Edit

SDK Tutorial

1. Tracking and Verifying Logins

Securenative provides multiple event endpoints:

  • The synchronous verify endpoint that returns risk verdict
  • The asynchronous track endpoint that used to notify SecureNative about an event that occurred and gives the opportunity to learn user behavior

Tracking Successful User Logins

  • Track event sn.user.login to notify system about sucessfull user login

  • Send verify event sn.verify to get real-time low latency risk verdict

Example response:

The "action" provides a verdict whether you should allow, challenge or block this login attempt

{
    "action": "allow",
    "userId": "USER_ID",
}

Note: The user is created when you when either sn.user.login or sn.verify events are received

Tracking Failed Logins

If a user enters invalid credentials you need to track failed logins to allow SecureNative to analyze and detect possible targeted accounts, credential stuffing, and ATO brute force attack attempts.

Track event sn.user.login.failed to notify system about unsucessfull user login attempts

Note: Failed logins attempts might occur for non-existing accounts, in order to differentiate between existing/no-existing accounts track set userId to empty string

2. Tracking Users Devices

SecureNative identifies every device that is used to access a user account. SecureNative constantly learns user behavior and devices and devices types that user by the user to access his account. This allows us to block access from malicious devices without interrupting the user's experience on access from their normal devices.

SecureNative uses client token and User-Agent header to identify device capabilities and information that is used to access a user account, events that you send are recorded and evaluated with the risk associated with the device.

Note: Every device is identified with device fingerprinting and assigned a unique id that can be used later to access the device

3. Protecting In-App Events

Using SecureNative you can track and protect in-app events, you can identify and protect user account through user journey and link every action to the device that was used to perform the operation:

For example, before updating user account you can use verify event and send sn.user.profile.update to verify whether user legitimate to perform the operation

Last updated on 7/12/2020
SDK GuideNode.js