Overview
When Stytch returns anALLOW verdict, it is because this request does not raise warning flags or it matches known-good device configurations. You can allow the privileged action.
Allow verdicts in the API
When you receive anALLOW verdict in the Fingerprint Lookup response, you should allow the request associated with that Telemetry ID to proceed.
If you maintain your own risk score based on cumulative Device Fingerprinting verdicts, you should assign a low level of risk to an ALLOW verdict.
Allow verdicts in Protected Auth
When Protected Auth is enabled, the Stytch SDK will allow requests to proceed when anALLOW verdict is returned.
Blocking a device or device group receiving an allow verdict
Fraud is an adversarial environment, so some bad actors may still receiveALLOW verdicts. This may be due to manual abuse (where a human is clicking on their own browser) or novel evasion techniques.
To block a device or group of devices that’s receiving an ALLOW verdict, set a rule to BLOCK that traffic.