Sensfrx integrates smoothly into your existing systems using modern REST APIs, iOS and Android SDKs, and Javascript snippets. Additionally, Sensfrx offers Workflows, a powerful framework for rules sautomation, and Review Queues. These enable users to build a completely secure web application and halt fraud on their marketplace platforms.
To utilize Sensfrx for marketplace platforms, tell us about the transactions and events that happen on your website and/or mobile apps, and the actions you take in response to them. This includes:
Information on how visitors are interacting with your website and/or mobile apps, including which pages they are viewing, what devices they are using, and how long they spend on each page. We immediately obtain this data when you incorporate our JavaScript snippet into your website and our Mobile SDKs into your app.
What actions are significant events in the user lifecycle that your users are taking, such as creating an account, placing an order, sharing content with other users, etc. You will send this data from your application to Sensfrx over our REST API.
How your business is responding to customers (for example, authorizing a transaction, preventing an event due to fraud, canceling an order due to a chargeback, etc.). Additionally, you will send Sensfrx this data from your application via our Decisions API.
You can jump start the integration by filling in a few months' worth of historical data.
Below are two phases for the client side integration of Sensfrx into the web application.
Phase I – Pixel Integration
Users need to include the following script in the web application:
The Below JavaScript snippet needs to be included in the <head> tag just before the head closing tag </head>.
JavaScript code:
<script src="https://p.sensfrx.ai/as.js?p={PROPERTY ID}"></script>
Note: In the script, replace the PROPERTY ID with your Property ID value. Click here to know how to generate property ID and secrete key.
<script>
_sensfrx("userInit", <userid>);
</script>
Note: This line needs to be called only when the user is logged in, the rest of the time it does not need to be called and can be ignored.
Phase II – Getting Request String
Execute the following JavaScript integration script to get request string.
<script>
var as_request_string = _sensfrx("getRequestString");
</script>
Note: The above request string is required in all the api requests. _sensfrx() is a global function and can be called anywhere after the library is included in the code.
Integrating Sensfrx using REST API
To integrate Sensfrx using REST API, add the below lines to instantiate the SDK:
require_once("PATH TO SENSFRX PHP SDK/autoload.php")
obj = new Sensfrx\Sensfrx([
'property_id' => '1234567891234567',
'property_secret' => 'xxxxxxxxxxxxxxxx'
])
NOTE: Instead of required_once, users can call the autoloader any other way they want. Users need to call it first before calling any APIs or functions.
Login attempt and reset password attempt calls:
Login Attempt/Logout:
$res = $obj->loginAttempt( STATUS, USERID, as_request_string, array( 'email' => 'test@gmail.com', 'username' => $username ))
STATUS : Specifies the status of the attempt. There are three statuses, login_succeeded, login_failed, and logout.
USERID : Specifies the user’s unique identification id.
NOTE: If the event result is login_failed and the entered username/email does not exist, you can send an empty string here.
as_request_string : This is the value that we receive from point (1) part of JavaScript. The boldened part is optional but we encourage users to provide that information as well so we can keep information presentable and get better results. The array has two values.
Email : Specify the user’s email address.
Username : Specify the user’s name.
Response : The RESPONSE will be in JSON format with the following values:
a) status = allow, challenge, deny
Allow | Allows the users to login |
Challenge | The user shows some suspicious activities. An alert will be sent through an email or asking them some queries to confirm if it is the user, or giving some challenge. |
Deny | The user’s device is compromised, and the system has denied the user login. The user should not be allowed to login unless he verifies it physically or via email or phone number. |
b) severity = low, medium, high, critical
The severity field will be empty when status is “allow.”
low | Indicates safe login and can be ignored |
medium | Indicates some suspicious activities and details are shown |
high | Indicates severe suspicious activities are shown over a period of time |
critical | This means its critical and user should be given a very tough challenge to verify |
c) message = This will contain a message suggesting the reason if deny or challenge.
d) device = Device’s information.
device_id = device’s unique identification id you can use this while calling device
management APIs
name = device name in “Browser on OS” format, its to be used as it as for device name.
ip = IP address of visitor
location = Location string with city, state and country. To be used as it is for location
Reset Password Attempt:
$res = $obj->passwordResetAttempt ( STATUS, USERID, as_request_string, array( ’email’ => ‘test@gmail.com’, ‘username’ => $username ) );
STATUS = This can have 2 values: reset_password_succeeded, reset_password_failed
USERID = This argument must have user’s unique identification id. . NOTE: In case the even is
reset_password_failed and the entered username/email doesn’t exist you can send empty string
here.
as_request_string = This is the value that we receive from the point (1) part of javascript.
The boldened part is optional but we encourage our customers to provide those information as well so we can keep information presentable and to get better results. The array has 2 values as you can see.
‘email’ = user’s email to be provided here
‘username’ = user’s username to be provided here
RESPONSE : RESPONSE will be in JSON format with following values:
a) status = allow, challenge, deny
allow | Allow the user to login |
|
|
challenge | User has show some suspicious activities. You can let them now by sending an | email about it, or asking them some queries to confirm it is them or giving some | challenge. |
deny | We are sure that this user’s device is compromised he has to be denied login. The | user shouldn’t be allow to login unless he verifies it physically or via email or | phone number. |
b) severity = low, medium, high, critical (it will be empty when status is allow)
low | This is usually a safe one so can be ignored |
medium | This means some suspicious activities are shown |
high | This means some severe suspicious activities are shown over a period of time |
critical | This means its critical and user should be given a very tough challenge to verify |
c) message = This will contain a message suggesting the reason if deny or challenge.
d) device = Device’s information.
device_id = device’s unique identification id you can use this while calling device
management APIs
name = device name in “Browser on OS” format, its to be used as it as for device name.
ip = IP address of visitor
location = Location string with city, state and country. To be used as it is for location.
If you’re not seeing a client library in a language you use, don’t hesitate to contact us at info@sensfrx.ai