SDK Tutorial
1. Tracking and Verifying Logins
Securenative provides multiple event endpoints:
- The synchronous verify endpoint that returns risk verdict
- The asynchronous track endpoint that used to notify SecureNative about an event that occurred and gives the opportunity to learn user behavior
Tracking Successful User Logins
Track event sn.user.login to notify system about a successful user login
Send verify event sn.verify to get real-time low latency risk verdict
Example response:
The "action" provides a verdict whether you should allow, challenge or block this login attempt
{
"action": "allow",
"userId": "USER_ID",
}
Note: A user is created when sn.user.login or sn.verify events has received
Tracking Failed Logins
If a user enters invalid credentials you need to track failed logins to allow SecureNative to analyze and detect possible targeted accounts, credential stuffing, and ATO brute force attack attempts.
Track event sn.user.login.failed to notify system about unsuccessful user login attempts
Note: Failed logins attempts might occur for non-existing accounts, in order to differentiate between existing/no-existing accounts track set userId to "unknown" string
2. Tracking Users Devices
SecureNative identifies every device that is used to access a user account. SecureNative constantly learns user behavior and devices and devices types that user by the user to access his account. This allows us to block access from malicious devices without interrupting the user's experience on access from their normal devices.
SecureNative uses client token and User-Agent header to identify device capabilities and information that is used to access a user account, events that you send are recorded and evaluated with the risk associated with the device.
Note: Every device is identified with device fingerprinting and assigned a unique id that can be used later to access the device
3. Protecting In-App Events
Using SecureNative you can track and protect in-app events, you can identify and protect user account through user journey and link every action to the device that was used to perform the operation:
For example, before updating user account you can use verify event and send sn.user.profile.update to verify whether user legitimate to perform the operation