customer->>App: Accept Consent Note over App, Seon: Step 2: Init SDK App->>BE: Send Consent Acceptance BE->>Sol: POST /device_consents Sol-->>BE: 201 Created (device_consent_id) BE->>App: Return device_consent_id (Session ID) App->>Seon: Initialize(session_id) Seon-->>App: Ready Note over App, Sol: Step 3: Record Activity App->>Seon: Get Fingerprint Seon-->>App: Base64 String App->>BE: Report Activity (e.g., Consent Provided) + Fingerprint BE->>Sol: POST /device_activities (device_data=Fingerprint) Note over Sol: Step 4: Analysis Sol->>Sol: Analyze Device Risk (CDD) alt Fraud Suspected Sol-)BE: Webhook: PERSON_CHANGED BE->>Sol: GET /persons/{id} Sol-->>BE: customer_vetting_status: POTENTIAL_MATCH end ``` Here is the textual flow for integrating device monitoring into your solution: 1. Implement a GDPR-compliant cookie consent and ensure that the Seon SDK is not initialized until the user gives their consent. 2. Implement the Seon SDK in your solution such that it initializes whenever the customer starts the app. 3. Prior to calling any of the [Solaris API endpoints that require device monitoring](#actions-that-require-device-monitoring), generate a **device fingerprint** on the customer's device using the Seon SDK [as described below](#step-4-initialize-seon-sdk). 4. When calling one of the Solaris API endpoints that requires device monitoring, provide the Base64-encoded fingerprint obtained from Seon as the `device_data` property in the API request body. 5. Solaris will analyze the device fingerprint while conducting its Customer Due Diligence checks. - If Solaris detects any suspected fraud, you will receive a notification on the [`PERSON_CHANGED`](/api-reference/onboarding/webhooks/webhook-events/paths/person_changed/post) webhook. - If you receive this webhook notification, call the [GET Retrieve a person](/api-reference/onboarding/persons/#tag/Persons/paths/~1v1~1persons~1%7Bid%7D/get) endpoint. Parse the response for the value of `customer_vetting_status`, which contains more information about the suspicious activity. Follow these steps to integrate the Seon SDK into your solution: ## Step 1: Install SDK of your choice Depending on which platform(s) your solution is built on, follow the instructions below to set up the Seon SDK: - [Android](https://github.com/seontechnologies/seon-android-sdk-public) - (Use v6.8.0 or higher) - [iOS](https://github.com/seontechnologies/seon-ios-sdk-public) - (Use v5.6.1 or higher) - [Web](https://www.npmjs.com/package/@seontechnologies/seon-javascript-sdk) - (Use v6.8.0 or higher) - [React native wrapper](https://www.npmjs.com/package/@seontechnologies/seon-react-native-mobile-wrapper) - (use v3.3.0 or higher) ## Step 2: Collect GDPR cookie consent In accordance with the [GDPR](https://gdpr-info.eu/), you must display a disclaimer and collect your customer's consent to your **GDPR cookie notice** (that customers **must** accept) regarding the collection of their device data **before** you create any device fingerprints. note - You may not create a device fingerprint without collecting your customer's consent first. - You must collect this consent **before** creating a person resource for the customer. - For customers in **Germany, France, and Italy:** - You must treat device monitoring as an **essential** cookie in your GDPR disclaimer (i.e., your customer cannot opt out of it if they wish to use your solution). - For customers in **Spain:** - You must treat device monitoring as a **non-essential** cookie. Customers in Spain must explicitly opt in to device monitoring and may always reject it. Display the following text to the customer in the modal: English "By clicking [Accept], you also consent to [insert Partner name] collecting information from your device on your browser, traffic data, location data and other device-related information, including the session ID, and transmitting such to Solaris along with your email address, name and phone number. Solaris may add additional data and use a service provider to perform fraud prevention and anti-money laundering checks. This is essential for a secure provision of the banking services that you are requesting by Solaris; therefore you cannot proceed without consent. You can withdraw your consent at any time by email to [insert Partner email], but without consent you will not be able to continue using Solaris' services. Please find further information in our privacy policy [add link to the privacy policy of Partner]." German "Mit Klick auf [Zustimmen] willigen Sie zugleich ein, dass wir Informationen von Ihrem Endgerät über Ihren Browser, Verkehrsdaten, Standortdaten und andere gerätebezogene Informationen, einschließlich der Session-ID, abrufen und diese zusammen mit Ihrer E-Mail-Adresse, Ihrem Namen und Ihrer Telefonnummer an Solaris übermitteln. Solaris wird diese Daten ggf. um weitere Daten anreichern und mithilfe eines Dienstleisters einer Überprüfung zur Betrugsprävention und Geldwäschebekämpfung unterziehen. Dies ist für eine sichere Bereitstellung der Bankdienstleistungen von Solaris zwingend erforderlich; ohne Ihre Einwilligung können Sie daher nicht fortfahren. Sie können Ihre Zustimmung jederzeit per E-Mail an [...] mit Wirkung für die Zukunft widerrufen, jedoch können Sie die Leistungen von Solaris ohne Einwilligung nicht weiter nutzen. Weitergehende Informationen finden Sie in unserer Datenschutzerklärung [Link zur Datenschutzerklärung hinzufügen]." ### POST Create user consent for device monitoring This endpoint records consent from the given person (specified in the request URL) to collect device fingerprints on their registered device. Each consent is tied to a specific device. **Request URL** ```shell POST /v1/persons/{person_id}/device_consents ``` **Response example:** The API returns an `id`, which your solution must use as the `device_consent_id` as described below. ```json [ { "id": "17a7389adaf83145770d8e6c00a398ddcon", "person_id": "e2bbc86268e9a4667861b73f31dba03bcper", "created_at": "2021-06-25T09:44:25.000Z" } ] ``` [Click here to view the full API reference.](/api-reference/identity/identifications/#tag/Device-Monitoring/paths/~1v1~1persons~1%7Bperson_id%7D~1device_consents/post) ### Cookie consent storage guidelines - The `device_consent_id` must not be stored on your backend, but rather on the user's device (i.e., as a cookie). - You must reuse the `device_consent_id` on the same device. Generating a new `device_consent_id` requires an explicit request for the user's consent. - When the user reinstalls the app, they must give their consent again, and you must create a new `device_consent_id`. - When the user gets a new device, they must give their consent again, and you must create a new `device_consent_id`. - The `device_consent_id` is not bound to a device from device binding. These occur independently of each other. ## Step 3: Implement device activity endpoint Below you can find a list of [endpoints that require device monitoring](#actions-that-require-device-monitoring). However, for events not covered by existing API endpoints, you must call an additional endpoint to pass a device fingerprint to Solaris. You must call this method in each instance of the following events: - User starts the app. - User requests a password reset. - User provided consent to device monitoring. ### POST Create user activity for device monitoring warning You **may not call this endpoint** until you have collected the customer's consent to device monitoring. This endpoint sends a device fingerprint to Solaris for situations not covered by existing API endpoints. **Request URL:** ```shell POST /v1/persons/{person_id}/device_activities ``` **Request example:** ```json { "device_data": "Web;179ac83968ab42f79e960c1753a4078fdcon;jVl14emA+OcyALb9F+CMFg==;NU7aFh0jdzM15wj8hQtqbA5LbzEFWDI1bUwZf/zbau0P2MIEUE+LsifBKvxjCYNUyz647bpSjnQ6Tu8IK22sxFlTGEFaHKBigzmP8Nc8FvVSWKzslmSWTFJM5AYc+EGTZLprlcdrLldsZLS5PpHfPMmvtqCXVTnGhYV7GvutI1w5/67yK7pCQDxDicKjqlMg1naMiwCuqP1U1lUtf+lTdmJ1T1lXMPARffTn4XAr66vUxN++sy7qytkdcOeCsaxZnLspUEvqu+2ILHF8pOJFG7gYC11rqWOyHG3Ns1E1dZ57ybrgGTKfctFOdx2IMXnz1/i/pDC5QokRr2BTIZZ/9Tj+xXzWpzNwHtRWWK5VEufyVRPyMXQdmry7UYKrouAzlLCYSMv7GcPwOZz+gDjCkrNia7/DGBBFLOvtlufDztPpvkH2jmN32/oJHl1Qu6zpxG3Lyl8RNdyukuNYfiPw0ECoXsXObwQc7Ja8R+V5S7QZeV1VV9aavlH1+Xl9v0OlOJ1XujO7izWESMIfzAuaL6ACYhdkmkC3kicjOWUjaY3OJYrrXxQ+MScnJOQ9neMRWij7YqNxP8F259zVjqqyaL6hN8EZU/pi+cZUVkfFvMYT5ugE9JXjkFfyy4UQeSmNRjDXRzu40LyweqUns8u3GOIFzfZ9eVOv+q7OV+RpVLOJLz1Za8RPIh3UKltCzOTmO8OpDz2aGoqNdL4zAaLl4EKRoarEiSG9K2/GoyHchi6xdHYA6DqQg5xQM4s50RUySGwWLxBB3ZlMpZpdZAVBrLSyl1SWqYTosdyURtiiX0So+kdik5XJ5Vsh0v75rNP5Yrv3t5/u94wx51zKlpDH8Uiap7kP0eibRmmN196kxMcOf8Q50JM1Yt8cJiawTWdGHzGRcNtEkpon5VLp/kwDU+4IPwlW976hKsom0PTB/EVxo5CWuL6kPiaEWUrWOL7BZ2jkuebHT2jBAJuFBaeac7IYnrAMoLgfY33Vs3EtVk8HrhFzJCiwR7WC+GHJTHLH1S8FfmHFTXJHecvq6tpMncaJFbo4jSfm9ozBAVAAN2mCn/yBbmX9tPmXdGEsTSpdp6vVWKEdHZ1rjCqmgDENxh75H5uT9DeZ0mAKwkP5Ai+bN3hT0y1XGE44b/aJ7PEObogYAioej/Z690zKx+fHxP50juTgt+UIQ+l/mpcYnbcYe4lkXrqGpwxFU8OrRzzfJX/s90VVlzrQVAPNW/mvYkt+MqSVwI1EP62faXlXnDqbmVFUmMGeoquP58cwqSBaNL/oi2Rg7GVvdvus+i2Qpm1SHtnPVUhTwWFigiWw/T2ZZeUs4nk+Q/xOFa/", "activity_type": "APP_START" } ``` **Response example:** ```shell 201 Created ``` [Click here to view the full API reference.](/api-reference/identity/identifications/#tag/Device-Monitoring/paths/~1v1~1persons~1%7Bperson_id%7D~1device_activities/post) ## Step 4: Initialize Seon SDK Your solution must launch the Seon SDK whenever a user accesses your solution, and it must set a **session ID** (UUID format) that identifies the beginning and end of a user session for the SDK. Use the `device_consent_id` returned by the [POST Create user consent for device monitoring](#post-create-user-consent-for-device-monitoring) endpoint as the **session ID.** See the code samples below for each platform: Android SDK (Kotlin) ```kotlin val deviceConsentId = "ID from the consent for this device" val seon = SeonBuilder() .withContext(applicationContext) .withSessionId(deviceConsentId) .build() ``` iOS SDK (Swift) ```swift let deviceConsentId = "ID from the consent for this device" let seon = SeonFingerprint() seon.sessionId = deviceConsentId ``` Web SDK (Typescript) You can use the following script source URLs (`source_url`): * `https://cdn.dfsdk.com/js/v6/agent.umd.js` * `https://cdn.deviceinf.com/js/v6/agent.umd.js` * `https://cdn.seonintelligence.com/js/v6/agent.umd.js` ```typescript // Initialize SEON seon.init(); const deviceConsentId = "ID from the consent for this device" const config = { geolocation: { enabled: true, canPrompt: false, }, networkTimeoutMs: 2000, fieldTimeoutMs: 2000, region: "eu", silentMode: true, consentId: deviceConsentId, }; ``` ## Step 5: Get device fingerprint and send it to Solaris Prior to calling any API endpoint that sends device data to Solaris, you must generate a device fingerprint on the user's device. Android SDK (Kotlin) ```kotlin val deviceData = seon.fingerprintBase64 ``` iOS SDK (Swift) ```swift let deviceData = seon.fingerprintBase64() ``` Web SDK (Typescript) ```typescript const deviceData = seon.getBase64Session() ``` You will receive a Base64-encoded string from the SDK: ```text Web;6.10.1;dZrcfzCWYujirXGKSCrxQw==;d/26VJfCVmuHf5L33VFKCqL73178T2AFEx86kjHtCZShTGW/OURZ9DSFIN03BZxBmkQImBSbj3RjNFiqGKFd0RRWZMr7qc1uY9uiHHwE1Ii4HkTOanY/RldpNC+kYz5gAXRvD2ElE/NvbgS+FhvkGa5AY1WfltSkkTwuAgVVyF9yo+f8wC3CNK98Q2btB3ORvy7HAB4u/YSyUqaiZiK+5BRhDFJkwin9xtTPbUYf1bpJRJ/J+9LJRik393kwdzAQTqTNcik2nSQOCT0/q7VwgGVvWVV7D+GFCPQ916iDutWOOtNHc8McDmQaAz/pkAhz6zZpwztbtrRj8L2AqDwZS8/utV1bKt/Pn+Khbv69gWcbOZMl+zNGVh/a3CsuosAqPa8sblyvKEXEVVPCfvu4xBTaas/QjRMorcd1LPxaFzsFfBQ60zOiWvxjbkP+cZA2yTD6qGAGCFShYD6aocOWpytkeyEDeXMjxGu/bIjoSkNpi3UkJ5TDDuC2SFHjUv7TUQbnb2sQ6lY/aTD0OkuRViweXTWNWwb/TqZL0t3X+BM8fRH51FfZheMSCTzfA12nHUm1V68OI86N4xk7DZkVaoqZwlWsdZ86R5WW0hMiZ9qrbhkkUNoVj3Tn8gqod82USeupWjtBn/sejVRtNOG9uEvYcYcn18W0mnFl9NTgic1LnzP5TqOY/Z2upDPCqyW2g3J8e0O7KnZg/HkHPpoc12gZtn8KsDVTlAqMoIFrciCvBvjN9WTZRgtRI6XqmqX29ikeoCCZGoBnfm2RNKDSwdv6OA7wIX7xuRAvUpEoCUlJAekrFCyLbNSJkiU77KR69cgECngrbJh5f4+smV7JNoa+ahSyYkGRPq+A+XcmQcLctGuPDq8K/yNKL+g4yxYx6LFzP4AhxZeVHuP2JfdWT4bMRgu2zST7SBKUSbdig6v1jHC6SvKisfnmfC8uZ0xvc4w6NRrqz6aMpgCTIJlntZg7scGIKALJfJilOZzkARNcMuC+lSF0TE6GfIy4ULbjmgXLlbQ48xRGMZd0U6bMYrdvddwIqZUrD9zXE12OFplXh+pLQcwOecmg3UUE5skYFc+MNK3mIhgwk7GO7qCQ2T73cab94tHz++Y0mKc1hgIK7SLfLcPhU99Kv20SEAzdLzEbwXL4hj00r+T1VseiM247PwiZBPBKkoHYX/7wTRMZrTzrDLb+HqMdNFEW8lxSFroJl5Mwj6pTNsY7s2JBaXvga5SJI0E9jPWG5RD5DjlxxC6gENgf9KO96jQfCJQgwJyZSmJrsnx7imLGYf4i+8uk4/Rm2JyJTs25RZ21kDbsFf8MTZNpOfNPH/5t1cCKeLxkYvn6Kq78TvPIVGVa9AwdWOPuraQlM2O5DwIHO3pIhF9KEL2FmUB5LB9FXsjx1q79GJhYdPH6DC5D+/CbVy8uMo3QchA6VTyM55HyhFzSRl0I/7w3BBZQGwoSN6na82l2/su2tvxdWu/cOzBvhDTvBQVB+DOIpyzTofBjhO4OKQ3L5uVhdyuVsjtqZi3UxwELlAEC1tXQUObvCpi2G6pmOI5KFVKF2YMHIX4OCvFjBGANES45kJ5rvmHVUToBBdIB/oKYOsKOPOH5mLiPfv06SPo1C0BFEazWdViFTUwbxU8E55MP19XaZ+NzAl+Xz4uLxP6+EfwRosInpxT9P+DID7fJw4MG4f6Nq/VLdKYca9Tt3PrtBCEM9Wh4fmcRHbLNEVk/sjz8PuOmWbwB/0yrPC5fvphNYXIVKKo8XMucb0ZPkekHh8Cb2zQ8Ln08RSlR7nvqpm7xa9SDD8eYvc587MnRLLoo5HTWg+6/eMX/y85NKMCQpNouKq3CMnrdn2T9cV4ruZdEHb3nBpBPfrWivGqDwCcUPNUkb71Q2Ve297VDIZyJYeBmMXzwgofPdfXAjMuYHmTRzpVW6zpms3EizWmldQrteaCrfDThBWinDqGnsRa+pRf9GRAXtISrwM4WZ3FCvzTms3EGJ5vXaP1hqlGCB/POhRLwSUv9sh5zXuWyknYz4d4fdUvF3Plq/6lBh56H4PXdQtUx5dd5SybfvGMpLVpisrikk572uD+6Y53BWFhRSxwXk2tEO/355tU0cb9scAdH+GueszbDhNd9YrXVdY09RM6j1kga+XA6MaEuq+dr4bSnG100p/mYdCLPZn45QQRI9RuBRMrZ0vJYXITZmDHtzK+XS5ULTYr/dS6kebNLF1JMuYD9Jq+bdjFRpStrtIoTIYnLRaK7Cod/HU4dj3Jip9DENaRW3Wk/OkkAQ4Rii8yt4uyT/n1+vrVGheik3j9Gzu1FE5bsl04CGwKNRXjgOP4RXJeOzBXbaBA+GOGIfB9Pch6wJ9Pk6frSab/qy2Kzjnj3f8pEFB3g+Ci8Gl+VtBPZx+NZrwek43JB/GEUuvQRoyMYsZYnx2y39UX/jFSUALVueMY4a0Lt+RXoDobpX2T6pO5lRDf1xgpM6ZAm0vVLEldL6q/4rUhNBU+NIxtsRCXd54pLMr3U4xjLPaXA3/ZteqlT3bv05HdgiJ6lwEYnPBhQnpCHkf2gl9xnS6D80uuORNEJSq7vQ6sIRSU+FH7uVHONbCwNDP5ziJ+6BK98Fmbg1krRNB6Yg6UE5dbSkUhhsVyTDlVrApD3pzAzyz4bQyAKCWotH2Va8UFutHvxoaXo2WlQkLkirQJHhrR8XCNhoBTF22vzGBDdqTMAn3C8hrVtGtsTE+9cOPZEtc3Hd+kTnuS+LAj+bpRW6k7BFVEFJJLsrrWV1apJSB8azvGDStsvikEElZS9XY5RyLALtyFjCjc7R5ehOE/ccA6N364VETu1+wXt9aMe3rNR9yr1vKa7+qUorysM5UQ3YvgbPLYadH+uf8MAhfpYp2AEMHW1sHtLXWDTuINbIRiiLWf24PVKZh5KYOzfLayaGc+6Ht1bRQNwbkThf2VR9JJsWR6OpJme9QbuTFde1C2Ip0EMQ9gqKde4cPt3c0GigROcmJ9W6Q4ndI28H4s34yPQhPS47LncXoepq+hCnIAcF5BgjrOe5Zo3KomwAmtwyvJ1j+jVuwV/OdA0UjjNeGZw71y3T7Zb4rhINorqnGBlwkyG5oxXZgJt9a0q2vsDTXiR7awQb4gB6Doz0HoM7Ou9s5wrsh3ohiUYM2P+tUt0YVYLkn942IwW36u2INswY6EArYrRn9i0DRUxHVTBuqSxl8LpHTYzLoYWvIhgkZYSmhpzCtxHJQWAMBlJ/V/VLGZ/EOKTYqySnU7v0uOBYXlM6get68x6mCeoHzsR514/K6hFz6/fuU8v7V3Fpm+BWifjFaLHlyA0Hqb0P82hHFyKzbQDOv2jlbq/Nk04z/z3vPEBMU0KZFUC7tRVBsPTxQKudSd0RSGO9461Vk6Ty5OoCCB6lh3hWgTlZkql+GoIM9MhYgZLo1ahfl91pfOOvjhhnw5U1Uv0+po5ZYapUc2QV+UgiAlxlwUf9NfZ5vdPTGjIi5Bf38Ihr+BiMxocPhaHjrTsklS59uvlQfYJPV53pTEvFB0n82UqOyOtfIIZSOCzWFHioGHGbcD8cKhxh5vdQ4R4gGT614y9UAYqHTebuf/AhwbdOw0KcMitIUtSoTPHzWX8DiXpGgoi4lXRBpawDBwoHsUGmLmWn1cLPAbdzr2O0q3vgyf9QH3kXj/i2ub4s3GNSTBkhBYSHQWwb5G/DNkz9/LEVCcVr6UMU5zR0DG4bB09EztlUUNr8ssxi2cwj4MMxbHP7fjYyjvH5uVs2K5QOnOGODlLERbIFNI/9JVH/2utllNTigiUtLyi+OTRhKwizhL9ZZf9a29a8S8+cx8+6+LJD37HeLyUEcR4Xa2nOW/a8CGLUUi/f4/56MufqjoA72j8W2Jp1mjZcfuXqpyQqZV01MdznqOCrJKFN8zV50v/E+RDp0K/YtdFl6mkttxKMkk6WKTA/UNi7UU42iXYpon0QzbuiOGSfrK2PRYFJhsBWroLWQoVKeL3JM+mZmq6H/61rPKiArsieGoJI+o4ZzJC7LWVY1w7fjJwH/BcS5iUgu6ws2KCc1bLhSf9KefDQa+w/lfHYuaTlUlzhL+fyDFhZ0AAq7BcA7GvdYXH5N+lCnxtTT+0f2MbBl5TV/Ll1q3U1myyYbcHA7ROn+oGv9T+g2v+3a5ayVao39nWHdF6ZNuuPcSqBbkh1ybVmRWNPGOTfvGgvAtpwdx6ILkeZo3+3CSeQQxlYcqQe3i9OIBhnZOFG4otKAiVkJyrEUAkuKcYoJke/3O8tByC7wmQQO9A9urVV7kWdwVG6MsPTUORna5aTgZ0iwgkGzobB83kyF/vcXWC0GjjbLeMeYe5X9LCKL0yg50j5wqR16FRYeLj009nPa+gCouYRfrvuGQILDoFsv2nhAajm9jYk2aVRkbIsr2ujwtdH5dS7lYJicabGg==;82d33212414e85aa5ee46b3d24515844dcon ``` You must generate and supply this string as the value of `device_data` for all of the API endpoints that require device monitoring (listed in the sections below). ## Step 6: Customer withdraws consent Customers may withdraw their GDPR cookie consent for specific devices after they provided it. However, you must clearly indicate to the customer in your frontend that this action will likely result in severe consequences, such as an **immediate account block** and **termination of the business relationship.** You must also inform the customer that this security feature is in place to protect them, e.g., from account takeovers. If the customer still wishes to withdraw their consent, call the following endpoint to inform Solaris: ### PATCH Update user consent for device monitoring This endpoint allows you to update a user's consent to device monitoring for a specific device (e.g., if they withdraw the consent). **Request URL:** ```shell PATCH /v1/persons/{person_id}/device_consents/{device_consent_id} ``` **Request example:** ```json { "event_type": "REJECTED", "confirmed_at": "2021-06-25T09:44:25.000Z" } ``` **Response example:** ```json [ { "id": "17a7389adaf83145770d8e6c00a398ddcon", "person_id": "e2bbc86268e9a4667861b73f31dba03bcper", "event_type": "REJECTED", "confirmed_at": "2021-06-25T09:44:25.000Z", "created_at": "2021-06-25T09:44:25.000Z" } ] ``` [Click here to view the full API reference.](/api-reference/identity/identifications/#tag/Device-Monitoring/paths/~1v1~1persons~1%7Bperson_id%7D~1device_consents~1%7Bdevice_consent_id%7D/patch) ## Actions that require device monitoring Prior to calling any of the following API endpoints, you must generate a [device fingerprint](#step-5-get-device-fingerprint-and-send-it-to-solaris) on the customer's device: - **Strong Customer Authentication** - Non-transactional use cases: - [POST Create an SMS challenge](/api-reference/onboarding/device-management/#tag/SMS-challenges/paths/~1v1~1mfa~1challenges~1sms/post) - [PUT Verify SMS OTP](/api-reference/onboarding/device-management/#tag/SMS-challenges/paths/~1v1~1mfa~1challenges~1sms~1%7Bid%7D/put) - [POST Create device signing challenge](/api-reference/onboarding/device-management/#tag/Device-signing-challenges/paths/~1v1~1mfa~1challenges~1devices/post) - [PUT Verify device signing challenge](/api-reference/onboarding/device-management/#tag/Device-signing-challenges/paths/~1v1~1mfa~1challenges~1devices~1%7Bid%7D/put) - Transactional use cases: - [POST Request authorization for a change request](/api-reference/onboarding/device-management/#tag/Change-requests/paths/~1v1~1change_requests~1%7Bchange_request_id%7D~1authorize/post) - [POST Confirm change request authorization](/api-reference/onboarding/device-management/#tag/Change-requests/paths/~1v1~1change_requests~1%7Bchange_request_id%7D~1confirm/post) - **Persons** - [PATCH Update a person](/api-reference/onboarding/persons/#tag/Persons/paths/~1v1~1persons~1%7Bid%7D/patch) - **Customer identification** - [POST Create person identification](/api-reference/identity/identifications/#tag/Person-identifications/paths/~1v1~1persons~1%7Bperson_id%7D~1identifications/post) - [PATCH Request an identification](/api-reference/identity/identifications/#tag/Person-identifications/paths/~1v1~1persons~1%7Bperson_id%7D~1identifications~1%7Bid%7D~1request/patch) - **Device binding** - [POST Create a new device binding](/api-reference/onboarding/device-management/#tag/Device-binding/paths/~1v1~1mfa~1devices/post) - [POST Add new key to a bound device](/api-reference/onboarding/device-management/#tag/Device-binding/paths/~1v1~1mfa~1devices~1%7Bid%7D~1keys/post) - [PUT Verify device binding signature challenge](/api-reference/onboarding/device-management/#tag/Device-binding/paths/~1v1~1mfa~1challenges~1signatures~1%7Bid%7D/put) - **Mobile number management** - [POST Create a mobile number for a person](/api-reference/onboarding/persons/#tag/Person-mobile-numbers/paths/~1v1~1persons~1%7Bperson_id%7D~1mobile_number/post) - [POST Request authorization for a person's mobile number](/api-reference/onboarding/persons/#tag/Person-mobile-numbers/paths/~1v1~1persons~1%7Bperson_id%7D~1mobile_number~1authorize/post) - [POST Reauthorize mobile number](/api-reference/onboarding/persons/#tag/Person-mobile-numbers/paths/~1v1~1persons~1%7Bperson_id%7D~1mobile_number~1reauthorize/post) - [POST Confirm a customer's mobile number](/api-reference/onboarding/persons/#tag/Person-mobile-numbers/paths/~1v1~1persons~1%7Bperson_id%7D~1mobile_number~1confirm/post) - **Cards servicing** - [POST Create a secure view for card details](/api-reference/digital-banking/cards/#tag/Cards-servicing/paths/~1v1~1cards~1%7Bid%7D~1virtual_card_requests/post) - [POST Change card PIN](/api-reference/digital-banking/cards/#operation/solaris_cards_pin_service_save_pin) ## How to test device monitoring You can use the following mock session IDs on **testing environments** to initialize the Seon SDK and trigger suspicious or non-suspicious behavior responses. | Session ID | Mocked behavior | customer_vetting_status value | | --- | --- | --- | | `179ac83968ab42f79e960c1753a4078fdcon` | No suspicious behavior detected | `NO_MATCH` | | `8ed57aeb750a4b44a4186e0d29826a04dcon` | Suspicious behavior detected | `POTENTIAL_MATCH` | note When you create a suspicious device activity using the test ID listed above, Solaris will simulate a potential [Customer Due Diligence](/guides/kyc/cdd) hit and auto-generate a [question set](/guides/compliance/questions-and-answers) for the customer. See the respective guides for more information. ## Further reading: Seon SDK documentation If you'd like to read more about the Seon SDK and how it works, check the following links: - [Seon Android SDK](https://github.com/seontechnologies/seon-android-sdk-public#overview) - [Seon iOS SDK](https://github.com/seontechnologies/seon-ios-sdk-public#overview) - [Seon Web SDK](https://docs.seon.io/api-reference#javascript-agent-v5)