Server-side SDK
Integrating Sensfrx on client application guarantees that you greatly lower chargebacks and safeguard your revenue by precisely identifying and blocking both new and established fraudsters with comparable tendencies. We can provide precise, real-time choices for both known and undiscovered types of fraud thanks to the Sensfrx Decision Engine, allowing businesses to develop and scale without the need for more resources.Â
Server-end Integration of SensfrxÂ
Prerequisites:Â Â
Must have prior expertise in API to ensure correct API integration.Â
Must handle data securely as the API transmits PII.Â
Must have a Sensfrx API Key.Â
Understanding of your registration, login and checkout flow.Â
Must provide the IPs to Sensfrx for whitelisting.Â
There are two ways to perform integration on server-side code:Â Â
SDK: Software Development Kits (SDKs) ease the integration process. For more information on available SDKs, see the SDK page.Â
REST API: If you do not want to use SDKs, then you can choose the REST APIs which can be directly integrated on the server-side. Refer how to integrate Sensfrx using REST API.Â
Add the below lines to instantiate the SDK:Â Â
require_once("PATH TO SENSFRX PHP SDK/sensfrx-php-sdk/SensFRX/autoload.php");Â Â Â
obj = new Sensfrx\Sensfrx([Â
'property_id' => '1234567891234567',  Â
'property_secret' => 'xxxxxxxxxxxxxxxx'Â Â Â
]);
NOTE:Â Instead of required_once, users can call the autoloader any other way they want. Users need to call it first before calling any APIs or functions.Â
Click here to know how to generate property ID and secrete key. Â
Available SDK Functions for API Requests
1) Login Attempt :Â Â Â
 $res = $obj->loginAttempt( STATUS, USERID, as_request_string, array( 'email' => 'test@gmail.com', 'username' => $username,'phone'=>$phone,'password'=>$hashpassword ));
STATUS  : Specifies the status of the attempt. There are three statuses, login_succeeded, login_failed, and logout. Â
USERID  : Specifies the userâs unique identification id.  Â
NOTE: If the event result is login_failed and the entered username/email does not exist, you can send an empty string here. Â
as_request_string  : This is the value that we receive from client side integration. The boldened part is optional but we encourage users to provide that information as well so we can keep information presentable and get better results.
Email  : Specify the userâs email address.  Â
Username  : Specify the userâs name. Â
phone : Specify the userâs phone. Â
password  : Specify the userâs password hash. Â
Response :
{
"status": "allow",
"severity": "low",
"risk_score": 10,
"shadow_mode": "0",
"device": {
"device_id": "NcM5iaeGTuMZVfE%2BiEnioQYXpaOQ%2FXy26UL2DKXDD3EalzBzObwEEaV7WW35MbkI8t6J3%2BsNx%2BTVPyI7v5bgcls3ZhN6kjGr4ktvOu5dmKtCyKxkG%2BfULXQPt4hdv2ktlXTWxRR0%2B3UsJ3ux5WDs98bJD1YHz432",
"name": "Chrome on Windows 10",
"ip": "45.252.74.134",
"location": "Pune, MH, IN"
},
"message": "Login Request successfully reached."
}
The response will be in JSON format with the following values:Â Â
a) status = allow, challenge, deny Â
Allow  | Allows the users to login  |
Challenge  | The user shows some suspicious activities. An alert will be sent through an email or asking them some queries to confirm if it is the user, or giving some challenge.  |
Deny  | The userâs device is compromised, and the system has denied the user login. The user should not be allowed to login unless he verifies it physically or via email or phone number.  |
b) severity = low, medium, high, critical  Â
The severity field will be empty when status is âallow.â Â
low  | Indicates safe login and can be ignored  |
medium  | Indicates some suspicious activities and details are shown  |
high  | Indicates severe suspicious activities are shown over a period of time  |
critical  | This means its critical and user should be given a very tough challenge to verify  |
c) device = Deviceâs information. Â
device_id = deviceâs unique identification id you can use this while calling deviceÂ
name = device name in âBrowser on OSâ format, its to be used as it as for device name. Â
ip = IP address of visitor Â
location = Location string with city, state and country. To be used as it is for location Â
2) Register Attempt:Â Â
$res = $obj->registerAttempt( STATUS, as_request_string, array('email'=>$email,'name'=>$name,'phone'=>$phone,'password'=>$hashpassword ) );Â
STATUS: This can have 2 values: register_succeeded,register_failedÂ
as_request_string : This is the value that we receive from client side integration.The boldened part is optional but we encourage our customers to provide those information as well so we can keep information presentable and to get better results.
Email  : Specify the userâs email address.  Â
name  : Specify the userâs name. Â
phone : Specify the userâs phone. Â
password : Specify the userâs password hash. Â
Response:Â
{
"status": "allow",
"severity": "low",
"risk_score": 10,
"shadow_mode": "0",
"device": {
"device_id": "NcM5iaeGTuMZVfE%2BiEnioQYXpaOQ%2FXy26UL2DKXDD3EalzBzObwEEaV7WW35MbkI8t6J3%2BsNx%2BTVPyI7v5bgcls3ZhN6kjGr4ktvOu5dmKtCyKxkG%2BfULXQPt4hdv2ktlXTWxRR0%2B3UsJ3ux5WDs98bJD1YHz432",
"name": "Chrome on Windows 10",
"ip": "45.252.74.134",
"location": "Pune, MH, IN"
},
"message": "Register Request successfully reached."
}
Response will be in JSON format with following values:Â
a) status = allow, challenge, deny Â
allow  | Allow the user to Register |
challenge  | User has show some suspicious activities. You can let them now by sending an email about it, or asking them some queries to confirm it is them or giving some challenge. |
deny  | We are sure that this userâs device is compromised. The user shouldnât be allow to register unless he verifies it physically or via email or phone number. |
 Â
b) severity = low, medium, high, critical (it will be empty when status is allow)Â Â
low  | This is usually a safe one so can be ignored  |
medium  | This means some suspicious activities are shown  |
high  | This means some severe suspicious activities are shown over a period of time  |
critical  | This means its critical and user should be given a very tough challenge to verify  |
c) device = Deviceâs information. Â
device_id = deviceâs unique identification id you can use this while calling deviceÂ
name = device name in âBrowser on OSâ format, its to be used as it as for device name. Â
ip = IP address of visitor Â
location = Location string with city, state and country. To be used as it is for location. Â
3) Reset Password Attempt:Â Â
$res = $obj->passwordResetAttempt ( STATUS, USERID, as_request_string, array( âemailâ =>Â âtest@gmail.comâ, âusernameâ => $username ) );Â
STATUS: This can have 2 values: reset_password_succeeded, reset_password_failedÂ
USERID : This argument must have userâs unique identification id. . NOTE: In case the even is reset_password_failed and the entered username/email doesnât exist you can send empty string here.Â
as_request_string : This is the value that we receive from client side integration.The boldened part is optional but we encourage our customers to provide those information as well so we can keep information presentable and to get better results.
Email  : Specify the userâs email address.  Â
Username  : Specify the userâs name. Â
Response:Â
{
"status": "allow",
"severity": "low",
"risk_score": 10,
"shadow_mode": "0",
"device": {
"device_id": "NcM5iaeGTuMZVfE%2BiEnioQYXpaOQ%2FXy26UL2DKXDD3EalzBzObwEEaV7WW35MbkI8t6J3%2BsNx%2BTVPyI7v5bgcls3ZhN6kjGr4ktvOu5dmKtCyKxkG%2BfULXQPt4hdv2ktlXTWxRR0%2B3UsJ3ux5WDs98bJD1YHz432",
"name": "Chrome on Windows 10",
"ip": "45.252.74.134",
"location": "Pune, MH, IN"
},
"message": "Password Reset Request successfully reached."
}
Response will be in JSON format with following values:Â
a) status = allow, challenge, deny Â
allow  | Allow the user to reset password |
challenge  | User has show some suspicious activities. You can let them now by sending an email about it, or asking them some queries to confirm it is them or giving some challenge |
deny  | We are sure that this userâs device is compromised. The user shouldnât be allow to reset password unless he verifies it physically or via email or phone number. |
 Â
b) severity = low, medium, high, critical (it will be empty when status is allow)Â Â
low  | This is usually a safe one so can be ignored  |
medium  | This means some suspicious activities are shown  |
high  | This means some severe suspicious activities are shown over a period of time  |
critical  | This means its critical and user should be given a very tough challenge to verify  |
c) device = Deviceâs information. Â
device_id = deviceâs unique identification id you can use this while calling deviceÂ
name = device name in âBrowser on OSâ format, its to be used as it as for device name. Â
ip = IP address of visitor Â
location = Location string with city, state and country. To be used as it is for location. Â
4) Transaction Attempt:Â Â
$res = $obj->transactionAttempt( STATUS, as_request_string,
array( âuser_idâ => $user_id,
âemailâ =>Â $email,
âusernameâ => $username,
âfirst_nameâ => $first_name,
âlast_nameâ => $last_name,
âphone_noâ => $phone_no,
âtransaction_idâ => $transaction_id,
âinvoice_idâ => $invoice_id,
âaffiliate_idâ => $affiliate_id,
âaffiliate_nameâ => $affiliate_name,
âtransaction_typeâ => $transaction_type,
âpayment_modeâ => $payment_mode,
âpayment_providerâ => $payment_provider,
âcard_typeâ => $card_type,
âcard_fullnameâ => $card_fullname,
âcard_binâ => $card_bin,
âcard_expireâ => $card_expire,
âcard_lastâ => $card_last,
âcvvâ => $cvv,
âtransaction_amountâ => $transaction_amount,
âtax_amountâ => $tax_amount,
âdiscount_amountâ => $discount_amount,
âtransaction_currencyâ => $transaction_currency,
âitemsâ => $items,
âshipping_costâ => $shipping_cost,
âshipping_fullnameâ => $shipping_fullname,
âshipping_addressâ => $shipping_address,
âshipping_phoneâ => $shipping_phone,
âshipping_cityâ => $shipping_city,
âshipping_stateâ => $shipping_state,
âshipping_countryâ => $shipping_country,
âshipping_zipâ => $shipping_zip,
âshipping_methodâ => $shipping_method,
âbilling_addressâ => $billing_address,
âbilling_phoneâ => $billing_phone,
âbilling_cityâ => $billing_city,
âbilling_stateâ => $billing_state,
âbilling_countryâ => $billing_country,
âbilling_zipâ => $billing_zip,
âmerchant_nameâ => $merchant_name,
âmerchant_categoryâ => $merchant_category,
âmerchant_idâ => $merchant_id,
âmerchant_countryâ => $merchant_country,
) );Â
STATUS: This can have 4 values:
When user clicks on pay now button : attempt_succeeded, attempt_failed
After the payment is processed : transaction_succeeded, transaction_failed
as_request_string : This is the value that we receive from client side integration.The boldened part is optional but we encourage our customers to provide those information as well so we can keep information presentable and to get better results.
Response:Â
{
"status": "allow",
"severity": "low",
"risk_score": 10,
"shadow_mode": "0",
"device": {
"device_id": "NcM5iaeGTuMZVfE%2BiEnioQYXpaOQ%2FXy26UL2DKXDD3EalzBzObwEEaV7WW35MbkI8t6J3%2BsNx%2BTVPyI7v5bgcls3ZhN6kjGr4ktvOu5dmKtCyKxkG%2BfULXQPt4hdv2ktlXTWxRR0%2B3UsJ3ux5WDs98bJD1YHz432",
"name": "Chrome on Windows 10",
"ip": "45.252.74.134",
"location": "Pune, MH, IN"
},
"message": "Transaction Request successfully reached."
}
Response will be in JSON format with following values:Â
a) status = allow, challenge, deny
Allow | Allow the transaction to proceed  |
challenge  | User has show some suspicious activities. You can let them now by sending an email about it, or asking them some queries to confirm it is them or giving some challenge |
deny  | We are sure that this attempt is compromised, transaction has to be denied unless he verifies it physically or via email or phone number. |
 Â
b) severity = low, medium, high, critical (it will be empty when status is allow)Â Â
low  | This is usually a safe one so can be ignored  |
medium  | This means some suspicious activities are shown  |
high  | This means some severe suspicious activities are shown over a period of time  |
critical  | This means its critical and user should be given a very tough challenge to verify  |
c) device = Deviceâs information. Â
device_id = deviceâs unique identification id you can use this while calling deviceÂ
name = device name in âBrowser on OSâ format, its to be used as it as for device name. Â
ip = IP address of visitor Â
location = Location string with city, state and country. To be used as it is for location. Â
5) Bot Attempt:Â Â
$res = $obj->isBot( as_request_string, USERID );Â
as_request_string : This is the value that we receive from client side integration.The boldened part is optional but we encourage our customers to provide those information as well so we can keep information presentable and to get better results.
USERID : This argument must have userâs unique identification id.
Response:Â
{
"status": "allow",
"severity": "low",
"risk_score": 10,
"shadow_mode": "0",
"device": {
"device_id": "NcM5iaeGTuMZVfE%2BiEnioQYXpaOQ%2FXy26UL2DKXDD3EalzBzObwEEaV7WW35MbkI8t6J3%2BsNx%2BTVPyI7v5bgcls3ZhN6kjGr4ktvOu5dmKtCyKxkG%2BfULXQPt4hdv2ktlXTWxRR0%2B3UsJ3ux5WDs98bJD1YHz432",
"name": "Chrome on Windows 10",
"ip": "45.252.74.134",
"location": "Pune, MH, IN"
},
"message": "Bot Request successfully reached."
}
Response will be in JSON format with following values:Â
a) status = allow, challenge, deny Â
allow  | Allow the user to access application |
challenge  | User has show some suspicious activities. You can let them now by sending an email about it, or asking them some queries to confirm it is them or giving some challenge |
deny  | We are sure that this userâs device is compromised. The user shouldnât be allow to access application untill he verifies it physically or via email or phone number. |
 Â
b) severity = low, medium, high, critical (it will be empty when status is allow)Â Â
low  | This is usually a safe one so can be ignored  |
medium  | This means some suspicious activities are shown  |
high  | This means some severe suspicious activities are shown over a period of time  |
critical  | This means its critical and user should be given a very tough challenge to verify  |
c) device = Deviceâs information. Â
device_id = deviceâs unique identification id you can use this while calling deviceÂ
name = device name in âBrowser on OSâ format, its to be used as it as for device name. Â
ip = IP address of visitor Â
location = Location string with city, state and country. To be used as it is for location.
If youâre not seeing a client library in a language you use, donât hesitate to contact us at info@sensfrx.aiÂ