Ireland Operators Fraud Preventation

📘

Note

This is for Ireland operators only. Refer to standard documentation for other operators.

Payment Page

Add the javascript to the head section of your MSISDN page and your pin/payment page

<script src="https://fd.sla-alacrity.com/d513e9e03227.js"></script>

You then need to retrieve a token that is associated with this visitor and checkout. You do this by calling Detector(ids, partner, service, evToken) once the page has loaded.

Our javascript will insert an HTML element with the id fraudDetectorIsLoaded so that you can check that everything has loaded before submitting your form. Once loaded our javascript will also add a hidden input to your form with the name token and the value equal to the returned token. This token will be used for loading the script on your second page, and later for checking the transaction.

📘

Note

After your first page has been submitted and MSISDN and Token obtained. Ensure you get a success response in our PIN API before continuing to load your PIN entry/Payment page with this script, otherwise the script will fail.

You will need to pass the Token you received from the script as fraud_token in both the PIN API and the Create API.

Below is a full example using vanilla javascript of initialising the Detector, adding a listener to your form, checking that fraudDetectorIsLoaded, and then submitting your form (with the hidden token field).

window.onload = function () {
    var ids = {
      form: 'purchase_form',
      confirm_button: 'form_submit_btn',
      cancel_button: 'form_cancel_btn'
    };
    var partner = 'partner:h7j9w4n8-97a4-4eb7-9ec1-4333131805cb';
    var service = 'campaign:2a73f22ed63c1f8e40925632b7n10w6fed611779';
    
    // Token retrived from msisdn page should be added here on PIN page
    var evToken = null

    const detector = new Detector(ids, partner, service, evToken);
    detector.setup();

    var form = document.getElementById(ids['form']);
    form.addEventListener("submit", function(e) {
      e.preventDefault();

      function fraudDetectorLoaded() {
        var loaded = document.getElementById('fraudDetectorIsLoaded');
        if (loaded && loaded.value === 'yes') {
          form.submit();
        } else if ('requestIdleCallback' in window) {
          requestIdleCallback(fraudDetectorLoaded);
        } else {
          setTimeout(fraudDetectorLoaded, 100);
        }
      }
      fraudDetectorLoaded();
    });
  }

Check Transaction API

📘

Note

This should only be called after the form on your second page has been submitted.

Once the user has submitted your pin/payment form you need to check the token with our Check Transaction API. This API will check the token and return whether the user/purchase is valid or not.

HTTP Request

POST /v1/check_transaction?token={token}

Sample Request

POST /v1/check_transaction?
token=2e056a61-18d0-41c7-93d1-94f07bf9cf0a
Host: fd.sla-alacrity.com
Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
Accept: application/json

curl -X POST \
https://fd.sla-alacrity.com/v1/check_transaction?token=2e056a61-18d0-41c7-93d1-94f07bf9cf0a \
--header 'Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ=='

Response

The response is returned as JSON and also uses HTTP status codes. When the status code is 200 the response will contain the key is_vaild which is a boolean and indicates whether or not the transaction is valid and the purchase should be allowed.

{
  "is_vaild": true
}

200

If a transaction is blocked for being suspicious is_valid will be false and there will be a reason returned.

{
  "is_valid": false,
  "reason": "BOT_ACTIVITY"
}

200

It's also possible to receive other errors via the HTTP status codes such as 400, 401, and 404. In this case there will be a JSON response returned in the body with the key message.

{
  "message": "auth error: invalid credentials"
}

401

Unless you receive a HTTP status of 200 and is_valid is true the purchase should not be allowed to continue.

Create API

The valid fraud token should be included in the create API call