KBA is a two-step out-of-wallet identity verification flow. The first call resolves the subject against Enformion's identity graph and returns a dynamically generated multiple-choice questionnaire derived from the subject's real-world history (addresses, counties, associates, employers, etc.). The second call submits the user's answers and returns a final pass/fail decision.
Search types
Step 1 uses
requestType: KBA— it combines identity verification signals with questionnaire generation.
Step 2 usesrequestType: KBA— it scores the answers and returns a final decision.
About the decision field
Every response includes a top-level
decisionfield with one of four values:Approve,Challenge,Review, orDeny. On Step 1,Challengemeans the identity resolved but KBA is required — thekba.questionnaireobject will be populated. On Step 2, thedecisionis the final authoritative verdict.
Session correlation
The two calls are linked by
correlationIdandauthenticationId. Both values are issued in the Step 1 response and must be echoed back in the Step 2 request. ThereferenceTransactionIdon Step 2's response will point back to Step 1's transaction.
Two-step flow
| Step | requestType | Purpose | Key inputs | Key outputs |
|---|---|---|---|---|
| 1. Get questions | KBA IDV | Resolve identity and generate quiz | Name, DOB, SSN, Address, Email | decision, kba.questionnaire, correlationId, authenticationId |
| 2. Submit answers | KBA | Score quiz, return final verdict | correlationId, authenticationId, QuestionAnswers | Final decision |
Typical flow
- Collect the subject's identity data (name + DOB minimum; SSN or address strongly recommended).
- Call Step 1. Inspect
decision:Approve→ identity resolved with high trust; KBA may be skipped depending on your policy.Challenge→ present the questions inkba.questionnaire.questionsto the user.Deny/Review→ halt or route to manual review; questionnaire will not be populated.
- User selects one answer per question (each
choiceType.typeisSINGLE_CHOICE; the last option is always "NONE OF THE ABOVE"). - Call Step 2 with
correlationId,authenticationId,QuestionnaireId, and theQuestionAnswersarray. - Consume the Step 2
decisionas the final KBA verdict.
QuizMode
Both calls accept a QuizMode parameter:
| Value | Behavior |
|---|---|
Strict | Strict would require 5 questions, and at at least 4 of the questions need to be answered correctly. |
Moderate | A moderate approach is 3 questions with 2 answered correctly. |
| Loose | A loose approach would be 3 questions where 3 are answered correctly. If the customer only answers 2 correctly, they are given a 4th question. If they answer the 4th question correctly, they pass. If they do not answer the 4th question correctly, they fail. If they do not answer any questions correctly, they fail. They are not given a 4th question. If they only answer 1 question correctly, they fail. They are not given a 4th question. |
Use Strict for high-risk workflows (account recovery, high-value transactions). Use Loose for standard identity verification.