Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.grantiva.io/llms.txt

Use this file to discover all available pages before exploring further.

Every attestation returns a risk category — but the full numeric score depends on your plan.
PlanWhat you get
FreeRisk category only: Trusted, Suspicious, or Blocked
Pro / Business / EnterpriseFull 0–100 numeric risk score + category
On the Free plan, risk_score is null in the attestation JWT. Use risk_category to make access decisions. See Backend Verification for details.

Score ranges

On Pro, Business, and Enterprise plans, the numeric score maps to these levels:
RangeLevelCategoryDescription
0–20LowTrustedStock OS, legitimate app, normal behavior.
21–50MediumSuspiciousSome risk indicators. May warrant additional verification.
51–75HighSuspiciousSignificant risk. Consider blocking sensitive operations.
76–100CriticalBlockedLikely compromised. Block access or require re-verification.

Risk factors

The score considers multiple signals:
  • Jailbreak detection — Is the device jailbroken or rooted?
  • Device integrity — Does the attestation pass Apple’s checks?
  • Attestation history — Is this device’s behavior consistent?
  • Anomaly detection — Unusual patterns (rapid attestations, geographic jumps, etc.)
  • Device age — First-time vs. returning devices
  • OS version — Known vulnerable OS versions

Using risk data

By category (all plans)

Every plan returns a risk_category in the attestation JWT. Use the numeric score ranges to branch in Swift: 
let result = try await grantiva.validateAttestation()
// Trusted: 0–20 | Suspicious: 21–75 | Blocked: 76–100
let score = result.deviceIntelligence.riskScore

if score <= 20 {
    proceedNormally()
} else if score <= 75 {
    requestAdditionalAuth()
} else {
    blockAccess()
}
The risk_category string is also available directly from the decoded JWT on your backend. See Backend JWT Verification.

By numeric score (Pro / Business / Enterprise)

If your plan includes the numeric score, you can use finer-grained thresholds: 
let result = try await grantiva.validateAttestation()
let score = result.deviceIntelligence.riskScore

switch score {
case 0...20:
    proceedNormally()
case 21...50:
    requestAdditionalAuth()
case 51...75:
    limitAccess()
default:
    blockAccess()
}
On the Free plan, riskScore is 0 and risk_score is null in the JWT. Use risk_category from the decoded JWT to make tier-safe access decisions on Free.

On your backend

Decode the JWT to read risk data: 
{
  "device_intelligence": {
    "risk_score": 15,
    "risk_category": "trusted",
    "jailbreak_detected": false,
    "device_integrity": "valid"
  }
}

Webhooks

On Business and Enterprise plans, webhooks fire for risk-related events:
  • device.high_risk — A device exceeds your risk threshold
  • device.new — First attestation from a new device
  • device.attestation_failed — A device fails attestation
  • attestation.anomaly — Unusual attestation pattern detected
See Webhooks for setup.

Dashboard analytics

The analytics dashboard shows risk distribution, high-risk device trends, and jailbreak detection rates. See Analytics.