Solutions

Resources

Documentation

Pricing

Book a Demo

Auth

Verify once. Trust the device. Reduce friction forever.

Create persistent trust sessions that recognize returning users. Cut re-verification costs and keep your UX smooth.

Start for Free

Talk to Sales

Your auth stack has blind spots

Sessions live in isolation

Your user verifies their phone number, confirms a device, passes fraud checks. Then they log in and the session knows none of it.

Fraud detection happens too late

Risk scoring is a separate layer, blind to what happened during onboarding and phone verification.

AI blind spots

Legacy auth assumed every session belongs to a human. It has no answer for agents, bots, and synthetic accounts growing in traffic share.

The Prelude Way

One platform.
Shared verification signals

Granular

Security that starts before authentication

Phone verification signals do not stop at OTP. Device ID, IP address, network fingerprint, and fraud score flow directly into every authentication decision, step-up trigger, and session trust score that follows.

Bot and agent detection

Network fingerprinting at the edge identifies clients before they hit the auth flow, whether that client is a browser, a mobile app, or an AI agent. Device ID correlation stops synthetic accounts and automated attacks without blocking real users.

Network fingerprinting

Device ID

RFC 9449 DPoP

Proof of possession tokens bound to the client's key pair. Token reuse triggers automatic revocation across all user sessions. Enforced at the protocol level with no config required.

RFC 9449

Auto-revocation

OAuth flows protected by PKCE

Every social login uses PKCE (Proof Key for Code Exchange). The SDK generates a unique code verifier and challenge pair per attempt. A stolen token is useless without the verifier, which never leaves the browser. Replay attacks and CSRF are blocked at the protocol level.

Enterprise SSO, ready on day one

Let users sign in with their company identity through SAML. Close enterprise deals without building auth infrastructure you don't own.

Extra secure critical actions

Step-Up security based on your logic

For critical actions like payments, password changes, and data exports, Auth calls a webhook on your backend. You receive full context. You decide.

multi routing delivery for transactional sms

Use all these step types. Mix and match freely.

verify_sms

verify_email

biometric_check

kyc_review

document_scan

security_question

No redundant friction. Better user experience

If a user verified via OTP to log in, they should not need to verify again to change their password. Auth tracks verification state per session and carries it forward into downstream actions.

Why teams switch to Prelude Auth API

Direct OTP cost savings

Fewer verifications means lower SMS spend. Trusted returning devices never trigger an OTP.

Higher quality user base

Block disposable numbers, VoIP, and known fraud patterns at signup. Only real users reach your product.

Single platform

Our SDKs for iOS, Android, and React Native lets you implement secure, instant verification without compromising the user experience

Custom logics

Granular control over when to re-verify. Per-segment, per-risk-tier, per-action. Your rules, enforced consistently.

Responsive Support

Our team is here to guide you from start to finish through dedicated Slack channel or email.

Every login method your users expect

Full auth surface out of the box. SMS OTP and email OTP carry Verify API signals forward into the session. Every other method feeds the same device trust graph.

Enterprise-grade security

Built for teams with serious security requirements

SOC 2 Type II and ISO 27001 certified. Data is encrypted at rest and in transit, hosted in the EU, and never sold or shared.

SOC 2 Type II

ISO 27001

GDPR-ready

Built in Europe

GSMA member

Easy to migrate, Easy to maintain

Clean REST, standard JWTs, and SDKs that follow familiar patterns. Works with any backend. Import your existing users and carry over any custom field with no re-auth required.

Full auth flow in less than 15 lines

// signup or login
const client = new PrldSessionClient({
  domain: "yourdomain.com",
  sdkKey: "sdk_examplekey"
});

await client.startOTP({ identifier: { type: "phone_number", value: phone } });
await checkOTP({ code });

// get

Migrate your existing users

{
  "user_id": { "$input": "user_id" },
  "loyalty_tier": { "$custom_claim": "loyalty_tier"

Import user databases directly via the Management API. Custom claims carry any field from your current system into every Prelude-issued JWT.

Sessions pick up new claim mappings on next refresh.

Docs

Run every onboarding decision on one stack.

Convert real users. Block fake ones.

Start for Free

Talk to Sales

An integrated platform

Auth

works out of the box with

Verify

and

Notify

A single

platform.

A single

invoice.

Start for free

Talk to sales

Verify once. Trust the device. Reduce friction forever.

Your auth stack has blind spots

Sessions live in isolation

Fraud detection happens too late

AI blind spots

One platform. Shared verification signals

Security that starts before authentication

Bot and agent detection

RFC 9449 DPoP

OAuth flows protected by PKCE

Enterprise SSO, ready on day one

Step-Up security based on your logic

Use all these step types. Mix and match freely.

No redundant friction. Better user experience

Why teams switch to Prelude Auth API

Direct OTP cost savings

Higher quality user base

Single platform

Custom logics

Responsive Support

Every login method your users expect

Built for teams with serious security requirements

Easy to migrate, Easy to maintain

Full auth flow in less than 15 lines

Migrate your existing users

Run every onboarding decision on one stack.

works out of the box with

and

A single

platform.

A single

invoice.

One platform.
Shared verification signals