Rupt does two main things:
On a high level, Rupt uses client & server-side signals to infer if more than one person uses a given account. The signals include but are not limited to the number of unique devices associated with this account, the frequency of access, the IP information, impossible travel signals, and more.
In order for Rupt to get these signals, you integrate a client library (JS, iOS, Android) into your project and call an
attach function that links the device to the user's account.
Rupt will intervene (if configured to do so) in one of two cases:
Then Rupt will redirect the user to a
Challenge page. This is a customized and branded page where users are asked to create their own account. If the user elects to create a new account, Rupt will redirect to a URL of your choice to guide them to create a new account.
If this account owner, they need to verify ownership via multi-factor-authentication (can be turned off in the settings too).
After verifying ownership of the account, if there are too many devices associated with the account, the user will be asked to log out devices until the number of devices is within your configured limit.
Once the user is back within the device limit. They can continue using the app. If we detect another person (using intelligent signals), then we start the same journey again.
Of course, this is only a high-level overview. You can customize almost every part of the flow and even use code and APIs to create your entirely manual flow. But this gives you an idea of how Rupt prevents account sharing and converts account sharers into happy paying customers.