Skip to main content
Authsignal actions are the building blocks that let you create contextual, risk-based authentication flows. Actions represent specific user activities or events in your application that might require authentication. These can range from routine operations like sign-in to high-risk activities like withdrawing funds, changing account settings, or making large purchases.

Creating an action

To create an action, navigate to the actions page and click the Create a new action button.
Creating actions in the Authsignal dashboard

Core components of an action

1. Action outcomes

Every action in Authsignal results in one of four possible outcomes that determine how to handle the user’s request:
  • ALLOW: Let the action proceed without additional authentication
  • CHALLENGE: Require the user to complete an authentication challenge
  • REVIEW: Place the action in a queue for manual review
  • BLOCK: Prevent the action from proceeding entirely
Action outcomes
Each action has a configurable default outcome that determines what happens when no rules are triggered. However, when you create rules for an action, those rules can override the default outcome.

2. Rules

The conditional logic that determines which outcome to apply based on risk factors and context. Rules can override the action’s default outcome. When you track an action, you provide the context needed for evaluation:

Setting up your action

1. Tracking an action

In your app’s backend, use an Authsignal Server SDK to track an action which represents what your user is doing (e.g. withdraw-funds). This step will return a token which can be passed to a client SDK to perform a challenge for that user.

2. Challenging the user

Challenging the user performing an action.
In your frontend, call setToken with the client token obtained, then use the relevant SDK methods to progress the user through a challenge.

3. Validating a challenge

After the user completes the challenge, you’ll receive a token that you can validate on your backend to verify the authentication result. For pre-built UI, this token is appended to your redirect URL as a query parameter, while for custom UI implementation, you’ll get the token directly from the challenge completion result.
Pass the token obtained from the challenge result to your backend and validate it server-side to complete authentication.