Web SDK
This SDK has the capabilities related to device intelligence and behavioural biometrics
This is compatible with all front-end browser frameworks with JS and HTML. The common ones include - JS, React, Vue, Flutter, and Angular.
Integration Steps
Include the following script in your HTML page.
<script src="https://fingerprint.app.stg.bureau.id/index.js"></script>
<script src="https://fingerprint.app.bureau.id/index.js"></script>
Flow Diagram
/The diagram is a typical implementation of our browser SDK.
sessionIDanduserIdis made available to your front-end application (preferable from the backend where required).- Call the
BureauAPI.getBureauApiInstance()function with the parameters ( need to call this initiate inonCreate()of application class)- sessionId - MANDATORY
- clientId - MANDATORY
- environment - MANDATORY - default is production
- If you want to collect behavioral signals, then do the following-
- Call
startSubSessionto commence the collection of raw behavioral data points - Call
stopSubSessionto end the collection of raw behavioral data points - Ideally, a typical flow would start collecting after the launch of the application and stop collecting after the login or sign-in button is pressed when the user enters the username and password
- Call
- Call the setters functions for the below mandatory parameters
- UserID -
setUserId- meant to be unique to a user e.g. hashed value of a PAN number or SSN or hash of mobile number
- UserID -
- Finally, call the submit function to send the device and behavioral data points for processing
- Call
submitfunction
- Call
- A callback is received in the SDK upon successful submission of the parameters. The next steps can be taken based on the callback (success/failure)
- After receiving a successful callback, invoke the Bureau's backend API
/v2/services/behavioural-device-insightsto fetch the results of behavioral and device intelligence results such as device fingerprint ID, user similarity score, bot score and so on
Step 1: Initializing an SDK instance
Inside your JavaScript code, initialize SDK with the Session ID, Client ID, User ID, and Environment once the page is loaded. This initializes the data-capturing functionality and collects browser data such as the device's IP address, browser, and operating system.
Example:
window._Fingerprint.init({
sessionId:'f3199e64-cce9-47a2-a79c-67d55314',
clientId:'3e912115-7890-4238-a123-ab4bb6d82975',
userId:'7a68c98e-feb5-4dc0-b9ff-85b469ba97b5',
environment:'SANDBOX'
})
window._Fingerprint.init({
sessionId:'f3199e64-cce9-47a2-a79c-67d55314',
clientId:'3e912115-7890-4238-a123-ab4bb6d82975',
userId:'7a68c98e-feb5-4dc0-b9ff-85b469ba97b5',
environment:'PRODUCTION'
});
Step 2: Initializing behavioral data collection
Start Session
After the SDK initialization, this starts collecting the user behavioral data like keystroke data, click data, motion data, and sensor data. Using these data points, the user similarity behavior, behavioral anomaly score, and bot prediction score are calculated. To train the model on each user, six sessions are needed.
Example:
window._Fingerprint.startSession();
window._Fingerprint.startSession();
Stop Session
This stops collecting the behavioral data.
Example:
window._Fingerprint.stopSession();
window._Fingerprint.stopSession();
Note: Ideal Flow is to start collecting after the launch of the application and stop collecting after the login or sign-in button is pressed.
Step 3: Submitting an SDK
This submits the collected data to the Bureau. Invoke this method at the end of your page.
window._Fingerprint.onSubmit((response)=>{
//do something
});
Step 4: Invoke API for Insights
To access insights from users and devices, including device fingerprint, and risk signals, integrating with Bureau's backend API for Device Intelligence insights.
Sample Request and Response
Below is a sample request and response for our Device Intelligence API. Refer to our Behavior Biometrics API documentation for more details.
Contact our support team at [email protected] to get your API keys and the production endpoint for the API.
curl --location --request POST 'https://api.sandbox.bureau.id/v1/suppliers/device-fingerprint' \
--header 'Authorization: Basic MzNiNxxxx2ItZGU2M==' \
--header 'Content-Type: application/json' \
--data-raw '{
"sessionKey": "697bb2d6-1111-1111-1111-548d6a809360"
}'
{
"GPSLocation": {
"city": "",
"country": "",
"latitude": 0,
"longitude": 0,
"region": ""
},
"IP": "106.51.82.180",
"IPLocation": {
"city": "Bengaluru",
"country": "India",
"latitude": 12.976229667663574,
"longitude": 77.60328674316406,
"region": "Karnataka"
},
"IPSecurity": {
"VPN": false,
"isCrawler": false,
"isProxy": false,
"isTor": false,
"threatLevel": "LOW"
},
"IPType": "v4",
"OS": "ios",
"accessibilityEnabled": false,
"adbEnabled": false,
"behaviouralFeatures": {
"autofillActivity": "LOW",
"backgroundAppPushActivity": "LOW",
"copyPasteActivity": "LOW",
"fieldFocusActivity": "LOW",
"sessionDurationInMS": 596908510,
"swipeActivityDetected": false
},
"behaviouralRiskLevel": "MEDIUM",
"behaviouralRiskScore": 26.79,
"botDetectionScore": 0,
"confidenceScore": 20,
"createdAt": 1712648006459,
"debuggable": true,
"developerMode": false,
"deviceRiskLevel": "VERY_HIGH",
"deviceRiskScore": 81.51,
"emulator": false,
"factoryResetRisk": "LOW",
"factoryResetTime": null,
"fingerprint": "68055d2e-4811-45db-a298-cb4ff17eb2c8",
"firstSeenDays": 12,
"googlePlayStoreInstall": false,
"isAppCloned": true,
"isAppTampered": null,
"isDebuggingEnabled": null,
"isOEMUnlockAllowed": null,
"isSimPresent": null,
"isTrainingSession": false,
"merchantId": "auth0|623980a33d162b006930a877",
"mitmAttackDetected": false,
"mockgps": false,
"model": "SM-M326B",
"networkInformation": {
"ipType": "HOME",
"isp": "Atria Convergence Technologies Pvt. Ltd."
},
"package": "id.bureau.deviceintelligence",
"remoteDesktop": false,
"requestId": "0a55480c-faf0-44a7-a9e3-fe3353e34214",
"riskCauses": [
"DEBUGGER",
"IS_APP_CLONED"
],
"riskLevel": "VERY_HIGH",
"riskScore": 65.094,
"rooted": false,
"sessionId": "f70a2b7d-dd75-4075-9ba1-ee4ee2e20b5a",
"statusCode": 200,
"timestamp": 1713427163350,
"totalUniqueUserId": 3,
"userId": "sriram",
"userSimilarityScore": 23.924109706617298,
"voiceCallDetected": false
}
Note
Ensure the Init and Submit methods are called before invoking this.
Sample integration code for login page use case
For SANDBOX:
Note: The HTML page should have basic HTML semantics with a body tag.
<html lang="en">
<head>
<meta charset="utf-8" />
</head>
<body>
<h2>Login</h2>
<form id="loginForm">
<div>
<label for="username">Username:</label>
<input type="text" id="username" required>
</div>
<div>
<label for="password">Password:</label>
<input type="password" id="password" required>
</div>
<button type="submit">Submit</button>
</form>
</body>
<script src="https://fingerprint.app.stg.bureau.id/index.js"></script>
window._Fingerprint.init({
// SDk initialization
sessionId:'f3199e64-cce9-47a2-a79c-67d55314',
clientId:'3e3344115-7890-4238-a123-ab4bb6d',
userId:'7a68c98e-feb5-4dc0-b9ff-85b4695',
environment:'SANDBOX'
});
window._Fingerprint.startSession();
//Start collecting behavioural data
document.getElementById('loginForm').addEventListener('submit', function(event) {
event.preventDefault();
window._Fingerprint.stopSession();
//Stop collecting behavioural data
window._Fingerprint.onSubmit((res)=>{
// SDK submit call
//Make GET call to get session insights
});
});
Additional information
init
- This method integrates the SDK with an object that has an environment, session ID, and client ID.
- We recommend initializing the SDK at the root of your website, but it can be placed anywhere depending on your use case.
Example:
window._Fingerprint.init({
sessionId:'f3199e64-cce9-47a2-a79c-67d55314',
clientId:'3e912115-7890-4238-a123-ab4bb6d82975',
userId :'7a68c98e-feb5-4dc0-b9ff-85b469ba97b5',
environment:'SANDBOX'
});
window._Fingerprint.init({
sessionId:'f3199e64-cce9-47a2-a79c-67d55314',
clientId:'3e912115-7890-4238-a123-ab4bb6d82975',
userId :'7a68c98e-feb5-4dc0-b9ff-85b469ba97b5',
environment:'PRODUCTION'
});
Parameters
sessionId
String Required
Session ID for the page. Make sure that for each init call, the sessionId must be unique. In case of duplicate sessionId, a 409 will be thrown during the submit call.
clientId
String Required
To identify the client. This will be shared with you from the Bureau. This will be a static key.
userId
String Optional
To identify the user. This can be set later using setUserId API.
environment
String Required
Run the SDK in SANDBOX or PRODUCTION mode.
Return value
Null
submit
- Invoking this function will call the Bureau's SDK POST endpoint, passing the details captured after the init() function to generate a fingerprint.
- Call this method at the end of your page.
- Examples:
- After Sign in/Sign up
- After the address change confirmation
- Nominee change confirmation
- Email/password change confirmation
- After payment / pre-payment initiation
Example:
window._Fingerprint.onSubmit((response)=>{
//do something
});
Parameters
callback
Function Optional
You will get a callback on successful submission if a callback function is provided.
Example:
function callback(response){
if(response.status === 200){
console.log("Submit is successful")
}else{
console.log("Submit is not successful")
}
}
window._Fingerprint.onSubmit(callback);
setuserid
You can also set the user ID later using the following API. Note: This should be called before 'submit API' call.
window._Fingerprint.setUserId('Merchant_ABC');
Invoke API for insights
To access insights from users and devices, including device fingerprint, and risk signals, integrating with Bureau's backend API for Device Intelligence insights.
Sample Request and Response
Below is a sample request and response for our Device Intelligence API. Refer to our Behavior Biometrics API documentation for more details.
Contact our support team at [email protected] to get your API keys and the production endpoint for the API.
Note
To access insights about users, devices, browser fingerprints, and risk signals, ensure the
initandsubmitmethods are called before invoking calling the Insights API.
curl --location 'https://api.sandbox.bureau.id/v1/suppliers/device-fingerprint' \
--header 'Content-Type: application/json' \
--header 'Authorization: Basic MW==' \
--data '{
"sessionId": "f3199e64-cce9-47a2-a79c-67d55314"
}'
{
"sessionId": "0be8c4ab-1185-4b50-90ce-c5d3c3c2743a",
"userId": "",
"fingerprint": "b1630855-f27b-4ab7-ba96-bc822db36284",
"networkInformation": {
"isp": "Bharat Sanchar Nigam Limited",
"ipType": "HOME",
},
"GPSLocation": {
"city": "",
"country": "",
"latitude": 0,
"longitude": 0,
"region": ""
},
"IPLocation": {
"city": "Uttukkuli",
"country": "India",
"latitude": 11.16667,
"longitude": 77.433327,
"region": "Tamil Nadu"
},
"IPSecurity": {
"isCrawler": false,
"isProxy": false,
"isTor": false,
"VPN": false,
"threatLevel": "LOW"
},
"totalUniqueUserId": 1,
"firstSeenDays": 6,
"createdAt": 1695294348960,
"os": "",
"riskLevel": "MEDIUM",
"riskScore": 26.29,
"platform": "web",
"fingerprintConfidenceScore": "87",
"ip": "117.193.212.120",
"trueUserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36",
"userAgentSpoof": false,
"incognitoDetected": false,
"adBlockerDetected": false,
"botDetectionScore": 100,
"userSimilarityScore": 76.23,
"behaviouralAnomalyscore": 12.2,
"behaviouralFeatures": {
"copyPasteActivity": "LOW",
"autofillActivity": "LOW",
"swipeActivityDetected": false,
"contextSwitchActivity": true,
"fieldFocusActivity": "LOW",
"sessionDurationInMS": 636
},
"detectCanvasSpoof": false,
"anonymisationAttempted": true,
"anonymisationAttemptedReasons": ["webgl spoof", "canvas spoof", "font manipulation"]
}
Error Codes
The table below lists a few error codes returned by Bureau's SDKs.
| HTTP Error Code | Description | Possible Cause | Recommended Action |
|---|---|---|---|
| 420 | HTTP exception | Indicates a server-side issue. This can include errors such as: - Rate limiting, server overload, or application error - Firewall or network restrictions - Server-side scripting errors - Third-party services | - Check your server logs to help identify the cause. - Implement rate limiting or load balancing if necessary. - Check firewall rules and network settings to ensure they are not interfering with the connection. - Inspect server logs for any specific error messages or warnings. - Contact the service provider for assistance or look for alternative solutions. |
| 421 | Network error | - Too many connections from a single IP address - DNS resolution issues - Load balancer issues - Client-side issues (browser extensions, network configurations) | - Reduce the number of simultaneous connections. Consider using a load balancer. - Try flushing your DNS cache or using a different DNS server. - Check the load balancer's status and logs for any problems. - Try disabling extensions or using a different network connection. |
| 432 | A general, unexpected exception or error occurred. | Various reasons such as: - Programming errors - Unexpected input - System failures | 1. Review the code for potential errors or logic issues. 2. Check if the input data is valid and meets the expected format. 3. If the error persists, check our SDK documentation or our contact Support Team. |
| 433 | The required session ID is missing or empty. | The session ID was not provided or was not passed correctly. | 1. Ensure that the session ID is included in the API request and is not empty. 2. Refer to the API documentation for the correct format and usage of the session ID. |
| 434 | The eaIV or eaKey is empty. These are essential for decrypting encrypted data. | The required encryption parameters, eaIV (Initialization Vector) and eaKey (Encryption Key) are missing or invalid. | - Verify that the eaIV and eaKey are provided and correct. - Ensure they are generated using a secure method and are not compromised. |
Updated 1 day ago