- Home
- All APIs
- Access Worldpay
- SCA Exemptions API
- Device Data Collection
- Device Data Collection
Note: This API is for preview purposes only and is subject to change.
Device Data Collection
When combined with order and transaction details, device data (IP Address, Device Id, Geolocation Information, etc.) can be a strong indicator for fraud or used via GeoIP lookup to create manual rules based on location. Utilizing device data with Access Exemptions is a two-step process. Step one is to collect the device data. Step two is to submit an
ThreatMetrix JS
ThreatMetrix JS library for web sites. It leverages the ThreatMetrix platform to detect fraud and security vulnerabilities originating from browsers in real-time.
Overview of implementation
Create a JavaScript file containing the "Threatmetrix JavaScript V4" data below. The name of the file should be anonymous, e.g asdfghjkl.js
Rename the function threatmetrix.profile (from the file asdfghjkl.js) to something anonymous, e.g. awddc.prfl
On the web page where device data collection will occur, place the following (or similar) in the head section
<script type="text/javascript" src="path/to/asdfghjkl.js"></script>Call the device profiling function (awddc.prfl) from the web page using the following (or similar)
<script type="text/javascript">awddc.prfl ("PROFILING_DOMAIN", "ORGANISATION_ID", sessionid);</script>
Note: See “Details Required” section below describing function parameters
Change the function name threatmetrix.profile to one of your own in the following:
var threatmetrix=threatmetrix||{};threatmetrix.version=4,threatmetrix.create_url=function(t,e,r,n,c){function i(){return Math.floor(2742745743359*Math.random())}function a(){return o(i())}function o(t){return(t+78364164096).toString(36)}var m=i(),u=i(),l=885187064159;u=((u=u-u%256+threatmetrix.version)+m)%2742745743359,l=(l+m)%2742745743359;var s="https://"+t+"/"+(m=a()+o(m))+e,h=[(u=o(l)+o(u))+"="+r,a()+a()+"="+n];return void 0!==c&&c.length>0&&h.push(a()+a()+"="+c),s+"?"+h.join("&")},threatmetrix.beacon=function(t,e,r,n){var c="turn:aa.online-metrix.net?transport=",i="1:"+e+":"+r,a={iceServers:[{urls:c+"tcp",username:i,credential:r},{urls:c+"udp",username:i,credential:r}]};try{var o=new RTCPeerConnection(a);o.createDataChannel(Math.random().toString());var m=function(){},u=function(t){o.setLocalDescription(t,m,m)};"undefined"==typeof Promise||o.createOffer.length>0?o.createOffer(u,m):o.createOffer().then(u,m),setInterval(function(){o.close()},1e4)}catch(t){}},threatmetrix.load_tags=function(t,e,r,n){threatmetrix.beacon(t,e,r,n);var c=document.getElementsByTagName("head").item(0),i=document.createElement("script");i.id="tmx_tags_js",i.setAttribute("type","text/javascript");var a=threatmetrix.create_url(t,".js",e,r,n);i.setAttribute("src",a),threatmetrix.set_csp_nonce(i),c.appendChild(i)},threatmetrix.csp_nonce=null,threatmetrix.register_csp_nonce=function(t){if(void 0!==t.currentScript&&null!==t.currentScript){var e=t.currentScript.getAttribute("nonce");null!=e&&""!==e?threatmetrix.csp_nonce=e:void 0!==t.currentScript.nonce&&null!==t.currentScript.nonce&&""!==t.currentScript.nonce&&(threatmetrix.csp_nonce=t.currentScript.nonce)}},threatmetrix.set_csp_nonce=function(t){null!==threatmetrix.csp_nonce&&(t.setAttribute("nonce",threatmetrix.csp_nonce),t.getAttribute("nonce")!==threatmetrix.csp_nonce&&(t.nonce=threatmetrix.csp_nonce))},threatmetrix.cleanup=function(){for(;null!==(hp_frame=document.getElementById("tdz_ifrm"));)hp_frame.parentElement.removeChild(hp_frame);for(;null!==(tmx_frame=document.getElementById("tmx_tags_iframe"));)tmx_frame.parentElement.removeChild(tmx_frame);for(;null!==(tmx_script=document.getElementById("tmx_tags_js"));)tmx_script.parentElement.removeChild(tmx_script)},threatmetrix.profile=function(t,e,r,n){void 0!==t&&void 0!==e&&void 0!==r&&8===e.length&&(threatmetrix.cleanup(),threatmetrix.register_csp_nonce(document),threatmetrix.load_tags(t,e,r,n))};Details required
To call the device data function you need the following details:
| Placeholder | Description |
|---|---|
ORGANISATION_ID |
|
PROFILING_DOMAIN |
|
sessionId | You must generate a unique value for the page view to represent that specific device data collection. Note: A valid sessionId is between 30 and 128 characters long and consists of only upper or lowercase English letters (a-z, A-Z), digits (0-9), hyphens (-) or underscores (_). To make an incorrect match unlikely we recommend a UUID. |
Example sessionId generation
You must submit the sessionId in the
function create_uuid() {
return 'xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx'.replace(/[xy]/g, function(c) {
var r = Math.random() * 16 | 0,
v = c == 'x' ? r : (r & 0x3 | 0x8);
return v.toString(16);
});function create_uuid() { return 'xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx'.replace(/[xy]/g, function(c) { var r = Math.random() * 16 | 0, v = c == 'x' ? r : (r & 0x3 | 0x8); return v.toString(16); });Call Threatmetrix function
...
var sessionid = create_uuid(); // function to create UUID
awddc.prfl ("PROFILING_DOMAIN", "ORGANISATION_ID", sessionid); // call Threatmetrix
...... var sessionid = create_uuid(); // function to create UUID awddc.prfl ("PROFILING_DOMAIN", "ORGANISATION_ID", sessionid); // call Threatmetrix ...Linking the device data with the assessment
When sending thedeviceData.collectionReference
Next steps
