Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

Risk Management Javascript web SDK

Web framework v1

search

Please Note:

Web framework v1

This section describes the legacy JavaScript framework (v1) for signal collection. New integrations should use Framework v2:

Framework V1 is still available for customers who are already using it.

Single-page applications

Framework V1 does not support single-page applications

Signal collection for a multi-page website

The risk assessment in Risk Management is based on the analysis of signals provided by the end user’s devices (browsers, handsets). The first integration step is to provide those signals to the Risk Management’s signal collector for each page, including a risk assessment.

Include the line below your HTML page:

<script src="<%= signalCollectorUrl %>/api/v1/tenants/<%= tenantId %>/scripts"></script>

When the web page is loaded, the browser requests the signal collection scripts from the Risk Management signal-collector.

The downloaded script includes the definition of a property called visitId. This is assigned by the Risk Management back end for this connection. The visitId is unique and identifies the signals collected during this visit to the page. The visitId is used later, to make calls to the Risk Management back end.

Note

The collected signals request takes a few milliseconds to reach the Risk Management back end and to be processed. As a result, a minimal delay of a few milliseconds should be respected before calling the Risk Management back end for a policy evaluation.

Visit identifier

To communicate with the Risk Management back end, you need to obtain a visitId value before using it in your code.

This value is embedded in the signal collection scripts that Risk Management returns. It is stored in a property called revisitid (Risk Engine Visit Id).

If you are using an HTML form to submit your data, simply include a hidden field with id="revisitid" in your form:

<input style=”display:none;” type="text" id="revisitid" name="revisitid"/>

The visitId is automatically populated in this field, and it comes with the other parameters of the form in your back end.

If you are using an Ajax call to authenticate, you can just use revisitid as a global variable in the page, and add it in your Ajax call as a new parameter.

Partner technologies: ThreatMetrix

The following steps are mandatory only if you are using the ThreatMetrix partner technology. Otherwise you can skip this section.

SSL Hosting

This feature is mandatory to use ThreatMetrix collecting scripts. There is nothing to integrate in your page. It is only certificate and DNS configuration.

Fill the related information in the onboarding form that your project leader should have provided to you.

Your project leader can guide you through the procedure, but the details are available in the ThreatMetrix knowledge base.

As a short description, here are the main steps that are required:

  1. Fill the onboarding form.

  2. Your project leader asks ThreatMetrix to generate a CSR with the filled information.

  3. Your project leader gives you the generated CSR, so that you can use it to ask your preferred Certificate Authority for a signed certificate.

  4. Return this signed certificate to your project leader, so that it can be set up in the ThreatMetrix back end.

  5. Your project leader then provides you with a domain name returned by ThreatMetrix, so that you can set up an entry in our DNS.

On this page