Solutions

Resources

Documentation

Pricing

Book a Demo

Auth

Verify once. Trust the device. Reduce friction forever

Create persistent trust sessions that recognize returning users. Cut re-verification costs and keep your UX smooth.

Start for Free

Talk to Sales

Your auth stack has blind spots

Sessions live in isolation

Your user verifies their phone number, confirms a device, passes fraud checks. Then they log in and the session knows none of it.

Fraud detection happens too late

Risk scoring is a separate layer, blind to what happened during onboarding and phone verification.

AI blind spots

Legacy auth assumed every session belongs to a human. It has no answer for agents, bots, and synthetic accounts growing in traffic share.

The Prelude Way

One platform.
Shared Verification signals

Granular

Security that starts before authentication

Phone verification signals do not stop at OTP. Device ID, IP address, network fingerprint, and fraud score flow directly into every authentication decision, step-up trigger, and session trust score that follows.

Bot and agent detection

Network fingerprinting at the edge identifies clients before they hit the auth flow, whether that client is a browser, a mobile app, or an AI agent. Device ID correlation stops synthetic accounts and automated attacks without blocking real users.

Network fingerprinting

Device ID

RFC 9449 DPoP

Proof of possession tokens bound to the client's key pair. Token reuse triggers automatic revocation across all user sessions. Enforced at the protocol level with no config required.

RFC 9449

Auto-revocation

OAuth flows protected by PKCE

Every social login uses PKCE (Proof Key for Code Exchange). The SDK generates a unique code verifier and challenge pair per attempt. A stolen token is useless without the verifier, which never leaves the browser. Replay attacks and CSRF are blocked at the protocol level.

Extra secure critical actions

Step Up security based on your logic

For critical actions like payments, password changes, and data exports, Auth calls a webhook on your backend. You receive full context. You decide.

multi routing delivery for transactional sms

Use all these step types. Mix and match freely.

verify_sms

verify_email

biometric_check

kyc_review

document_scan

security_question

No redudant friction. Better User experience

If a user verified via OTP to log in, they should not need to verify again to change their password. Auth tracks verification state per session and carries it forward into downstream actions.

Why teams switch to Prelude Auth API

Direct OTP cost savings

Fewer verifications means lower SMS spend. Trusted returning devices never trigger an OTP.

Higher quality user base

We’ve partnered with industry leaders like GSMA to ensure our open-source intelligence database remains one of the most comprehensive on the market.

Single platform

Our SDKs for iOS, Android and React Native let you implement secure, instant verification without compromising the user experience

Custom logics

As a SOC 2 Type II compliant provider, we adhere to the highest standards of data protection and privacy to ensure your information is handled with care and integrity.

Responsive Support

Our team is here to guide you from start to finish through dedicated Slack channel or email, making your challenges our owns.

Every login method your users expect

Full auth surface out of the box. SMS OTP and email OTP carry Verify API signals forward into the session. Every other method feeds the same device trust graph.

Enterprise grade security

Built for teams with serious security requirements

If a user verified via OTP to log in, they should not need to verify again to change their password. Auth tracks verification state per session and carries it forward into downstream actions.

SOC 2 Type II

ISO 27001

GDPR-ready

Built in Europe

GSMA member

Easy to migrate, Easy to maintain

Clean REST, standard JWTs, and SDKs that follow familiar patterns. Works with any backend. Import your existing users and carry over any custom field with no re-auth required.

Full auth flow in less than 15 lines

// signup or login
const client = new PrldSessionClient({
  domain: "youdomain.com",
  sdkKey: "sdk_examplekey"
});

await client.startOTP({ identifier: { type: "phone_number", value: phone } });
await checkOTP({ code });

// get

Migrate your existing users

{
  "user_id": { "$input": "user_id" },
  "loyalty_tier": { "$custom_claim": "loyalty_tier"

Import user databases directly via the Management API. Custom claims carry any field from your current system into every Prelude-issued JWT.

Sessions pick up new claim mappings on next refresh.

Docs

Run every onboarding decision on one stack.

Convert real users. Block fake ones.

Start for Free

Talk to Sales

An integrated platform

Auth

works out of the box with

Verify

and

Notify

A single

platform.

A single

invoice.

Start for free

Talk to sales

Verify once. Trust the device. Reduce friction forever

Your auth stack has blind spots

Sessions live in isolation

Fraud detection happens too late

AI blind spots

One platform. Shared Verification signals

Security that starts before authentication

Bot and agent detection

RFC 9449 DPoP

OAuth flows protected by PKCE

Step Up security based on your logic

Use all these step types. Mix and match freely.

No redudant friction. Better User experience

Why teams switch to Prelude Auth API

Direct OTP cost savings

Higher quality user base

Single platform

Custom logics

Responsive Support

Every login method your users expect

Built for teams with serious security requirements

Easy to migrate, Easy to maintain

Full auth flow in less than 15 lines

Migrate your existing users

Run every onboarding decision on one stack.

works out of the box with

and

A single

platform.

A single

invoice.

One platform.
Shared Verification signals