Server-side SDK
Integrating Sensfrx on client application guarantees that you greatly lower chargebacks and safeguard your revenue by precisely identifying and blocking both new and established fraudsters with comparable tendencies. We can provide precise, real-time choices for both known and undiscovered types of fraud thanks to the Sensfrx Decision Engine, allowing businesses to develop and scale without the need for more resources.
Server-end Integration of Sensfrx
Prerequisites:
Must have prior expertise in API to ensure correct API integration.
Must handle data securely as the API transmits PII.
Must have a Sensfrx API Key.
Understanding of your registration, login and checkout flow.
Must provide the IPs to Sensfrx for whitelisting.
There are two ways to perform integration on server-side code:
SDK: Software Development Kits (SDKs) ease the integration process. For more information on available SDKs, see the SDK page.
REST API: If you do not want to use SDKs, then you can choose the REST APIs which can be directly integrated on the server-side. Refer how to integrate Sensfrx using REST API.
Add the below lines to instantiate the SDK:
require_once("PATH TO SENSFRX PHP SDK/sensfrx-php-sdk/SensFRX/autoload.php");
obj = new Sensfrx\Sensfrx([
'property_id' => '1234567891234567',
'property_secret' => 'xxxxxxxxxxxxxxxx'
]);NOTE: Instead of required_once, users can call the autoloader any other way they want. Users need to call it first before calling any APIs or functions.
Click here to know how to generate property ID and secrete key.
Available SDK Functions for API Requests
1) Login Attempt :
$res = $obj->loginAttempt( STATUS, USERID, as_request_string, array( 'email' => 'test@gmail.com', 'username' => $username,'phone'=>$phone,'password'=>$hashpassword ));STATUS : Specifies the status of the attempt. There are three statuses, login_succeeded, login_failed, and logout.
USERID : Specifies the user’s unique identification id.
NOTE: If the event result is login_failed and the entered username/email does not exist, you can send an empty string here.
as_request_string : This is the value that we receive from client side integration. The boldened part is optional but we encourage users to provide that information as well so we can keep information presentable and get better results.
Email : Specify the user’s email address.
Username : Specify the user’s name.
phone : Specify the user’s phone.
password : Specify the user’s password hash.
Response :
{
"status": "allow",
"severity": "low",
"risk_score": 10,
"shadow_mode": "0",
"device": {
"device_id": "NcM5iaeGTuMZVfE%2BiEnioQYXpaOQ%2FXy26UL2DKXDD3EalzBzObwEEaV7WW35MbkI8t6J3%2BsNx%2BTVPyI7v5bgcls3ZhN6kjGr4ktvOu5dmKtCyKxkG%2BfULXQPt4hdv2ktlXTWxRR0%2B3UsJ3ux5WDs98bJD1YHz432",
"name": "Chrome on Windows 10",
"ip": "45.252.74.134",
"location": "Pune, MH, IN"
},
"message": "Login Request successfully reached."
}The response will be in JSON format with the following values:
a) status = allow, challenge, deny
Allow | Allows the users to login |
Challenge | The user shows some suspicious activities. An alert will be sent through an email or asking them some queries to confirm if it is the user, or giving some challenge. |
Deny | The user’s device is compromised, and the system has denied the user login. The user should not be allowed to login unless he verifies it physically or via email or phone number. |
b) severity = low, medium, high, critical
The severity field will be empty when status is “allow.”
low | Indicates safe login and can be ignored |
medium | Indicates some suspicious activities and details are shown |
high | Indicates severe suspicious activities are shown over a period of time |
critical | This means its critical and user should be given a very tough challenge to verify |
c) device = Device’s information.
device_id = device’s unique identification id you can use this while calling device
name = device name in “Browser on OS” format, its to be used as it as for device name.
ip = IP address of visitor
location = Location string with city, state and country. To be used as it is for location
2) Register Attempt:
$res = $obj->registerAttempt( STATUS, as_request_string, array('email'=>$email,'name'=>$name,'phone'=>$phone,'password'=>$hashpassword ) ); STATUS: This can have 2 values: register_succeeded,register_failed
as_request_string : This is the value that we receive from client side integration.The boldened part is optional but we encourage our customers to provide those information as well so we can keep information presentable and to get better results.
Email : Specify the user’s email address.
name : Specify the user’s name.
phone : Specify the user’s phone.
password : Specify the user’s password hash.
Response:
{
"status": "allow",
"severity": "low",
"risk_score": 10,
"shadow_mode": "0",
"device": {
"device_id": "NcM5iaeGTuMZVfE%2BiEnioQYXpaOQ%2FXy26UL2DKXDD3EalzBzObwEEaV7WW35MbkI8t6J3%2BsNx%2BTVPyI7v5bgcls3ZhN6kjGr4ktvOu5dmKtCyKxkG%2BfULXQPt4hdv2ktlXTWxRR0%2B3UsJ3ux5WDs98bJD1YHz432",
"name": "Chrome on Windows 10",
"ip": "45.252.74.134",
"location": "Pune, MH, IN"
},
"message": "Register Request successfully reached."
}Response will be in JSON format with following values:
a) status = allow, challenge, deny
allow | Allow the user to Register |
challenge | User has show some suspicious activities. You can let them now by sending an email about it, or asking them some queries to confirm it is them or giving some challenge. |
deny | We are sure that this user’s device is compromised. The user shouldn’t be allow to register unless he verifies it physically or via email or phone number. |
b) severity = low, medium, high, critical (it will be empty when status is allow)
low | This is usually a safe one so can be ignored |
medium | This means some suspicious activities are shown |
high | This means some severe suspicious activities are shown over a period of time |
critical | This means its critical and user should be given a very tough challenge to verify |
c) device = Device’s information.
device_id = device’s unique identification id you can use this while calling device
name = device name in “Browser on OS” format, its to be used as it as for device name.
ip = IP address of visitor
location = Location string with city, state and country. To be used as it is for location.
3) Reset Password Attempt:
$res = $obj->passwordResetAttempt ( STATUS, USERID, as_request_string, array( ’email’ => ‘test@gmail.com’, ‘username’ => $username ) ); STATUS: This can have 2 values: reset_password_succeeded, reset_password_failed
USERID : This argument must have user’s unique identification id. . NOTE: In case the even is reset_password_failed and the entered username/email doesn’t exist you can send empty string here.
as_request_string : This is the value that we receive from client side integration.The boldened part is optional but we encourage our customers to provide those information as well so we can keep information presentable and to get better results.
Email : Specify the user’s email address.
Username : Specify the user’s name.
Response:
{
"status": "allow",
"severity": "low",
"risk_score": 10,
"shadow_mode": "0",
"device": {
"device_id": "NcM5iaeGTuMZVfE%2BiEnioQYXpaOQ%2FXy26UL2DKXDD3EalzBzObwEEaV7WW35MbkI8t6J3%2BsNx%2BTVPyI7v5bgcls3ZhN6kjGr4ktvOu5dmKtCyKxkG%2BfULXQPt4hdv2ktlXTWxRR0%2B3UsJ3ux5WDs98bJD1YHz432",
"name": "Chrome on Windows 10",
"ip": "45.252.74.134",
"location": "Pune, MH, IN"
},
"message": "Password Reset Request successfully reached."
}Response will be in JSON format with following values:
a) status = allow, challenge, deny
allow | Allow the user to reset password |
challenge | User has show some suspicious activities. You can let them now by sending an email about it, or asking them some queries to confirm it is them or giving some challenge |
deny | We are sure that this user’s device is compromised. The user shouldn’t be allow to reset password unless he verifies it physically or via email or phone number. |
b) severity = low, medium, high, critical (it will be empty when status is allow)
low | This is usually a safe one so can be ignored |
medium | This means some suspicious activities are shown |
high | This means some severe suspicious activities are shown over a period of time |
critical | This means its critical and user should be given a very tough challenge to verify |
c) device = Device’s information.
device_id = device’s unique identification id you can use this while calling device
name = device name in “Browser on OS” format, its to be used as it as for device name.
ip = IP address of visitor
location = Location string with city, state and country. To be used as it is for location.
4) Transaction Attempt:
$res = $obj->transactionAttempt( STATUS, as_request_string,
array( ‘user_id’ => $user_id,
’email’ => $email,
‘username’ => $username,
‘first_name’ => $first_name,
‘last_name’ => $last_name,
‘phone_no’ => $phone_no,
‘transaction_id’ => $transaction_id,
‘invoice_id’ => $invoice_id,
‘affiliate_id’ => $affiliate_id,
‘affiliate_name’ => $affiliate_name,
‘transaction_type’ => $transaction_type,
‘payment_mode’ => $payment_mode,
‘payment_provider’ => $payment_provider,
‘card_type’ => $card_type,
‘card_fullname’ => $card_fullname,
‘card_bin’ => $card_bin,
‘card_expire’ => $card_expire,
‘card_last’ => $card_last,
‘cvv’ => $cvv,
‘transaction_amount’ => $transaction_amount,
‘tax_amount’ => $tax_amount,
‘discount_amount’ => $discount_amount,
‘transaction_currency’ => $transaction_currency,
‘items’ => $items,
‘shipping_cost’ => $shipping_cost,
‘shipping_fullname’ => $shipping_fullname,
‘shipping_address’ => $shipping_address,
‘shipping_phone’ => $shipping_phone,
‘shipping_city’ => $shipping_city,
‘shipping_state’ => $shipping_state,
‘shipping_country’ => $shipping_country,
‘shipping_zip’ => $shipping_zip,
‘shipping_method’ => $shipping_method,
‘billing_address’ => $billing_address,
‘billing_phone’ => $billing_phone,
‘billing_city’ => $billing_city,
‘billing_state’ => $billing_state,
‘billing_country’ => $billing_country,
‘billing_zip’ => $billing_zip,
‘merchant_name’ => $merchant_name,
‘merchant_category’ => $merchant_category,
‘merchant_id’ => $merchant_id,
‘merchant_country’ => $merchant_country,
) ); STATUS: This can have 4 values:
When user clicks on pay now button : attempt_succeeded, attempt_failed
After the payment is processed : transaction_succeeded, transaction_failed
as_request_string : This is the value that we receive from client side integration.The boldened part is optional but we encourage our customers to provide those information as well so we can keep information presentable and to get better results.
Response:
{
"status": "allow",
"severity": "low",
"risk_score": 10,
"shadow_mode": "0",
"device": {
"device_id": "NcM5iaeGTuMZVfE%2BiEnioQYXpaOQ%2FXy26UL2DKXDD3EalzBzObwEEaV7WW35MbkI8t6J3%2BsNx%2BTVPyI7v5bgcls3ZhN6kjGr4ktvOu5dmKtCyKxkG%2BfULXQPt4hdv2ktlXTWxRR0%2B3UsJ3ux5WDs98bJD1YHz432",
"name": "Chrome on Windows 10",
"ip": "45.252.74.134",
"location": "Pune, MH, IN"
},
"message": "Transaction Request successfully reached."
}Response will be in JSON format with following values:
a) status = allow, challenge, deny
Allow | Allow the transaction to proceed |
challenge | User has show some suspicious activities. You can let them now by sending an email about it, or asking them some queries to confirm it is them or giving some challenge |
deny | We are sure that this attempt is compromised, transaction has to be denied unless he verifies it physically or via email or phone number. |
b) severity = low, medium, high, critical (it will be empty when status is allow)
low | This is usually a safe one so can be ignored |
medium | This means some suspicious activities are shown |
high | This means some severe suspicious activities are shown over a period of time |
critical | This means its critical and user should be given a very tough challenge to verify |
c) device = Device’s information.
device_id = device’s unique identification id you can use this while calling device
name = device name in “Browser on OS” format, its to be used as it as for device name.
ip = IP address of visitor
location = Location string with city, state and country. To be used as it is for location.
5) Bot Attempt:
$res = $obj->isBot( as_request_string, USERID ); as_request_string : This is the value that we receive from client side integration.The boldened part is optional but we encourage our customers to provide those information as well so we can keep information presentable and to get better results.
USERID : This argument must have user’s unique identification id.
Response:
{
"status": "allow",
"severity": "low",
"risk_score": 10,
"shadow_mode": "0",
"device": {
"device_id": "NcM5iaeGTuMZVfE%2BiEnioQYXpaOQ%2FXy26UL2DKXDD3EalzBzObwEEaV7WW35MbkI8t6J3%2BsNx%2BTVPyI7v5bgcls3ZhN6kjGr4ktvOu5dmKtCyKxkG%2BfULXQPt4hdv2ktlXTWxRR0%2B3UsJ3ux5WDs98bJD1YHz432",
"name": "Chrome on Windows 10",
"ip": "45.252.74.134",
"location": "Pune, MH, IN"
},
"message": "Bot Request successfully reached."
}Response will be in JSON format with following values:
a) status = allow, challenge, deny
allow | Allow the user to access application |
challenge | User has show some suspicious activities. You can let them now by sending an email about it, or asking them some queries to confirm it is them or giving some challenge |
deny | We are sure that this user’s device is compromised. The user shouldn’t be allow to access application untill he verifies it physically or via email or phone number. |
b) severity = low, medium, high, critical (it will be empty when status is allow)
low | This is usually a safe one so can be ignored |
medium | This means some suspicious activities are shown |
high | This means some severe suspicious activities are shown over a period of time |
critical | This means its critical and user should be given a very tough challenge to verify |
c) device = Device’s information.
device_id = device’s unique identification id you can use this while calling device
name = device name in “Browser on OS” format, its to be used as it as for device name.
ip = IP address of visitor
location = Location string with city, state and country. To be used as it is for location.
If you’re not seeing a client library in a language you use, don’t hesitate to contact us at info@sensfrx.ai