Server-side SDK

Edit Page New Page Revisions

Integrating Sensfrx on client application guarantees that you greatly lower chargebacks and safeguard your revenue by precisely identifying and blocking both new and established fraudsters with comparable tendencies. We can provide precise, real-time choices for both known and undiscovered types of fraud thanks to the Sensfrx Decision Engine, allowing businesses to develop and scale without the need for more resources. 

Server-end Integration of Sensfrx 

Prerequisites:  

  1. Must have prior expertise in API to ensure correct API integration. 

  2. Must handle data securely as the API transmits PII. 

  3. Must have a Sensfrx API Key. 

  4. Understanding of your registration, login and checkout flow. 

  5. Must provide the IPs to Sensfrx for whitelisting. 


There are two ways to perform integration on server-side code:  

  1. SDK: Software Development Kits (SDKs) ease the integration process. For more information on available SDKs, see the SDK page. 

  2. REST API: If you do not want to use SDKs, then you can choose the REST APIs which can be directly integrated on the server-side. Refer how to integrate Sensfrx using REST API. 

Add the below lines to instantiate the SDK:  

require_once("PATH TO SENSFRX PHP SDK/sensfrx-php-sdk/SensFRX/autoload.php");   
obj = new Sensfrx\Sensfrx([ 
   'property_id' => '1234567891234567',   
   'property_secret' => 'xxxxxxxxxxxxxxxx'   
   ]);

NOTE:  Instead of required_once, users can call the autoloader any other way they want. Users need to call it first before calling any APIs or functions. 

Click here to know how to generate property ID and secrete key.  


Available SDK Functions for API Requests

1) Login Attempt :   

 $res = $obj->loginAttempt( STATUS, USERID, as_request_string, array( 'email' => 'test@gmail.com', 'username' => $username,'phone'=>$phone,'password'=>$hashpassword ));

STATUS  : Specifies the status of the attempt. There are three statuses, login_succeeded, login_failed, and logout.  

USERID  : Specifies the user’s unique identification id.   

NOTE: If the event result is login_failed and the entered username/email does not exist, you can send an empty string here.  

as_request_string  : This is the value that we receive from client side integration. The boldened part is optional but we encourage users to provide that information as well so we can keep information presentable and get better results.

Email  : Specify the user’s email address.   

Username  : Specify the user’s name.  

phone : Specify the user’s phone.  

password  : Specify the user’s password hash.  

Response :

{
    "status": "allow",
    "severity": "low",
    "risk_score": 10,
    "shadow_mode": "0",
    "device": {
        "device_id": "NcM5iaeGTuMZVfE%2BiEnioQYXpaOQ%2FXy26UL2DKXDD3EalzBzObwEEaV7WW35MbkI8t6J3%2BsNx%2BTVPyI7v5bgcls3ZhN6kjGr4ktvOu5dmKtCyKxkG%2BfULXQPt4hdv2ktlXTWxRR0%2B3UsJ3ux5WDs98bJD1YHz432",
        "name": "Chrome on Windows 10",
        "ip": "45.252.74.134",
        "location": "Pune, MH, IN"
    },
    "message": "Login Request successfully reached."
}

The response will be in JSON format with the following values:  

a) status = allow, challenge, deny  

Allow  

Allows the users to login  

Challenge  

The user shows some suspicious activities. An alert will be sent through an email or asking them some queries to confirm if it is the user, or giving some challenge.  

Deny  

The user’s device is compromised, and the system has denied the user login. The user should not be allowed to login unless he verifies it physically or via email or phone number.  


b) severity = low, medium, high, critical   

The severity field will be empty when status is “allow.”  

low  

Indicates safe login and can be ignored  

medium  

Indicates some suspicious activities and details are shown  

high  

Indicates severe suspicious activities are shown over a period of time  

critical  

This means its critical and user should be given a very tough challenge to verify  


c) device = Device’s information.  

  1. device_id = device’s unique identification id you can use this while calling device 

  2. name = device name in “Browser on OS” format, its to be used as it as for device name.  

  3. ip = IP address of visitor  

  4. location = Location string with city, state and country. To be used as it is for location  


2) Register Attempt:  

$res = $obj->registerAttempt( STATUS, as_request_string, array('email'=>$email,'name'=>$name,'phone'=>$phone,'password'=>$hashpassword ) ); 

STATUS: This can have 2 values: register_succeeded,register_failed 

as_request_string : This is the value that we receive from client side integration.The boldened part is optional but we encourage our customers to provide those information as well so we can keep information presentable and to get better results.

Email  : Specify the user’s email address.   

name  : Specify the user’s name.  

phone : Specify the user’s phone.  

password : Specify the user’s password hash.  

Response: 

{
    "status": "allow",
    "severity": "low",
    "risk_score": 10,
    "shadow_mode": "0",
    "device": {
        "device_id": "NcM5iaeGTuMZVfE%2BiEnioQYXpaOQ%2FXy26UL2DKXDD3EalzBzObwEEaV7WW35MbkI8t6J3%2BsNx%2BTVPyI7v5bgcls3ZhN6kjGr4ktvOu5dmKtCyKxkG%2BfULXQPt4hdv2ktlXTWxRR0%2B3UsJ3ux5WDs98bJD1YHz432",
        "name": "Chrome on Windows 10",
        "ip": "45.252.74.134",
        "location": "Pune, MH, IN"
    },
    "message": "Register Request successfully reached."
}

Response will be in JSON format with following values: 

a) status = allow, challenge, deny  

allow  

Allow the user to Register

challenge  

User has show some suspicious activities. You can let them now by sending an email about it, or asking them some queries to confirm it is them or giving some challenge.

deny  

We are sure that this user’s device is compromised. The user shouldn’t be allow to register unless he verifies it physically or via email or phone number. 

  

b) severity = low, medium, high, critical (it will be empty when status is allow)  

low  

This is usually a safe one so can be ignored  

medium  

This means some suspicious activities are shown  

high  

This means some severe suspicious activities are shown over a period of time  

critical  

This means its critical and user should be given a very tough challenge to verify  


c) device = Device’s information.  

  1. device_id = device’s unique identification id you can use this while calling device 

  2. name = device name in “Browser on OS” format, its to be used as it as for device name.  

  3. ip = IP address of visitor  

  4. location = Location string with city, state and country. To be used as it is for location.  

3) Reset Password Attempt:  

$res = $obj->passwordResetAttempt ( STATUS, USERID, as_request_string, array( ’email’ => ‘test@gmail.com’, ‘username’ => $username ) ); 

STATUS: This can have 2 values: reset_password_succeeded, reset_password_failed 

USERID : This argument must have user’s unique identification id. . NOTE: In case the even is reset_password_failed and the entered username/email doesn’t exist you can send empty string here. 

as_request_string : This is the value that we receive from client side integration.The boldened part is optional but we encourage our customers to provide those information as well so we can keep information presentable and to get better results.

Email  : Specify the user’s email address.   

Username  : Specify the user’s name.  

Response: 

{
    "status": "allow",
    "severity": "low",
    "risk_score": 10,
    "shadow_mode": "0",
    "device": {
        "device_id": "NcM5iaeGTuMZVfE%2BiEnioQYXpaOQ%2FXy26UL2DKXDD3EalzBzObwEEaV7WW35MbkI8t6J3%2BsNx%2BTVPyI7v5bgcls3ZhN6kjGr4ktvOu5dmKtCyKxkG%2BfULXQPt4hdv2ktlXTWxRR0%2B3UsJ3ux5WDs98bJD1YHz432",
        "name": "Chrome on Windows 10",
        "ip": "45.252.74.134",
        "location": "Pune, MH, IN"
    },
    "message": "Password Reset Request successfully reached."
}

Response will be in JSON format with following values: 

a) status = allow, challenge, deny  

allow  

Allow the user to reset password

challenge  

User has show some suspicious activities. You can let them now by sending an email about it, or asking them some queries to confirm it is them or giving some challenge

deny  

We are sure that this user’s device is compromised. The user shouldn’t be allow to reset password unless he verifies it physically or via email or phone number. 

  

b) severity = low, medium, high, critical (it will be empty when status is allow)  

low  

This is usually a safe one so can be ignored  

medium  

This means some suspicious activities are shown  

high  

This means some severe suspicious activities are shown over a period of time  

critical  

This means its critical and user should be given a very tough challenge to verify  


c) device = Device’s information.  

  1. device_id = device’s unique identification id you can use this while calling device 

  2. name = device name in “Browser on OS” format, its to be used as it as for device name.  

  3. ip = IP address of visitor  

  4. location = Location string with city, state and country. To be used as it is for location.  

4) Transaction Attempt:  

$res = $obj->transactionAttempt( STATUS, as_request_string, 
array( ‘user_id’ => $user_id, 
’email’ => $email, 
‘username’ => $username,
‘first_name’ => $first_name,
‘last_name’ => $last_name,
‘phone_no’ => $phone_no,
‘transaction_id’ => $transaction_id,
‘invoice_id’ => $invoice_id,
‘affiliate_id’ => $affiliate_id,
‘affiliate_name’ => $affiliate_name,
‘transaction_type’ => $transaction_type,
‘payment_mode’ => $payment_mode,
‘payment_provider’ => $payment_provider,
‘card_type’ => $card_type,
‘card_fullname’ => $card_fullname,
‘card_bin’ => $card_bin,
‘card_expire’ => $card_expire,
‘card_last’ => $card_last,
‘cvv’ => $cvv,
‘transaction_amount’ => $transaction_amount,
‘tax_amount’ => $tax_amount,
‘discount_amount’ => $discount_amount,
‘transaction_currency’ => $transaction_currency,
‘items’ => $items,
‘shipping_cost’ => $shipping_cost,
‘shipping_fullname’ => $shipping_fullname,
‘shipping_address’ => $shipping_address,
‘shipping_phone’ => $shipping_phone,
‘shipping_city’ => $shipping_city,
‘shipping_state’ => $shipping_state,
‘shipping_country’ => $shipping_country,
‘shipping_zip’ => $shipping_zip,
‘shipping_method’ => $shipping_method,
‘billing_address’ => $billing_address,
‘billing_phone’ => $billing_phone,
‘billing_city’ => $billing_city,
‘billing_state’ => $billing_state,
‘billing_country’ => $billing_country,
‘billing_zip’ => $billing_zip,
‘merchant_name’ => $merchant_name,
‘merchant_category’ => $merchant_category,
‘merchant_id’ => $merchant_id,
‘merchant_country’ => $merchant_country,
 ) ); 

STATUS: This can have 4 values:

When user clicks on pay now button : attempt_succeeded, attempt_failed

After the payment is processed : transaction_succeeded, transaction_failed

as_request_string : This is the value that we receive from client side integration.The boldened part is optional but we encourage our customers to provide those information as well so we can keep information presentable and to get better results.

Response: 

{
    "status": "allow",
    "severity": "low",
    "risk_score": 10,
    "shadow_mode": "0",
    "device": {
        "device_id": "NcM5iaeGTuMZVfE%2BiEnioQYXpaOQ%2FXy26UL2DKXDD3EalzBzObwEEaV7WW35MbkI8t6J3%2BsNx%2BTVPyI7v5bgcls3ZhN6kjGr4ktvOu5dmKtCyKxkG%2BfULXQPt4hdv2ktlXTWxRR0%2B3UsJ3ux5WDs98bJD1YHz432",
        "name": "Chrome on Windows 10",
        "ip": "45.252.74.134",
        "location": "Pune, MH, IN"
    },
    "message": "Transaction Request successfully reached."
}

Response will be in JSON format with following values: 

a) status = allow, challenge, deny

Allow

Allow the transaction to proceed  

challenge  

User has show some suspicious activities. You can let them now by sending an email about it, or asking them some queries to confirm it is them or giving some challenge

deny  

We are sure that this attempt is compromised, transaction has to be denied unless he verifies it physically or via email or phone number. 

  

b) severity = low, medium, high, critical (it will be empty when status is allow)  

low  

This is usually a safe one so can be ignored  

medium  

This means some suspicious activities are shown  

high  

This means some severe suspicious activities are shown over a period of time  

critical  

This means its critical and user should be given a very tough challenge to verify  


c) device = Device’s information.  

  1. device_id = device’s unique identification id you can use this while calling device 

  2. name = device name in “Browser on OS” format, its to be used as it as for device name.  

  3. ip = IP address of visitor  

  4. location = Location string with city, state and country. To be used as it is for location.  

5) Bot Attempt:  

$res = $obj->isBot( as_request_string, USERID ); 

as_request_string : This is the value that we receive from client side integration.The boldened part is optional but we encourage our customers to provide those information as well so we can keep information presentable and to get better results.

USERID : This argument must have user’s unique identification id.

Response: 

{
    "status": "allow",
    "severity": "low",
    "risk_score": 10,
    "shadow_mode": "0",
    "device": {
        "device_id": "NcM5iaeGTuMZVfE%2BiEnioQYXpaOQ%2FXy26UL2DKXDD3EalzBzObwEEaV7WW35MbkI8t6J3%2BsNx%2BTVPyI7v5bgcls3ZhN6kjGr4ktvOu5dmKtCyKxkG%2BfULXQPt4hdv2ktlXTWxRR0%2B3UsJ3ux5WDs98bJD1YHz432",
        "name": "Chrome on Windows 10",
        "ip": "45.252.74.134",
        "location": "Pune, MH, IN"
    },
    "message": "Bot Request successfully reached."
}

Response will be in JSON format with following values: 

a) status = allow, challenge, deny  

allow  

Allow the user to access application

challenge  

User has show some suspicious activities. You can let them now by sending an email about it, or asking them some queries to confirm it is them or giving some challenge

deny  

We are sure that this user’s device is compromised. The user shouldn’t be allow to access application untill he verifies it physically or via email or phone number. 

  

b) severity = low, medium, high, critical (it will be empty when status is allow)  

low  

This is usually a safe one so can be ignored  

medium  

This means some suspicious activities are shown  

high  

This means some severe suspicious activities are shown over a period of time  

critical  

This means its critical and user should be given a very tough challenge to verify  


c) device = Device’s information.  

  1. device_id = device’s unique identification id you can use this while calling device 

  2. name = device name in “Browser on OS” format, its to be used as it as for device name.  

  3. ip = IP address of visitor  

  4. location = Location string with city, state and country. To be used as it is for location.


If you’re not seeing a client library in a language you use, don’t hesitate to contact us at info@sensfrx.ai 

Previous Page

Left

Next Page

Right

On this page