AI Customer Profile & Identity API
Identity Resolution
Deterministic + Probabilistic
Consent & Policy Hooks
Explainable Match Graph
Real-Time Updates
Export/Erase APIs
Operated by Spyface Tech Company, LLC •
30 N Gould St Ste N, Sheridan, WY 82801 USA •
Support: hello@spyface.com
Purpose
The AI Customer Profile & Identity API creates a unified identity layer for travel and medical tourism platforms. It resolves users, travelers, and patients across devices, sessions, channels, and partner systems, producing a canonical profile and a match graph that your downstream systems can trust.
This is not “CRM enrichment” copy. This is an engineering interface: match decisions, scores, evidence, audit artifacts, and privacy controls.
AI Outputs (what you actually consume)
- person_id: stable canonical entity
- match_decision: link / merge / keep-separate
- confidence: calibrated probability
- evidence: explainable features (hashed identifiers, behavioral signals)
- risk_flags: takeover likelihood, synthetic identity indicators
- policy_result: allow / restrict / require-consent
1) Identity Model
The system uses a canonical person_id with attached identifiers and events. Identifiers can be verified, observed, or derived (hashed/normalized) depending on policy.
Entities
- Person: canonical identity (person_id)
- Account: platform login / partner account
- Device: device fingerprint / app instance / browser profile
- Session: time-bounded interaction context
- Event: booking, search, payment attempt, profile update
Identifier Types (examples)
- Email (normalized + hashed), phone (E.164 + hashed)
- Government ID tokens (if applicable and permitted)
- Payment instrument token (network token / vault ref)
- Device/app instance ID, cookie/session ID (policy-dependent)
You control what you send. The API supports hashed identifiers to reduce raw PII exposure.
2) Identity Resolution Engine
Resolution combines deterministic rules with probabilistic matching. The objective is to minimize both false merges (two different people merged) and false splits (same person fragmented), with configurable thresholds per use-case.
// Conceptual decision
if deterministic_key_match(): LINK(confidence=1.0)
else:
p_same = model(features)
if p_same >= merge_threshold: MERGE
else if p_same >= link_threshold: LINK
else: KEEP_SEPARATE
| Mode | When to use | Guarantee |
|---|---|---|
| Deterministic | Verified email/phone, strong login bindings | High precision, low ambiguity |
| Probabilistic | Cross-device, partner data, incomplete identifiers | Calibrated probability + evidence |
| Policy-gated | Health/medical context or higher sensitivity | No action without policy pass/consent hook |
3) Match Graph & Explainability
Every match decision produces a match graph: nodes are identities and identifiers, edges are links with timestamps, confidence, and evidence. This is critical for debugging and audit.
Evidence format
- signals: which signals contributed
- weights: relative contribution (not raw model weights, but explainable attribution)
- trace_id: reproducible decision trace for support investigations
- counterfactuals: what would have changed the decision (optional)
{
"decision":"LINK",
"confidence":0.93,
"trace_id":"trace_8f31c",
"evidence":[
{"signal":"email_hash_match","value":true,"impact":"HIGH"},
{"signal":"device_stability","value":"STABLE","impact":"MEDIUM"},
{"signal":"geo_velocity","value":"NORMAL","impact":"LOW"}
]
}
4) Account Takeover & Synthetic Identity Signals
Identity is also security. The API can emit risk flags to feed your fraud/risk controls and step-up auth.
Account takeover indicators
- Device switch anomalies vs baseline
- Unusual geo velocity patterns (policy + context aware)
- Credential-stuffing signatures (event-level)
- Payment attempt anomalies
Synthetic / duplicate identity indicators
- Many accounts converging to same device cluster
- Unnatural identifier graph topology
- High-entropy name/attribute patterns (optional)
- Repeated verification failures
{
"risk":{
"ato_probability":0.18,
"synthetic_probability":0.07,
"flags":["DEVICE_SHIFT","CLUSTER_DENSITY_RISE"],
"recommended_action":"STEP_UP_AUTH"
}
}
5) Privacy, Consent, and Data Controls
Important
You can run identity in a “minimal PII” mode: hashed identifiers, short retention on event metadata, and strict policy gating for sensitive contexts. Configure these controls to match your privacy program.
| Control | What it does | Typical use |
|---|---|---|
| Consent gating | Blocks linking/merging across scopes without consent | Medical tourism journeys, health intake flows |
| Scope separation | Separate graphs per tenant/product/region | Partners, subsidiaries, white-label |
| Retention policies | Time-bound storage of events/identifiers | Data minimization / compliance |
| Export / erase | Portable profile export and erasure requests | User requests and internal governance |
6) Endpoints
| Method | Endpoint | Purpose |
|---|---|---|
| POST | /v1/identity/ingest | Send identifiers + events |
| POST | /v1/identity/resolve | Resolve to person_id + decision |
| GET | /v1/identity/person/{person_id} | Canonical profile + graph summary |
| GET | /v1/identity/graph/{person_id} | Explainable match graph |
| POST | /v1/identity/merge | Admin merge (policy controlled) |
| POST | /v1/identity/split | Admin split with audit reason |
| POST | /v1/identity/export | Profile export artifact |
| POST | /v1/identity/erase | Erase request + proof |
| POST | /v1/events/outcomes | Feedback loop for calibration |
7) Schemas
Resolve request
{
"request_id":"req_res_2001",
"tenant_id":"t_spyface_demo",
"identifiers":{
"email_hash":"sha256:8b1a...",
"phone_hash":"sha256:91c2...",
"device_id":"dev_77a19",
"account_id":"acc_1902"
},
"attributes":{
"name":"JANE DOE",
"country":"US"
},
"event":{
"type":"BOOKING_ATTEMPT",
"ts":"2026-01-26T17:40:12Z",
"context":{
"product":"HOTEL",
"channel":"WEB",
"ip_prefix":"203.0.113.0/24"
}
},
"policy":{
"scope":"TRAVEL",
"sensitivity":"STANDARD",
"consent":"GRANTED"
}
}
Resolve response
{
"request_id":"req_res_2001",
"person_id":"p_55019",
"decision":"LINK",
"confidence":0.93,
"trace_id":"trace_8f31c",
"evidence":[
{"signal":"email_hash_match","value":true,"impact":"HIGH"},
{"signal":"device_stability","value":"STABLE","impact":"MEDIUM"},
{"signal":"geo_velocity","value":"NORMAL","impact":"LOW"}
],
"risk":{
"ato_probability":0.18,
"synthetic_probability":0.07,
"flags":["DEVICE_SHIFT"],
"recommended_action":"STEP_UP_AUTH"
},
"policy_result":"ALLOW"
}
8) Code Examples
Node.js — Resolve identity
const base = "https://api.spyface.com";
const headers = {
"Authorization": `Bearer ${process.env.SPYFACE_API_KEY}`,
"Content-Type": "application/json"
};
const res = await fetch(`${base}/v1/identity/resolve`, {
method: "POST",
headers,
body: JSON.stringify(payload)
});
const out = await res.json();
if (out.policy_result !== "ALLOW") {
throw new Error("Policy blocked identity action");
}
if (out.risk?.recommended_action === "STEP_UP_AUTH") {
// trigger OTP / WebAuthn / KBA depending on your program
}
console.log(out.person_id, out.decision, out.confidence, out.trace_id);
Python — Minimal PII hashing (email normalization)
import hashlib
def norm_email(s: str) -> str:
return s.strip().lower()
def sha256_hex(s: str) -> str:
return hashlib.sha256(s.encode("utf-8")).hexdigest()
email_hash = "sha256:" + sha256_hex(norm_email("User@Example.com"))
print(email_hash)
9) Operational Playbooks
Prevent false merges
- Use conservative merge_threshold for medical contexts
- Require verified identifiers for merges
- Monitor “merge reversal” rate (split events)
Investigate a user complaint
- Fetch graph: GET /v1/identity/graph/{person_id}
- Check trace_id evidence and timestamps
- Split with reason if needed: POST /v1/identity/split
10) Integration Patterns
Pattern A — Real-time resolve on key events
- Login, booking attempt, payment attempt, profile edit
- Use response to drive personalization and risk controls
Pattern B — Batch reconcile partner identities
- Nightly ingest partner user lists
- Resolve + export canonical mapping for BI/CRM
Support & Implementation
For implementation review, identity graph tuning (thresholds, policy gating, retention), and rollout planning: hello@spyface.com.