Ireland Operators Fraud Preventation
Realtime fraud prevention API to detect suspicious activity
Note
This is for Ireland operators only. Refer to standard documentation for other operators.
Payment Page
Add the javascript to the head section of your MSISDN page and your pin/payment page
<script src="https://fd.sla-alacrity.com/d513e9e03227.js"></script>
You then need to retrieve a token that is associated with this visitor and checkout. You do this by calling Detector(ids, partner, service, evToken) once the page has loaded.
Parameter | Description | Example | Usage |
---|---|---|---|
ids | The HTML id's of your payment form, confirmation button, and cancel button | form: 'purchase_form' confirm_button: 'form_submit_btn' cancel_button: 'form_cancel_btn' | Required |
partner | Your Alacrity partner URI | partner:h7j9w4n8-97a4-4eb7-9ec1-4333131805cb | Required |
service | Your Alacrity service URI | campaign:2a73f22ed63c1f8e40925632b7n10w6fed611779 | Required |
evToken | The token value that was given when submitting your first page when capturing users MSISDN. | null or 3b0130c5-83ad-4b34-b719-66568726f2f3 | Required on PIN page only |
Our javascript will insert an HTML element with the id fraudDetectorIsLoaded so that you can check that everything has loaded before submitting your form. Once loaded our javascript will also add a hidden input to your form with the name token and the value equal to the returned token. This token will be used for loading the script on your second page, and later for checking the transaction.
Note
After your first page has been submitted and MSISDN and Token obtained. Ensure you get a success response in our PIN API before continuing to load your PIN entry/Payment page with this script, otherwise the script will fail.
You will need to pass the Token you received from the script as fraud_token in both the PIN API and the Create API.
Below is a full example using vanilla javascript of initialising the Detector, adding a listener to your form, checking that fraudDetectorIsLoaded, and then submitting your form (with the hidden token field).
window.onload = function () {
var ids = {
form: 'purchase_form',
confirm_button: 'form_submit_btn',
cancel_button: 'form_cancel_btn'
};
var partner = 'partner:h7j9w4n8-97a4-4eb7-9ec1-4333131805cb';
var service = 'campaign:2a73f22ed63c1f8e40925632b7n10w6fed611779';
// Token retrived from msisdn page should be added here on PIN page
var evToken = null
const detector = new Detector(ids, partner, service, evToken);
detector.setup();
var form = document.getElementById(ids['form']);
form.addEventListener("submit", function(e) {
e.preventDefault();
function fraudDetectorLoaded() {
var loaded = document.getElementById('fraudDetectorIsLoaded');
if (loaded && loaded.value === 'yes') {
form.submit();
} else if ('requestIdleCallback' in window) {
requestIdleCallback(fraudDetectorLoaded);
} else {
setTimeout(fraudDetectorLoaded, 100);
}
}
fraudDetectorLoaded();
});
}
Check Transaction API
Note
This should only be called after the form on your second page has been submitted.
Once the user has submitted your pin/payment form you need to check the token with our Check Transaction API. This API will check the token and return whether the user/purchase is valid or not.
HTTP Request
POST /v1/check_transaction?token={token}
Sample Request
POST /v1/check_transaction?
token=2e056a61-18d0-41c7-93d1-94f07bf9cf0a
Host: fd.sla-alacrity.com
Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
Accept: application/json
curl -X POST \
https://fd.sla-alacrity.com/v1/check_transaction?token=2e056a61-18d0-41c7-93d1-94f07bf9cf0a \
--header 'Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ=='
Parameter | Description | Example |
---|---|---|
token | This is the token that is added as a hidden input field on your payment form and is submitted along with your form with the parameter name token | 2e056a61-18d0-41c7-93d1-94f07bf9cf0a |
Response
The response is returned as JSON and also uses HTTP status codes. When the status code is 200 the response will contain the key is_vaild which is a boolean and indicates whether or not the transaction is valid and the purchase should be allowed.
{
"is_vaild": true
}
200
If a transaction is blocked for being suspicious is_valid will be false and there will be a reason returned.
{
"is_valid": false,
"reason": "BOT_ACTIVITY"
}
200
It's also possible to receive other errors via the HTTP status codes such as 400, 401, and 404. In this case there will be a JSON response returned in the body with the key message.
{
"message": "auth error: invalid credentials"
}
401
Unless you receive a HTTP status of 200 and is_valid is true the purchase should not be allowed to continue.
Create API
The valid fraud token should be included in the create API call
Updated 3 months ago