Connect

Connect your application to the mobile network for real-time fraud detection and frictionless authentication. Query SIM swap, call forwarding, and device swap signals before every sensitive action — or go fully passwordless with Silent Authentication, which verifies users automatically in the background without sending a single OTP. Simple API calls, no user interaction required.

FAQ

Frequently asked questions

Product & fit

Do users need to do anything for these checks to work?

No. All three checks are network-side queries — your server calls the tyntec API directly. The user’s device is not involved. There is no SDK to install, no app permission required, and no visible interaction for the user.

How quickly do the checks respond?

All three endpoints return results in real time, typically under one second. They are designed to be queried inline with your authentication flow without adding meaningful latency.

Can I query all three signals in a single call?

Not currently — each signal is a separate endpoint. In practice this means up to three API calls per authentication event. Given the sub-second response times, querying all three adds only a few hundred milliseconds to your flow.

What does it mean if swapped=false or active=false?

It means no SIM or Device change or active call forwarding was detected within the queried window. This is a positive signal — the number appears to be in a stable, normal state. It does not guarantee the user is who they claim to be, but it removes the most common network-level fraud vectors.

Is this available for all mobile operators globally?

Coverage depends on mobile network operator integrations, which vary by market. Check with your tyntec account manager for coverage in your target geographies before integrating. You should always handle a 404 NOT_FOUND response gracefully — it typically means the number or operator is not covered.

What should I do when I get a 404 NOT_FOUND?

This usually means the phone number is not found in the network — either the operator is not covered, the number is invalid, or the subscriber record is not accessible. Treat 404 as inconclusive rather than as a pass or fail. Fall back to your standard OTP flow.

What happens if I don’t pass maxAge?

The default lookback window of 240 minutes is applied. For most use cases this is appropriate. If you need a different window — shorter for low-friction flows or longer for high-risk transactions — pass the maxAge value explicitly.

Technical

Can I use these signals without sending an OTP at all?

Yes. If all signals are negative (no SIM swap, no forwarding, no Device Swap), you may choose to treat the session as low-risk and allow it without any OTP. This is a risk decision for your team — tyntec’s signals are inputs to your risk model, not the final decision maker.

Are these checks GDPR compliant?

tyntec processes phone numbers as personal data. Queries are made on a per-request basis and are not stored beyond what is required for technical processing. Review tyntec’s Data Privacy Statement at https://www.tyntec.com/data-privacy-statement/, and ensure your own Data Processing Agreement with tyntec is in place before going live.