Custom API FraudHunt

Fraudhunt Custom API is used to receive information about your users in real time and store information about your users. Using an API allows you to choose an appropriate line of action for each and every user of your system as they enter your website. All you need to do is set up your server to call the API and get the response. Unlike the Fraudhunt Public API, the Custom API is set on a customer’s side, which allows a significant decrease in latency for big traffic volumes and enables a custom response configuration to meet the exact needs of every Custom API user. In addition, all information stays in the API for as long as you find necessary.

Custom API Flow

To enable access to our API send an email to info@fraudhunt.net from your registered email address.

API Integration

The API is hosted on the server of your choosing, preferrably as close to your website server as possible.

Minimum hardware requirements

CPU: DualCore

RAM: 4Gb

System: Linux CentOS

Server Settings

1. Install Redis.

2. Install Webdis .

3. Grant access to redis port 6379 from external IPs provided by FraudHunt.

Script integration

The script is to be integrated into the head tag of your page

<script async>  
src="https://dlqe6njq49pwj.cloudfront.net/fp/Scripts/ffp-aws.js" data-cid="yourcid">
</script>

The moment a user gets to a web page with our JavaScript it gathers all information about the device and generates a unique fingerprint key (FPkey) which is then sent to FraudHunt server, along with all information about the user, at the same time you can instruct your website to send the key to your server. To process the key the “Global Callback” and “FPkey handle” functions have to be initiated.

Global callback integration

The callback function fpiCb: grabs the key once it is generated by the script. The function is activated the moment a key appears in the script.

< script>
var fhcnt = 0;

  function send() {
    fhcnt++;
    var fpk = window.fppixel && fppixel.fpk;
    if (fpk) {
      handleFpKey(fpk);
    } else {
      __fpiGlobalVariables = {
        __fpiCb: handleFpKey
      }
      if (fhcnt <= 20) {
        setTimeout(send, 700);
      }
    }
    return fpk;
  }

  send();
</script>

FPkey handle function

The handle function writes the FPkey in upper case and creates the API call. It can also be used to save the key on your server, etc.

< script>
function handleFpKey(fpKey) {
var apiHost = '//yourserveraddress/';
urlArgs = '?fpkey=' + fpKey;
var xhr = new XMLHttpRequest();
xhr.open("GET", apiHost + 'GET/' + 'yourcid'+ fpKey.toUpperCase(), true);
</script>

API call and response

The completed API call has the following format: http://yourserveraddress/GET/11111111BBBW507B2B6F83A88E5EC4BD0B9F37F7?type=json where 111111111 is the example of a datacid value. The API returns data in the json format and contains following information:


{
"fingerprintKey":
"httpInfo":
"refererUrl": 
"originUrl": 
"publicIp": 
"location": 
"user Agent":
"language":
"timezone":
"cookies":
"plugins":
"browser":
"broswerVersion":
"OS":
"deviceModel":
"screenInfo":
"triggers": true or false on chosen triggers
"fraudScore":
}

Upon the receipt of the API response, you can set up a number of possible scenarios like block or redirect users with a certain score, etc. You can find an example of the Public API query with an API response demonstration on the page here. Unlike Public API, the Custom API allows a versatile, complex approach to your traffic. You can initiate checks, blocks or other authentication models for any parameters you find disturbing about your traffic. Custom API serves great for analyzing big traffic volumes and for Account Fraud Prevention efforts.

Documentation Integrations