View Source

Concepts

Understanding how Autheona operates ensures you can integrate our platform effectively and leverage its full range of capabilities. This guide outlines the core architectural concepts that power our real-time user trust intelligence engine.

Trust Intelligence

At its core, Autheona provides trust intelligence, which is a structured assessment of the legitimacy of a user signup attempt. Rather than a simple binary pass/fail result, our API returns actionable signals. These signals empower you to make informed, data-driven decisions on whether to accept, flag, or reject a user.

Trust intelligence synthesizes input from multiple verification engines, each analyzing distinct aspects of the signup data to generate a comprehensive risk profile.

Verification Engines

Autheona utilizes specialized verification engines, each architected to identify specific risk patterns and types of abuse.

  • Email Engine: Analyzes email addresses to identify signs of manipulation, usage of disposable email services, and sophisticated evasion tactics.
  • IP Engine (BETA): Analyzes network-level signals to detect bot activity, VPN usage, and suspicious geographic patterns. This engine provides both Standard and Advanced tiers of analysis.

Policy Engine

The Policy Engine allows you to define how Autheona responds to specific verification results. Instead of relying on default behaviors, you can create custom rules tailored to your application requirements.

How Policies Work

Policies function as rules that evaluate verification signals to trigger a specific action. Examples include:

  • Blocking signups from disposable email domains.
  • Flagging accounts using plus-addressing for manual review.
  • Requiring additional verification steps for high-risk IP addresses.

Policy References

References are reusable conditions that policies can utilize. You may create a reference for "disposable email domains" or "known VPN IP ranges" and apply it across multiple policies. This approach keeps your rules maintainable and adheres to DRY (Don't Repeat Yourself) principles.

  • Developer Plans: Support up to 10 references.
  • Team Plans: Support up to 100 references.
  • Business Plans: Offer unlimited references.

API Calls and Limits

Every verification request sent to Autheona counts as one API call. Understanding our metering helps you select the plan that best fits your scale:

  • Assigned API Calls: The number of calls included in your monthly subscription.
  • Additional API Calls: Requests made beyond your assigned limit, billed at a per-call rate.
  • Hard Cap: Certain plans, such as the Developer plan, impose a maximum call limit, whereas others provide unlimited calls with applicable overage billing.

You may utilize API calls across both Production and Sandbox projects to facilitate thorough testing prior to deployment.

Velocity Checking

Velocity checking is a security feature designed to detect rapid, repeated actions originating from the same source, which is a common indicator of automated abuse. If a single email or IP address attempts multiple signups within a short timeframe, Autheona can flag or throttle the activity, effectively protecting your infrastructure from automated signup storms.

Projects

Autheona organizes your implementation into projects:

  • Sandbox Projects: Use these environments for all development, testing, and integration work.
  • Production Projects: Use these environments for live, public-facing applications.

Both project types are available in unlimited quantities across all plans, enabling you to isolate different applications or deployment environments as needed.

Integration Architecture

Autheona is built upon RESTful principles, ensuring compatibility without the need for heavy SDKs or complex dependencies.

  • Send a POST request to our verification endpoint.
  • Include the user's email address and optional metadata.
  • Receive a structured JSON response containing trust signals and recommended actions.

This minimal-footprint architecture allows for rapid integration, enabling you to maintain full control over your user authentication flow.