Fraud API
SEON's proprietary API combines our email, phone number, IP, and AML APIs with device fingerprinting so that you can request and receive our enriched data, rules, and scoring in a single API call.
Good to know
- The API is fully modular, meaning you can choose to enable or disable each sub-APIs (Email, Phone, IP, or AML) or the device fingerprinting tool. Use the
configobject to enable or disable modules. - You can use the
custom_fieldsobject to send almost any custom data point to SEON. Your team can also use custom fields in rules to create a completely custom ruleset. - All SEON API requests are case-sensitive. Please follow the formatting below to avoid errors.
For more context on how to begin your API integration check the Introduction section or our Integration Guide.
Request
Request Attributes | Type | Required | |
|---|---|---|---|
config | object | no |  |
action_type | string | no | |
ip | string | no | |
transaction_id | string | no | |
affiliate_id | string | no | |
affiliate_name | string | no | |
order_memo | string | no | |
| string | no | | |
email_domain | string | no | |
payment_id | string | no | |
password_hash | string | no | |
user_fullname | string | no | |
user_name | string | no | |
user_firstname | string | no | |
user_middlename | string | no | |
user_lastname | string | no | |
user_pob | string | no | |
user_photoid_number | string | no | |
user_id | string | no | |
user_created | integer | no | |
user_category | string | no | |
user_account_status | string | no | |
user_bank_account | string | no | |
user_bank_name | string | no | |
user_balance | float | no | |
user_verification_level | string | no | |
user_dob | date | no | |
user_country | string | no | |
user_city | string | no | |
user_region | string | no | |
user_zip | string | no | |
user_street | string | no | |
user_street2 | string | no | |
session_id | string | no | |
session | string | no | |
device_id | string | no | |
payment_mode | string | no | |
payment_provider | string | no | |
card_fullname | string | no | |
card_bin | string | no | |
card_hash | string | no | |
card_expire | date | no | |
card_last | string | no | |
avs_result | string | no | |
cvv_result | boolean | no | |
status_3d | string | no | |
sca_method | string | no | |
phone_number | string | no | |
transaction_type | string | no | |
transaction_amount | float | no | |
transaction_currency | string | no | |
items | array of objects | no | |
shipping_country | string | no | |
shipping_city | string | no | |
shipping_region | string | no | |
shipping_zip | string | no | |
shipping_street | string | no | |
shipping_street2 | string | no | |
shipping_phone | string | no | |
shipping_fullname | string | no | |
shipping_method | string | no | |
billing_country | string | no | |
billing_city | string | no | |
billing_region | string | no | |
billing_zip | string | no | |
billing_street | string | no | |
billing_street2 | string | no | |
billing_phone | string | no | |
discount_code | string | no | |
gift | boolean | no | |
gift_message | boolean | no | |
merchant_category | string | no | |
merchant_id | string | no | |
merchant_created_at | integer | no | |
merchant_country | string | no | |
receiver_fullname | string | no | |
receiver_bank_account | string | no | |
details_url | string | no | |
regulation | string | no | |
bonus_campaign_id | string | no | |
brand_id | string | no | |
custom_fields | object | no | |
HTTP Endpoint
Response
The endpoint returns JSON structured response.
JSON Attributes | Type | |
|---|---|---|
id | string | |
state | string | |
fraud_score | number | |
blackbox_score | number | |
ip_details | object | |
email_details | object | |
bin_details | object | |
phone_details | object | |
aml_details | object | |
version | string | |
applied_rules | array of object | |
device_details | object | |
geolocation_details | object | |
calculation_time | integer | |
seon_id | integer | |
rule_category_details | array of object | |
Response
JavaScript Agent v6
You can integrate our device fingerprinting module directly into a web app, by using our JavaScript agent. Please, use our CDN hosted script to ensure you always load the latest available version.
- Include the JavaScript Agent for example inside the
<head>tags of your website or web app. You can also lazy-load it or execute it upon specific actions (e.g. clicking on Login, Payment, and Registration buttons, before calling the API). In this case, you must ensure that the module has been loaded successfully before invoking its methods. - Call the
seon.init()function on page load to get more data points for bot detection, behavioral analysis and more accurate intelligence signals. - Call the
seon.getSession(config)function to generate the encrypted device intelligence session. - Send the returned session payload string to your backend and add to the
sessionproperty in your Fraud API request. The Fraud API call should be still executed if thesessionis missing, due to a non-executed JS snippet. Tip: Add timeout to JS and utilize Fraud API call after.
All the device fingerprinting data will be available in the response of the Fraud API, and accessible on the Admin Panel of the Transactions Details page.
Configuration parameters
To configure the JavaScript module, you need to create a config object and call the seon.getSession(config) function
JSON Attributes | Required | |
|---|---|---|
geolocation | no | |
behavioralDataCollection | no | |
networkTimeoutMs | no | |
dnsResolverDomain | no | |
silentMode | no | |
referrer | no | |
windowLocation | no | |
region | no | |
fieldTimeoutMs | no | |
throwOn | no | |
Integration
Device Intelligence signals can be triggered by the seon.Session() function. After collecting all the available information, the function returns an encrypted base64 encoded payload. If you would like to use your custom configuration, please include the config object in the function.
Without using the seon.init() on page load you will still receive valid device intelligence signals with most of the functions but it will not contain the behavioral signals. Additionally, the bot detection and browser hash may be less precise.
Behavioral features
Calling the seon.init() method will enable behavioral analysis. The user behavior collection is started on the seon.init() call and ends when seon.getSession() is called (behavioral data will be automatically included in the generated session string). Thus the recommended integration pattern is calling init on the form load, and calling getSession on form submit to analyze user behavior during a form fillout. Suspicious behavior is flagged in the suspicious_flags response field, which can contain the following values:
suspicious_keypress_characteristicssuspicious_mouse_movementsuspicious_form_filloutpaste_usedautofill_usedpotential_remote_interactionpotential_remote_control
By default, user interaction is analyzed on the whole page. If you want to target specific input fields or forms for behavior analysis, you can customize it using the behavioralDataCollection init configuration option:
The targeted elements MUST exist at the time of the init call. Elements that match the selector, but added to the DOM after the init call will NOT be part of the evaluation.
To disable behavioral data collection by the SDK altogether, you must specify an empty string for the targets option:
Payload
SEON JavaScript library collects device information and prepares an encrypted payload to use in Fraud API. The information on client side is not readable, we’ll reveal in the Fraud API response and on the Admin Panel. Some fields can be null, if the actual browser does not support or return data for that specific data point. In every other case, data types are preserved. Find a sample payload on the right side.
Common issues
- The
sessionis provided in the Fraud API request, but thedevice_detailsisnullin the response and there is no device information on the Transaction details page. This means the encrypted payload is corrupted. Please look into your integration and check again. - If you use CSP (Content Security Policy) headers on your site, you must allow the following domains in
connect-srcdirective for full functionality based on your host configuration.
Default:*.seondnsresolve.com
seondf.com:*.seondfresolver.com
deviceinf.com:*.deviceinfresolver.com
seonintelligence.com:*.seonintelligence.com
Response
JSON Attributes | Type | |
|---|---|---|
os | string | |
vpn | boolean | |
type | string | |
proxy | boolean | |
webgl | object | |
dns_ip | string | |
locale | string | |
source | string | |
adblock | boolean | |
battery | object | |
browser | string | |
plugins | object | |
private | boolean | |
platform | string | |
referrer | string | |
timezone | string | |
device_ip | string | |
font_hash | string | |
font_list | array | |
has_focus | boolean | |
languages | array | |
math_hash | string | |
audio_hash | string | |
dns_ip_isp | string | |
extensions | array | |
font_count | integer | |
font_noise | boolean | |
session_id | string | |
user_agent | string | |
webrtc_ips | array | |
canvas_hash | string | |
cookie_hash | string | |
device_hash | string | |
device_type | string | |
mouse_moved | boolean | |
permissions | object | |
price_range | string | |
screen_data | object | |
browser_hash | string | |
do_not_track | boolean | |
java_enabled | boolean | |
webrtc_count | integer | |
device_ip_isp | string | |
device_memory | integer | |
dns_ip_region | string | |
flash_enabled | boolean | |
media_devices | object | |
spoofing_hash | string | |
touch_support | boolean | |
cookie_enabled | boolean | |
dns_ip_country | string | |
mobile_details | array | |
browser_version | string | |
device_location | object | |
drm_key_systems | array | |
mime_types_hash | string | |
timezone_offset | string | |
user_agent_data | object | |
window_location | string | |
device_ip_region | string | |
max_touch_points | integer | |
suspicious_flags | array | |
timezone_country | string | |
webrtc_activated | boolean | |
device_ip_country | string | |
system_colors_hash | string | |
browser_version_age | integer | |
hardware_concurrency | integer | |
keyboard_layout_hash | string | |
keyboard_layout_name | string | |
unpopular_user_agent | boolean | |
unpopular_device_resolution | boolean | |
<html>
<head>
...
<script src="[source_url]"></script>
</head>
<body>
...
</body>
</html>
You can use the following script source URLs ([source_url]):
- https://cdn.seondf.com/js/v6/agent.umd.js
- https://cdn.deviceinf.com/js/v6/agent.umd.js
- https://cdn.seonintelligence.com/js/v6/agent.umd.js
// On page load:
seon.init();
const config = {
geolocation: {
canPrompt: false,
},
networkTimeoutMs: 2000,
fieldTimeoutMs: 2000,
region: 'eu',
silentMode: true,
};
const session = await seon.getSession(config);
// 'session' variable holds the encrypted device fingerprint that should be sent to SEON
// On load
seon.init({
behavioralDataCollection: {
targets: 'input[type="text"], .behavior', // querySelector string
formFilloutDurationTargetId: "myForm", // select form with id 'myForm'
}
});
// On form submit
await seon.getSession();
// Disabling behavioral analysis
seon.init({
behavioralDataCollection: {
targets: '', // pass an emtpy string for targets
}
});Response
iOS SDK
You can integrate our device fingerprinting module directly into iOS mobile apps, by using our SDK found on GitHub. It will collect information based on the user’s software and hardware configuration.
- The SDK returns an encrypted, base64 encoded string to add in the
sessionproperty in the Fraud API request. It isn’t permitted to access or modify the payload on the clients. - JSON structured device details will be returned in the Fraud API response.
- Latest version available:
5.5.1Details on previous versions here.
Behaviour Monitoring (Optional)
behaviour Monitoring allows the SEON SDK to be able to detect potentially suspicious user behaviour on the device. The SDK collects data during the session, which is then analyzed to identify potentially fraudulent environments and actions. This feature enhances the SDK’s ability to prevent fraud by detecting various forms of automated or suspicious activity, such as bot usage or device farms.
The monitoring should be started with calling startBehaviourMonitoring wherever you would like to detect suspicious activity in your application and should be stopped with stopBehaviourMonitoring whenever it's reasonable. The returned session string should be then used in a Fraud API request as usual.
Possible suspicious_flags values:
"possible_automation": Suggests that automation tools or scripts may be controlling the device."possible_device_farm": Suggests that the device might be part of a device farm used for fraudulent activities."possible_vishing": Flags possible vishing (voice phishing) activity, where the user might be coerced into providing sensitive information.
To be continuously improved and extended with new signals
Response
JSON Attributes | Type | |
|---|---|---|
type | string | |
source | string | |
session_id | string | |
accessories_count | integer | |
audio_mute_status | boolean | |
audio_volume_current | integer | |
battery_charging | boolean | |
battery_level | integer | |
can_send_mail | boolean | |
can_send_text | boolean | |
cpu_count | integer | |
cpu_type | string | |
device_adid | string | |
device_hash | string | |
device_name | string | |
device_orientation | string | |
device_udid | string | |
icloud_ubiquity_token | string | |
ios_device_name | string | |
ios_version | string | |
is_biometrics_enabled | boolean | |
is_emulator | boolean | |
is_ios_app_on_mac | boolean | |
is_jailbroken | boolean | |
is_on_call | boolean | |
is_passcode_enabled | boolean | |
is_screen_captured | boolean | |
kernel_arch | string | |
kernel_name | string | |
kernel_version | string | |
network_config | string | |
pasteboard_hash | string | |
physical_memory | unsigned long | |
region_country | string | |
region_language | string | |
region_timezone | string | |
screen_brightness | integer | |
screen_height | integer | |
screen_width | integer | |
system_uptime | integer | |
timezone_identifier | string | |
wifi_mac_address | string | |
wifi_ssid | string | |
dns_ip | string | |
dns_ip_country | string | |
dns_ip_isp | string | |
device_ip_address | string | |
device_ip_country | string | |
device_ip_isp | string | |
device_location | object | |
suspicious_flags | array | |
true_device_id | string | |
Response
Android SDK
You can integrate our device fingerprinting module directly into Android mobile apps, by using our SDK found on GitHub. In the repo you will also find more details about the integration like requirements and samples. It will collect information based on the user’s software and hardware configuration.
- The SDK returns an encrypted, base64 encoded string to add in the
sessionproperty in the Fraud API request. It isn’t permitted to access or modify the payload on the clients. - JSON structured device details will be revealed in the Fraud API response.
- Latest version available:
6.6.0 - Details on previous versions here.
Behaviour Monitoring (Optional)
Behaviour Monitoring allows the SEON SDK to be able to detect potentially suspicious user behaviour on the device. The SDK collects data during the session, which is then analyzed to identify potentially fraudulent environments and actions. This feature enhances the SDK’s ability to prevent fraud by detecting various forms of automated or suspicious activity, such as bot usage or device farms.
Note: For the result of the behaviour evaluation, we are introducing a new response field in the Fraud API response named
suspicious_flags. It's available in sessions generated by Android SDK version 6.5.0 or later when the session had been generated by the newstartBehaviourMonitoringandstopBehaviourMonitoringinterfaces.
The monitoring must be started with calling startBehaviourMonitoring wherever you would like to detect suspicious activity in your application and should be stopped with stopBehaviourMonitoring whenever it's reasonable. The returned session string should be then used in a Fraud API request as usual. Note: If you call stopBehaviourMonitoring without startBehaviourMonitoring called previously, the method will exit with BehaviouralMonitoringException thrown.
Possible suspicious_flags values:
"possible_automation": Suggests that automation tools or scripts may be controlling the device."possible_device_farm": Suggests that the device might be part of a device farm used for fraudulent activities."possible_vishing": Flags possible vishing (voice phishing) activity, where the user might be coerced into providing sensitive information."possible_ongoing_call": Flags possible ongoing phone call, which could be useful information in case the READ_PHONE_STATE permission wasn't granted foris_on_callfield to work. This behaviour based flag does not need any permissions to work, but it's only a best-effort metric.- To be continously improved and extended with new signals
Response
JSON Attributes | Type | |
|---|---|---|
type | string | |
source | string | |
session_id | string | |
android_id | string | |
android_version | string | |
app_guid | string | |
audio_mute_status | boolean | |
audio_volume_current | integer | |
battery_charging | boolean | |
battery_health | string | |
battery_level | integer | |
battery_temperature | float | |
battery_voltage | integer | |
biometric_status | boolean | |
bootloader_state | string | |
build_device | string | |
build_id | string | |
build_manufacturer | string | |
build_model | string | |
build_number | string | |
build_time | integer | |
carrier_country | string | |
carrier_name | string | |
cpu_count | integer | |
cpu_hash | string | |
cpu_speed | double | |
cpu_type | string | |
developer_options_state | string | |
device_hash | string | |
device_cellular_id | string | |
device_name | string | |
device_orientation | string | |
free_storage | integer | |
gsf_id | string | |
has_proximity_sensor | boolean | |
interfering_apps | array of string | |
is_click_automator_installed | boolean | |
is_emulator | boolean | |
is_keyguard_secure | boolean | |
is_nfc_available | boolean | |
is_nfc_enabled | boolean | |
is_on_call | boolean | |
is_remote_control_connected | boolean | |
is_rooted | boolean | |
is_screen_being_mirrored | boolean | |
kernel_arch | string | |
kernel_name | string | |
kernel_version | string | |
last_boot_time | integer | |
network_config | string | |
pasteboard_hash | string | |
physical_memory | integer | |
region_country | string | |
region_language | string | |
region_timezone | string | |
remote_control_provider | string | |
screen_brightness | integer | |
screen_height | integer | |
screen_scale | integer | |
screen_width | integer | |
sensor_hash | string | |
system_uptime | integer | |
timezone_identifier | string | |
total_storage | integer | |
usb_cable_state | string | |
usb_debugging_state | string | |
wifi_mac_address | string | |
wifi_ssid | string | |
dns_ip | string | |
dns_ip_country | string | |
dns_ip_isp | string | |
device_ip_address | string | |
device_ip_country | string | |
device_ip_isp | string | |
device_location | object | |
vpn_state | string | |
proxy_state | string | |
proxy_address | string | |
first_api_level | int | |
power_source | string | |
suspicious_flags | array | |
true_device_id | string | |