Migration guides

The current versioning structure of SEON APIs contains both a MAJOR and MINOR version numbers. As part of this change, the MINOR part of the version string will be omitted. This will result in the following versioning changes in both the URLs and the Fraud API’s config object:

• Fraud API v2.0 -> v2
• AML API v1.1 -> v1
• AML Entity API v1.1 -> v1
• Email API v2.3 -> v2
• Email Verification API v1.0 -> v1
• Phone API v1.5 -> v1
• IP API v1.1 -> v1
• BIN API v1.0 -> v1
• Label API non-versioned -> v1
• Lists API non-versioned -> v1
• Self Exclusion API non versioned -> v1
• Exclude User from Rule API non versioned -> v1
• Erase API non-versioned -> v1

With the new versioning structure, a new policy takes effect for breaking changes in the API.

The most influential changes in the policy above are the following:

• API integrators need to be prepared that the API might return new fields in the API responses without prior notice
• Version strings must be changed in the API URLs and the Fraud API config objects.

Keep in mind that additional modifications may also be required on your side later on as the API policy for the new endpoints will also change.

Instead of sending your license key via request payload, you need to send it as a HTTP header. The name of the header should be X-API-KEY.

APIs that are affected by this change:

• Fraud API v1.0
• Fraud API v2.0
• Lists API
• Label API

Payload-based Authentication changes

Instead of sending your license key via request payload, you need to send it as a HTTP header. The name of the header should be X-API-KEY.

URL Changes

New URL: https://api.seon.io/SeonRestService/fraud-api/v2

Deprecated URL: https://api.seon.io/SeonRestService/fraud-api/v1.0

New config object for Fraud API

• run_email_api field in input is deprecated for v2, Email API should be set in config object (set email_api: true).
• IP API won’t be executed by default, it needs to be set explicitly in config object. (set ip_api: true).
• Device fingerprint won’t be enabled by default; it needs to be set explicitly in config object. (set device_fingerprinting: true).
• Phone API is supported for Fraud API. (set phone_api: true).

Session handling

• Instead of the session_id, you need to send the encrypted payload returned by the SDK (supported by JS Agent v4, iOS SDK 3.0.0, Android SDK 3.0.0). The session_id parameter is still required for the configuration; the change affects the data you need to send in the Fraud API request related to the Device Fingerprint module.
• The previous SDK versions are still supported with the session_id field, but we highly recommend migrating the Device Fingerprint module.
• The public key is no longer necessary with the latest SDK versions.
• You must set device_fingerprinting: true in the config object to enable the feature.

Renamed fields

• user_label -> custom_fields
• item_user_label -> item_custom_fields
• user_order_memo -> order_memo

Response changes

Please find the full data field mapping from Fraud API v1.0 to v2 here.

Keep in mind that additional modifications may also be required on your side later on as the API policy for the new endpoints will also change.

Modifications are only required if your integration is not compatible with our new API policy or you are still using Payload-based Authentication (see below).

Keep in mind that 

• The default configuration parameters of the Fraud API - v2 will also be modified when the sunsetting of the old endpoints takes effect.
  • config.ip.version -> IP - v1
  • config.email.version -> Email - v2
  • config.phone.version -> Phone - v1
  • config.aml.version -> AML - v1
• the length of the data.id field's value generated by us - we generate it if the transaction_id was not provided in the request - can change over time, an increase can be expected

Payload-based Authentication changes

Instead of sending your license key via request payload, you need to send it as a HTTP header. The name of the header should be X-API-KEY.

URL Changes

New URL: https://api.seon.io/SeonRestService/fraud-api/v2

Deprecated URL: https://api.seon.io/SeonRestService/fraud-api/v2.0

Removed fields

There were no fields removed.

Renamed fields

There were no fields renamed.

New fields

There were no new fields added.

All fields referenced here start from the root/data path in our response.

Keep in mind that additional modifications may also be required on your side later on as the API policy for the new endpoints will also change.

URL Changes

New URL: https://api.seon.io/SeonRestService/aml-api/v1

Deprecated URL: https://api.seon.io/SeonRestService/aml-api/v1.0

Removed fields

There were no fields removed.

Renamed fields

There were no fields renamed.

New fields

• data.result_payload.details.crimelist_entries[X].scores
• data.result_payload.details.watchlist_entries[X].scores
• data.result_payload.details.sanctionlist_entries[X].scores
• data.result_payload.details.pep_entries[X].scores

Except for the URL change, modifications are only required if your integration is not compatible with our new API policy.

URL Changes

New URL: https://api.seon.io/SeonRestService/aml-api/v1

Deprecated URL: https://api.seon.io/SeonRestService/aml-api/v1.1

Removed fields

There were no fields removed.

Renamed fields

There were no fields renamed.

New fields

There were no new fields added.

Except for the URL change, modifications are only required if your integration is not compatible with our new API policy.

URL Changes

New URL: https://api.seon.io/SeonRestService/aml-api/entity/v1

Deprecated URL: https://api.seon.io/SeonRestService/aml-api/entity/v1.1

Removed fields

There were no fields removed.

Renamed fields

There were no fields renamed.

New fields

There were no new fields added.

Except for the URL change, modifications are only required if your integration is not compatible with our new API policy.

URL Changes

New URL: https://api.seon.io/SeonRestService/bin-api/v1/[bin]

Deprecated URL: https://api.seon.io/SeonRestService/bin-api/v1.0/[bin]

Removed fields

There were no fields removed.

Renamed fields

There were no fields renamed.

New fields

There were no new fields added.

All fields referenced here start from the root/data path in our response.

Keep in mind that additional modifications may also be required on your side later on as the API policy for the new endpoints will also change.

URL Changes

New URL: https://api.seon.io/SeonRestService/email-api/v2

Deprecated URL: https://api.seon.io/SeonRestService/email-api/v1.0

Removed fields

• email_exists
• disposable
• free
• domain_exists
• email_domain_details
• email_score
• email_account_details

Renamed fields

• email_score -> score
• free -> domain_details.free
• email_exists -> deliverable
• email_domain_details.domain -> domain_details.domain
• email_domain_details.created -> domain_details.created
• email_domain_details.updated -> domain_details.updated
• email_domain_details.is_registered -> domain_details.registered
• email_account_details.facebook_exists -> account_details.facebook.registered
• email_account_details.facebook_profile -> account_details.facebook.url
• email_account_details.facebook_name -> account_details.facebook.name
• email_account_details.facebook_photo -> account_details.facebook.photo
• email_account_details.google_exists -> account_details.google.registered
• email_account_details.google_photo -> account_details.google.photo
• email_account_details.apple_exists -> account_details.apple.registered
• email_account_details.twitter_exists -> account_details.apple.twitter
• email_account_details.microsoft_exists -> account_details.microsoft.registered
• email_account_details.yahoo_exists -> account_details.yahoo.registered
• email_account_details.ebay_exists -> account_details.ebay.registered
• email_account_details.gravatar_exists -> account_details.gravatar.registered
• email_account_details.instagram_exists -> account_details.instagram.registered
• email_account_details.spotify_exists -> account_details.spotify.registered
• email_account_details.tumblr_exists -> account_details.tumblr.registered
• email_account_details.linkedin_exists -> account_details.linkedin.registered
• email_account_details.haveibeenpwned_exists -> breach_details.haveibeenpwned_listed
• email_account_details.number_of_breaches -> breach_details.number_of_breaches
• email_account_details.first_breach -> breach_details.first_breach
• email_account_details.weibo_exists -> account_details.weibo.registered

New fields

• score
• deliverable
• id
• history
• history_timeframes
• flags
• domain_details
• breach_details
• account_details
• applied_rules
• account_details.discord
• account_details.ok
• account_details.kakao
• account_details.booking
• account_details.airbnb
• account_details.amazon
• account_details.qzone
• account_details.adobe
• account_details.mailru
• account_details.wordpress
• account_details.imgur
• account_details.disneyplus
• account_details.netflix
• account_details.jdid
• account_details.flipkart
• account_details.bukalapak
• account_details.archiveorg
• account_details.lazada
• account_details.zoho
• account_details.samsung
• account_details.evernote
• account_details.envato
• account_details.patreon
• account_details.tokopedia
• account_details.rambler
• account_details.quora
• account_details.atlassian
• account_details.flickr
• account_details.github
• account_details.google_plus
• account_details.skype
• account_details.adobe
• account_details.mailru
• account_details.wordpress
• account_details.imgur
• account_details.disneyplus
• account_details.netflix
• account_details.jdid
• account_details.flipkart
• account_details.bukalapak
• account_details.archiveorg
• account_details.lazada
• account_details.zoho
• account_details.samsung
• account_details.evernote
• account_details.envato
• account_details.patreon
• account_details.tokopedia
• account_details.rambler
• account_details.quora
• account_details.atlassian
• account_details.foursquare.bio
• account_details.foursquare.photo
• account_details.foursquare.profile_url
• account_details.gravatar.location
• account_details.gravatar.name
• account_details.gravatar.profile_url
• account_details.gravatar.username
• account_details.linkedin.connection_count
• account_details.flickr.username
• account_details.flickr.photo
• account_details.flickr.followers
• account_details.flickr.location
• account_details.flickr.occupation
• account_details.flickr.description
• account_details.github.photo
• account_details.github.full_name
• account_details.github.username
• account_details.github.location
• account_details.github.company
• account_details.github.website
• account_details.github.bio
• account_details.github.followers
• account_details.github.following
• account_details.github.twitter
• account_details.github.profile_url
• account_details.google.activity
• account_details.google.is_enterprise_user
• account_details.google.last_updated
• account_details.skype.country_code
• account_details.skype.contact_type
• account_details.aboutme
• account_details.altbalaji
• account_details.bitmoji
• account_details.bodybuilding
• account_details.codecademy
• account_details.deliveroo
• account_details.diigo
• account_details.duolingo
• account_details.eventbrite
• account_details.firefox
• account_details.freelancer
• account_details.gaana
• account_details.giphy
• account_details.giphy
• account_details.hubspot
• account_details.kommo
• account_details.komoot
• account_details.nike
• account_details.plurk
• account_details.rappi
• account_details.replit
• account_details.seoclerks
• account_details.snapchat
• account_details.snapdeal
• account_details.soundcloud
• account_details.starz
• account_details.strava
• account_details.taringa
• account_details.tiki
• account_details.treehouse
• account_details.venmo
• account_details.vivino
• account_details.vkontakte
• account_details.wattpad
• account_details.xing
• account_details.yandex
• account_details.adult_sites

All fields referenced here start from the root/data path in our response.

Keep in mind that additional modifications may also be required on your side later on as the API policy for the new endpoints will also change.

URL Changes

New URL: https://api.seon.io/SeonRestService/email-api/v2

Deprecated URL: https://api.seon.io/SeonRestService/email-api/v2.0

Removed fields

There were no fields removed. 

Renamed fields

There were no fields renamed. 

New fields

• account_details.discord
• account_details.ok
• account_details.kakao
• account_details.booking
• account_details.airbnb
• account_details.amazon
• account_details.qzone
• account_details.adobe
• account_details.mailru
• account_details.wordpress
• account_details.imgur
• account_details.disneyplus
• account_details.netflix
• account_details.jdid
• account_details.flipkart
• account_details.bukalapak
• account_details.archiveorg
• account_details.lazada
• account_details.zoho
• account_details.samsung
• account_details.evernote
• account_details.envato
• account_details.patreon
• account_details.tokopedia
• account_details.rambler
• account_details.quora
• account_details.atlassian
• account_details.flickr
• account_details.github
• account_details.google_plus
• account_details.skype
• account_details.adobe
• account_details.mailru
• account_details.wordpress
• account_details.imgur
• account_details.disneyplus
• account_details.netflix
• account_details.jdid
• account_details.flipkart
• account_details.bukalapak
• account_details.archiveorg
• account_details.lazada
• account_details.zoho
• account_details.samsung
• account_details.evernote
• account_details.envato
• account_details.patreon
• account_details.tokopedia
• account_details.rambler
• account_details.quora
• account_details.atlassian
• account_details.foursquare.bio
• account_details.foursquare.photo
• account_details.foursquare.profile_url
• account_details.gravatar.location
• account_details.gravatar.name
• account_details.gravatar.profile_url
• account_details.gravatar.username
• account_details.linkedin.connection_count
• account_details.flickr.username
• account_details.flickr.photo
• account_details.flickr.followers
• account_details.flickr.location
• account_details.flickr.occupation
• account_details.flickr.description
• account_details.github.photo
• account_details.github.full_name
• account_details.github.username
• account_details.github.location
• account_details.github.company
• account_details.github.website
• account_details.github.bio
• account_details.github.followers
• account_details.github.following
• account_details.github.twitter
• account_details.github.profile_url
• account_details.google.activity
• account_details.google.is_enterprise_user
• account_details.google.last_updated
• account_details.skype.country_code
• account_details.skype.contact_type
• account_details.aboutme
• account_details.altbalaji
• account_details.bitmoji
• account_details.bodybuilding
• account_details.codecademy
• account_details.deliveroo
• account_details.diigo
• account_details.duolingo
• account_details.eventbrite
• account_details.firefox
• account_details.freelancer
• account_details.gaana
• account_details.giphy
• account_details.giphy
• account_details.hubspot
• account_details.kommo
• account_details.komoot
• account_details.nike
• account_details.plurk
• account_details.rappi
• account_details.replit
• account_details.seoclerks
• account_details.snapchat
• account_details.snapdeal
• account_details.soundcloud
• account_details.starz
• account_details.strava
• account_details.taringa
• account_details.tiki
• account_details.treehouse
• account_details.venmo
• account_details.vivino
• account_details.vkontakte
• account_details.wattpad
• account_details.xing
• account_details.yandex
• account_details.adult_sites

All fields referenced here are starting from root/data path in our response.

Keep in mind that additional modifications may also be required on your side later on as the API policy for the new endpoints will also change.

URL Changes

New URL: https://api.seon.io/SeonRestService/email-api/v2

Deprecated URL: https://api.seon.io/SeonRestService/email-api/v2.1

Removed fields

There were no fields removed.

Renamed fields

There were no fields renamed.

New fields

• account_details.ok.full_name
• account_details.adobe
• account_details.mailru
• account_details.wordpress
• account_details.imgur
• account_details.disneyplus
• account_details.netflix
• account_details.jdid
• account_details.flipkart
• account_details.bukalapak
• account_details.archiveorg
• account_details.lazada
• account_details.zoho
• account_details.samsung
• account_details.evernote
• account_details.envato
• account_details.patreon
• account_details.tokopedia
• account_details.rambler
• account_details.quora
• account_details.atlassian
• account_details.foursquare.bio
• account_details.foursquare.photo
• account_details.foursquare.profile_url
• account_details.gravatar.location
• account_details.gravatar.name
• account_details.gravatar.profile_url
• account_details.gravatar.username
• account_details.linkedin.connection_count
• account_details.flickr.username
• account_details.flickr.photo
• account_details.flickr.followers
• account_details.flickr.location
• account_details.flickr.occupation
• account_details.flickr.description
• account_details.github.photo
• account_details.github.full_name
• account_details.github.username
• account_details.github.location
• account_details.github.company
• account_details.github.website
• account_details.github.bio
• account_details.github.followers
• account_details.github.following
• account_details.github.twitter_url
• account_details.github.profile_url
• account_details.google.activity
• account_details.google.is_enterprise_user
• account_details.google.last_updated
• account_details.skype.country_code
• account_details.skype.contact_type
• account_details.aboutme
• account_details.altbalaji
• account_details.bitmoji
• account_details.bodybuilding
• account_details.codecademy
• account_details.deliveroo
• account_details.diigo
• account_details.duolingo
• account_details.eventbrite
• account_details.firefox
• account_details.freelancer
• account_details.gaana
• account_details.giphy
• account_details.giphy
• account_details.hubspot
• account_details.kommo
• account_details.komoot
• account_details.nike
• account_details.plurk
• account_details.rappi
• account_details.replit
• account_details.seoclerks
• account_details.snapchat
• account_details.snapdeal
• account_details.soundcloud
• account_details.starz
• account_details.strava
• account_details.taringa
• account_details.tiki
• account_details.treehouse
• account_details.venmo
• account_details.vivino
• account_details.vkontakte
• account_details.wattpad
• account_details.xing
• account_details.yandex
• account_details.adult_sites

All fields referenced here are starting from root/data path in our response.

Keep in mind that additional modifications may also be required on your side later on as the API policy for the new endpoints will also change.

URL Changes

New URL: https://api.seon.io/SeonRestService/email-api/v2

Deprecated URL: https://api.seon.io/SeonRestService/email-api/v2.2

Removed fields

There were no fields removed.

Renamed fields

There were no fields renamed.

New fields

• account_details.ok.full_name
• account_details.flickr.photo
• account_details.flickr.followers
• account_details.flickr.location
• account_details.flickr.occupation
• account_details.flickr.description
• account_details.github.photo
• account_details.github.full_name
• account_details.github.username
• account_details.github.location
• account_details.github.company
• account_details.github.website
• account_details.github.bio
• account_details.github.followers
• account_details.github.following
• account_details.github.twitter_url
• account_details.github.profile_url
• account_details.google.activity
• account_details.google.is_enterprise_user
• account_details.google.last_updated
• account_details.skype.country_code
• account_details.skype.contact_type
• account_details.aboutme
• account_details.altbalaji
• account_details.bitmoji
• account_details.bodybuilding
• account_details.codecademy
• account_details.deliveroo
• account_details.diigo
• account_details.duolingo
• account_details.eventbrite
• account_details.firefox
• account_details.freelancer
• account_details.gaana
• account_details.giphy
• account_details.giphy
• account_details.hubspot
• account_details.kommo
• account_details.komoot
• account_details.nike
• account_details.plurk
• account_details.rappi
• account_details.replit
• account_details.seoclerks
• account_details.snapchat
• account_details.snapdeal
• account_details.soundcloud
• account_details.starz
• account_details.strava
• account_details.taringa
• account_details.tiki
• account_details.treehouse
• account_details.venmo
• account_details.vivino
• account_details.vkontakte
• account_details.wattpad
• account_details.xing
• account_details.yandex
• account_details.adult_sites

Except for the URL change, modifications are only required if your integration is not compatible with our new API policy.

URL Changes

New URL: https://api.seon.io/SeonRestService/email-verification/v1/[email_address]

Deprecated URL: https://api.seon.io/SeonRestService/email-verification/v1.0/[email_address]

Removed fields

There were no fields removed.

Renamed fields

There were no fields renamed.

New fields

There were no new fields added.

Except for the URL change, modifications are only required if your integration is not compatible with our new API policy.

URL Changes

New URL: https://api.seon.io/SeonRestService/erase-api/v1?dry_run=false

Deprecated URL: https://api.seon.io/SeonRestService/erase-api?dry_run=false

Removed fields

There were no fields removed.

Renamed fields

There were no fields renamed.

New fields

There were no new fields added.

Except for the URL change, modifications are only required if your integration is not compatible with our new API policy.

URL Changes

New URL: https://api.seon.io/SeonRestService/fraud-api/rule-exclude/v1

Deprecated URL: https://api.seon.io/SeonRestService/fraud-api/rule-exclude

Removed fields

There were no fields removed.

Renamed fields

There were no fields renamed.

New fields

There were no new fields added.

All fields referenced here start from the root/data path in our response.

Keep in mind that additional modifications may also be required on your side later on as the API policy for the new endpoints will also change.

URL Changes

New URL: https://api.seon.io/SeonRestService/ip-api/v1/[ip]

Deprecated URL: https://api.seon.io/SeonRestService/ip-api/v1.0/[ip]

Removed fields

There were no fields removed.

Renamed fields

There were no fields renamed.

New fields

• data.harmful

Except for the URL change, modifications are only required if your integration is not compatible with our new API policy.

URL Changes

New URL: https://api.seon.io/SeonRestService/ip-api/v1/[ip]

Deprecated URL: https://api.seon.io/SeonRestService/ip-api/v1.1/[ip]

Removed fields

There were no fields removed.

Renamed fields

There were no fields renamed.

New fields

There were no new fields added.

Except for the URL change, modifications are only required if your integration is not compatible with our new API policy or you are still using Payload-based Authentication (see below).

Payload-based Authentication changes

Instead of sending your license key via request payload, you need to send it as a HTTP header. The name of the header should be X-API-KEY.

URL Changes

New URL: https://api.seon.io/SeonRestService/fraud-api/label/v1/[id]

Deprecated URL: https://api.seon.io/SeonRestService/fraud-api/label/[id]

Removed fields

There were no fields removed.

Renamed fields

There were no fields renamed.

New fields

There were no new fields added.

Except for the URL change, modifications are only required if your integration is not compatible with our new API policy or you are still using Payload-based Authentication (see below).

Payload-based Authentication changes

Instead of sending your license key via request payload, you need to send it as a HTTP header. The name of the header should be X-API-KEY.

URL Changes

New URL: https://api.seon.io/SeonRestService/fraud-api/state-field/v1

Deprecated URL: https://api.seon.io/SeonRestService/fraud-api/state-field

Removed fields

There were no fields removed.

Renamed fields

There were no fields renamed.

New fields

There were no new fields added.

All fields referenced here are starting from root/data path in our response.

Keep in mind that additional modifications may also be required on your side later on as the API policy for the new endpoints will also change.

URL Changes

New URL: https://api.seon.io/SeonRestService/phone-api/v1/[phone_number]

Deprecated URL: https://api.seon.io/SeonRestService/phone-api/v1.0/[phone_number]

Removed fields

There were no fields removed.

Renamed fields

There were no fields renamed.

New fields

• disposable
• account_details.skype
• account_details.kakao
• account_details.ok
• account_details.zalo
• account_details.snapchat
• account_details.line
• account_details.viber.name
• account_details.whatsapp.about
• account_details.flipkart
• account_details.bukalapak
• account_details.jdid
• account_details.google.account_id
• account_details.google.full_name
• account_details.altbalaji
• account_details.shopclues
• account_details.snapdeal
• account_details.tiki
• account_details.vkontakte
• account_details.weibo
• account_details.whatsapp.last_active
• cnam_details.cnam
• cnam_details.gender

Field value changed

• data.type is separated with ' ' instead of '_' character

All fields referenced here start from the root/data path in our response.

Keep in mind that additional modifications may also be required on your side later on as the API policy for the new endpoints will also change.

URL Changes

New URL: https://api.seon.io/SeonRestService/phone-api/v1/[phone_number]

Deprecated URL: https://api.seon.io/SeonRestService/phone-api/v1.1/[phone_number]

Removed fields

There were no fields removed.

Renamed fields

There were no fields renamed.

New fields

• disposable
• account_details.flipkart
• account_details.bukalapak
• account_details.jdid
• account_details.zalo.uid
• account_details.zalo.date_of_birth
• account_details.zalo.name
• account_details.ok.age
• account_details.google.account_id
• account_details.google.full_name
• account_details.altbalaji
• account_details.shopclues
• account_details.snapdeal
• account_details.tiki
• account_details.vkontakte
• account_details.weibo
• account_details.whatsapp.last_active
• cnam_details.cnam
• cnam_details.gender

Field value changed

• data.type is separated with ' ' instead of '_' character

All fields referenced here start from root/data path in our response.

Keep in mind that additional modifications may also be required on your side later on as the API policy for the new endpoints will also change.

URL Changes

New URL: https://api.seon.io/SeonRestService/phone-api/v1/[phone_number]

Deprecated URL: https://api.seon.io/SeonRestService/phone-api/v1.2/[phone_number]

Removed fields

There were no fields removed.

Renamed fields

There were no fields renamed.

New fields

• account_details.flipkart
• account_details.bukalapak
• account_details.jdid
• account_details.zalo.uid
• account_details.zalo.date_of_birth
• account_details.zalo.name
• account_details.ok.age
• account_details.google.account_id
• account_details.google.full_name
• account_details.altbalaji
• account_details.shopclues
• account_details.snapdeal
• account_details.tiki
• account_details.vkontakte
• account_details.weibo
• account_details.whatsapp.last_active

Field value changed

• data.type is separated with ' ' instead of '_' character

All fields referenced here start from root/data path in our response.

Keep in mind that additional modifications may also be required on your side later on as the API policy for the new endpoints will also change.

URL Changes

New URL: https://api.seon.io/SeonRestService/phone-api/v1/[phone_number]

Deprecated URL: https://api.seon.io/SeonRestService/phone-api/v1.3/[phone_number]

Removed fields

There were no fields removed.

Renamed fields

There were no fields renamed.

New fields

• account_details.altbalaji
• account_details.shopclues
• account_details.snapdeal
• account_details.tiki
• account_details.vkontakte
• account_details.weibo
• account_details.whatsapp.last_active

Field value changed

• data.type is separated with ' ' instead of '_' character

All fields referenced here start from the root/data path in our response.

Keep in mind that additional modifications may also be required on your side later on as the API policy for the new endpoints will also change.

URL Changes

New URL: https://api.seon.io/SeonRestService/phone-api/v1/[phone_number]

Deprecated URL: https://api.seon.io/SeonRestService/phone-api/v1.4/[phone_number]

Removed fields

There were no fields removed.

Renamed fields

There were no fields renamed.

New fields

• account_details.altbalaji
• account_details.shopclues
• account_details.snapdeal
• account_details.tiki
• account_details.vkontakte
• account_details.weibo
• account_details.whatsapp.last_active

Field value changed

There were no field value changed.

Except for the URL change, modifications are only required if your integration is not compatible with our new API policy.

URL Changes

New URL: https://api.seon.io/SeonRestService/fraud-api/exclude/v1

Deprecated URL: https://api.seon.io/SeonRestService/fraud-api/exclude

Removed fields

There were no fields removed.

Renamed fields

There were no fields renamed.

New fields

There were no new fields added.

Introduction

SEON’s JS SDK v6 introduces significant enhancements and additional functionality to our Device Intelligence solution for Web. Below is asummary of these enhancements, with specific integration considerations outlined in the SDK Integration changes section.

• Behavioral Data: The SEON JS SDK now supports the collection of behavioral signals, including keypress characteristics, mouse movement, form fill speed, and autofill and paste usage. For more information on using behavioral data in your team’s fight against fraud, see our dedicated article here.
• Suspicious Flags: In v6, new flags are introduced and surfaced concerning the device and browser profile, including enhanced bot & automation detection, a list of privacy extensions installed, behavior signals based on keypresses, form fill-outs and improved fraud browser detection. For more information on this response field, see the New Fields section below. 
• New Fields: Many new fields are introduced in JS SDK v6, including DRM system provider, device price category, additional screen and device configuration data, new spoofing detection and much more. These fields will enhance your team’s capabilities to identify fraudulent and suspicious devices or browser profiles. For the full list of responses, check out our SDK Integration changes below.

New API Policy

The API Policy has been changed. More details about the new policy can be found here.

Breaking changes

• The _hash fields are incompatible between v5 and v6
  • browser_hash
  • canvas_hash
  • cookie_hash
  • device_hash
  • font_hash
  • plugin_hash
  • webgl_hash
• Changed values
  • browser
  • font_count
• Removed fields
  • accept_language
  • social_logins
  • screen_pixel_ratio - replaced by device_pixel_ratio
• Removed session_id config option

Warning: Please be aware that it is crucial to track breaking field changes custom rule sets. Failure to update the affected custom rules will result in them not functioning as expected. Ensure that you review and adapt your custom rule set to the latest version changes to maintain optimal performance and compatibility.

Integration changes

SDK Integration changes

Renamed fingerprinting function name: getBase64Session -> getSession

New function to enhance over time detections of behavioral data signals: init
While not required, this function is highly recommended to ensure:
- proper bot detection
- accurate timing of behavioral signals
- more accurate intelligence signals

For example, calling the behavioral analysis signals before generating the website session enables behavioral checks such as mouse movement detection. Additionally, the separate `config` function was removed and the configuration now has to be passed to `getSession` as an argument.

Example usage:

// On page load:
seon.init();
const config = {
  geolocation: {
   canPrompt: false,
  },
  networkTimeoutMs: 2000,
  fieldTimeoutMs: 2000,
  region: 'eu',
  silentMode: true,
};
// Later on when the fingerprint is needed:
const session = await seon.getSession(config);
// 'session' variable holds the encrypted device fingerprint that should be sent to SEON

New config object for the SDK

Removed options:

• audio_fingerprint is no longer optional, it will always be part of the results.
• canvas_fingerprint  is no longer optional, it will always be part of the results.
• dnsTimeout field got renamed to networkTimeoutMs.
• font_list option removed, the list will be returned for every fingerprint.
• host renamed to dnsResolverDomain for better clarity. Its potential values have been changed to match the actual domains:
  • seon.io -> seondnsresolve.com
  • seondf.com -> seondfresolver.com
  • deviceinf.com -> deviceinfresolver.com
  • getdeviceinf.com -> getdeviceinfresolver.com
  • seonintelligence.com -> seonintelligenceresolver.com
• max_proxy_delay option is deprecated and not necessary.
• onError and onSuccess were parts of the config call and signaled whether the configuration succeeded. In v6 a misconfiguration will cause a JavaScript SEONConfigError to be thrown.
• webgl_fingerprint is no longer optional, it will always be part of the results.
• geolocation_age, geolocation_prompt options got removed as part of the geolocation option change. More information in the changed options.
• referrer_parameters renamed to referrer and its potential value has been changed.
• silent_mode renamed to silentMode
• window_location_length renamed to windowLocation and its potential value has been changed.
• session_id is a deprecated option.

Changed options:

• geolocation accepts an object instead of string. It has the following properties:
  • enabled: Whether to enable geolocation or not. It is false by default.
  • highAccuracy: Enables high accuracy for the Geolocation API. It might slightly increase the fingerprinting time.
  • canPrompt: Controls whether the SDK can generate a geolocation permission prompt in the browser.
  • maxAgeSeconds: This option controls the maximum age in seconds of a cached position that is acceptable to return. If set to 0, it means that the device cannot use a cached position and must attempt to retrieve the real current position.
  • timeoutMs: Timeout for the Geolocation API to return the position of the device.
• referrer will return an object with the following properties:
  • maxLength: Maximum length of the URL.
  • searchParams: Whether to include search parameters of the URL.
• windowLocation will return an object with the following properties:
  • maxLength: Maximum length of the URL.
  • searchParams: Whether to include search parameters of the URL.

New options:

• region: It is recommended to set this option to the closest supported region of your user base to reduce the runtime of fingerprinting. Currently, only Europe is supported. The default value is ‘eu’.
• fieldTimeoutMs: Global timeout for the fingerprinting in milliseconds. It is recommended to primarily rely on this option, rather than wrapping the 'getSession' call in a timeout, because this way a partial result is still generated in case of a timeout.
• throwOn: A list of possible causes for the SDK to throw an error. By default the SDK only throws an error for an invalid 'options' object, but otherwise always runs to completion.
• silentMode: Whether to allow the JavaScript SDK to trigger warnings and errors on the DevTools console. Turning this off will allow the SDK to enable additional features.

Behavioral features

Calling the seon.init() method will enable behavioral analysis. The user behavior collection is started on the seon.init() call and ends when seon.getSession() is called (behavioral data will be automatically included in the generated session string). Thus, the recommended integration pattern is calling init on form loa, and calling getSession on form submit to analyze user behavior during a form fill-out. Suspicious behavior is flagged in the suspicious_flags response field, which can contain the following values:

• suspicious_keypress_characteristics
• suspicious_mouse_movement
• suspicious_form_fillout
• paste_used
• autofill_used

By default, user interaction is analyzed throughout the whole page. If you want to target specific input fields or forms for behavior analysis, you can customize it using the behavioralDataCollection init configuration option:

// On load
seon.init({
  behavioralDataCollection: {
    targets: 'input[type="text"], .behavior', // querySelector string
    formFilloutDurationTargetId: "myForm", // select form with id 'myForm'
  }
});
// On form submit
await seon.getSession();

The targeted elements MUST exist at the time of the init call. Elements that match the selector, but added to the DOM after the init call will NOT be part of the evaluation.

To disable behavioral data collection by the SDK altogether, you must specify an empty string for the targets option:

// Disabling behavioral analysis
seon.init({
  behavioralDataCollection: {
    targets: '', // pass an emtpy string for targets
  }
});

Note: It is always recommended to use the seon.init() function even when behavioral data collection is intentionally disabled, as this will improve bot detection. 

Fraud API Integration changes

There were no Fraud API integration changes.

Removed fields

accept_language
Reason: It was deprecated since v3.

social_logins
Reason: It was deprecated since v3.

screen_pixel_ratio
Reason: Replaced by device_pixel_ratio with float values.

Renamed fields

• device_ip_address -> device_ip
• region_timezone -> timezone_offset

New structure

Some related fields moved to common objects. These are the following:

• battery
  • Fields: battery_charging, battery_level
• plugins
  • Fields: plugin_count, plugin_hash, plugin_list
• user_agent_data
  • Fields: architecture, bitness, mobile, model, platform_version, platform, ua_full_version
• webgl
  • Fields: webgl_hash, webgl_image_hash, webgl_parameters_hash, webgl_parameters_noise, webgl_renderer, webgl_vendor, webgl2_image_hash, webgl2_parameters_hash, webgl2_parameters_noise

New fields

• Browser version age
  Type: integer
  Fraud API field name: browser_version_age
  The age of the browser version in years. This field was previously available only for rules.
• Device ip region
  Type: string
  Fraud API field name: device_ip_region
  The region of the user’s device based on the device ip address. This is currently only for the US, and the US state will be in this field.
• DNS ip region
  Type: string
  Fraud API field name: dns_ip_region
  The region of the user’s device based on the dns ip address. This is currently only for the US, and the US state will be in this field.
• Digital rights management 
  Type: string array
  Fraud API field name: drm_key_systems
  Returns the list of available DRM providers. Digital Rights Management providers offer technologies to protect digital content from unauthorized use, copying, and distribution. They implement access controls, encryption, and licensing mechanisms to safeguard intellectual property across various industries like entertainment, publishing, and software.
• Device price category
  Type: string
  Fraud API field name: price_range
  Returns the estimated price range of the user’s device. Possible values are: low, medium or high.
• Extensions
  Type: string array
  Fraud API field name: extensions
  Returns a list of installed extensions. This field will work for only a set of extensions. Detects:
  • AbelSoft
  • Adblock Plus
  • Adblock Ultimate
  • Audiocontext Fingerprint Defender
  • Canvas Blocker
  • Canvas Fingerprint Defender
  • Chameleon
  • Cydec
  • Disconnect
  • DuckDuckGo Privacy
  • Font Fingerprint Defender
  • Ghostery
  • LastPass
  • Privacy Badger
  • Privacy Possum
  • Script Safe
  • Trace
• Keyboard layout name
  Type: string
  Fraud API field name: keyboard_layout_name
  The keyboard layout language of the user. It currently supports Chromium based browsers, desktop devices and languages that use latin characters.
• Languages
  Type: string array
  Fraud API field name: languages
  Returns the list of user preferred languages. Its first item will be the region_language field.
• Locale
  Type: string
  Fraud API field name: locale
  A locale is a string that represents the user's language, region, and any special variant preferences. It influences how applications format and display data, such as dates, times, numbers, and text, to match cultural conventions.
• Maximum number of touch points
  Type: integer
  Fraud API field name: max_touch_points
  Returns the maximum number of simultaneous touch contact points supported by the user's device.
• Number of connected media devices
  Type: object
  Fraud API field name: media_devices
  Returns an object with 3 properties:
  • audio_input_count:
    Type: integer
    The number of the user's media input devices, such as cameras and microphones.
  • audio_output_count
    Type: integer
    The number of the user’s audio output devices, such as speakers and headphones
  • video_input_count
  • Type: integer
    The number of the user’s video input devices, such as webcams and built-in cameras.
• Mouse movement
  Type: boolean
  Fraud API field name: mouse_moved
  Returns a boolean indicating whether the mouse moved during the fingerprinting process, which begins at seon.init and ends when getSession is called.
• Browser API permissions
  Type: object
  Fraud API field name: permissions
  Returns an object with 3 properties:
  • granted:
    Type: string array
    The name of the browser APIs where the user granted permission.
  • prompt
    Type: string array
    The name of the browser APIs for which the user has neither granted nor denied permission. This means that the user will be prompted for access when trying to use one of these APIs.
  • denied
    Type: string array
    The name of the browser APIs where the user denied permission.
• Plugins
  Type: object
  Fraud API field name: plugins
  The three plugin related fields (plugin_count, plugin_hash, plugin_list) moved under this object.
• Proxy
  Type: boolean
  Fraud API field name: proxy
  True if the user is using a proxy, false otherwise.
• Screen data
  Type: object
  Fraud API field name: screen_data
  Returns an object with many properties related to the user's screen. There are new and existing fields which moved here:
  • Existing fields: screen_color_depth
  • New fields:
    • device_pixel_ratio
      Type: float
      Device Pixel Ratio is the ratio between a device's physical pixel density and its logical pixel density. Physical pixels are visible on the screen, while logical pixels determine how many fit into a given unit of measurement, like inches or centimeters. Previously screen_pixel_ratio
    • document_height
      Type: integer
      The inner height of the document body in pixels. It includes padding but excludes borders, margins, and horizontal scrollbars (if present).
    • document_width
      Type: integer
      The inner width of the document body in pixels. It includes padding but excludes borders, margins, and vertical scrollbars (if present).
    • is_extended
      Type: boolean
      True if the user's device has multiple screens. False if not, or the API is not available, or with screen mirroring. Currently supports only Chromium browsers.
    • orientation_angle
      Type: integer
      The document's current orientation angle.
    • orientation_type
      Type: string
      The document's current orientation type, one of portrait-primary, portrait-secondary, landscape-primary, or landscape-secondary.
    • screen_available_height
      Type: integer
      The height of the space available for the browser window on the screen in CSS pixels.
    • screen_available_width
      Type: integer
      The width of the space available for the browser window on the screen in CSS pixels.
    • screen_height
      Type: integer
      The height of the screen in CSS pixels.
    • screen_pixel_depth
      Type: integer
      The bit depth of the screen.
    • screen_width
      Type: integer
      The width of the screen in CSS pixels.
    • window_inner_height
      Type: integer
      The interior height of the window in pixels, including the height of the horizontal scroll bar, if present.
    • window_inner_width
      Type: integer
      The interior width of the window in pixels, including the width of the vertical scroll bar, if present.
    • window_outer_height
      Type: integer
      The height in pixels of the whole browser window, including any sidebar, window chrome, and window-resizing borders/handles.
    • window_outer_width
      Type: integer
      The width of the outside of the browser window. It represents the width of the whole browser window including sidebar (if expanded), window chrome and window resizing borders/handles.
    • window_screen_x
      Type: integer
      The horizontal distance, in CSS pixels, from the left border of the user's browser viewport to the left side of the screen.
    • window_screen_y
      Type: integer
      The vertical distance, in CSS pixels, of the top border of the user's browser viewport to the top edge of the screen.
    • window_scroll_x
      Type: integer
      The number of pixels that the document is currently scrolled horizontally.
    • window_scroll_y
      Type: integer
      The number of pixels that the document is currently scrolled vertically.
• Spoofing hash
  Type: string
  Fraud API field name: spoofing_hash
  A hash made from detected fingerprint spoofing attempts. It only has a value if some form of spoofing is detected.
• Suspicious flags
  Type: string array
  Fraud API field name: suspicious_flags
  An array of specific flags. Many potential fraudulent indicators can be found here. This field was available for rules as suspicious_browser_profile.
• Timezone country
  Type: string
  Fraud API field name: timezone_country
  The ISO country code of the detected timezone.
• Timezone
  Type: string
  Fraud API field name: timezone
  The timezone of the user. E.g.: ‘Europe/Budapest’
• Unpopular resolution
  Type: boolean
  Fraud API field name: unpopular_device_resolution
  Returns true if the user’s screen resolution is not among the widely used ones. This could be because of a unique setup, but in most cases it indicates some kind of spoofing.
• Unpopular user-agent
  Type: boolean
  Fraud API field name: unpopular_user_agent
  Returns true if the user’s user-agent is not among the widely used ones. This could be because of a unique setup, but in most cases it indicates some kind of spoofing.
• User agent data
  Type: object
  Fraud API field name: user_agent_data
  To prevent fingerprinting, browsers are increasingly moving towards reducing the granularity and detail of information exposed through the useragent. To provide the necessary information in a controlled way, some browsers introduced the User Agent Data API, which can provide the following information. This is currently available only for chromium based browsers.
  • architecture:
    Type: string
    The cpu architecture of the user’s device.
  • bitness
    Type: string
    Indicates whether the device's operating system is 32-bit or 64-bit.
  • mobile
    Type: boolean
    Indicates whether the device is a mobile device.
  • model
    Type: string
    Provides the model name of the device, helping to identify the specific hardware being used.
  • platform_version
    Type: string
    Denotes the version of the underlying platform.
  • platform
    Type: string
    Returns the platform brand information. E.g.: ‘Windows’
  • ua_full_version
    Type: string
    A string containing the full browser version. E.g.: ‘103.0.5060.134’
• VPN
  Type: boolean
  Fraud API field name: vpn
  True if the user is using a vpn,false otherwise.
• WebGL information 
  Type: object
  Fraud API field name: webgl
  Many webGL related fields moved under a common object. It contains a few fields available in previous versions, but most of them are new.
  • webgl_2_image_hash:
    Type: string
    A hash created by drawing an object with webGL 2 technology and hashing it. 
    webgl_2_parameters_hash
    Type: string
    A hash created from the parameters of webGL 2.
  • webgl_2_parameters_noise
    Type: boolean
    True if noise detected, while hashing the parameters of webGL 2, false otherwise. 
  • webgl_hash
    Type: string
    A single hash created from all webGL related information.
  • webgl_image_hash
    Type: string
    A hash created by drawing an object with webGL technology and hashing it.
  • webgl_parameters_hash
    Type: string
    A hash created from the parameters of webGL API.
  • webgl_parameters_noise
    Type: boolean
    True if noise detected, while hashing the parameters of webGL, false otherwise. 
  • webgl_renderer
    Type: string
    Renderer string of the graphics driver. Previously this information was part of the webgl_vendor field.
  • webgl_vendor
    Type: string
    Vendor string of the graphics driver. This is the same information that was before, but the renderer part moved to a separate webgl_renderer field.

There were no significant changes in the output fields. The _hash fields are incompatible between v4 and v5 (especially the browser_hash), and the list of collected fonts is different. In v5, the font_list is empty by default, but can be turned on with the font_list configuration option. Only the font_count and font_hash fields are populated correctly; the font_list field is empty by default to reduce payload size.

The v5 version contains a lot of improvements to improve the stability and accuracy of the fields, as well as updates to our fraud tool and spoofing detection features.

The integration remained exactly the same and requires no changes besides updating the CDN URL by switching v4 to v5.

Removed fields

There were no fields removed.

Renamed fields

There were no fields renamed.

New fields

There were no new fields added. But additional bot, fraud tool, privacy tool, and spoofing detection is available in v5 using the scoring engine.

Field value changes

• The _hash fields are generated differently, meaning they might break between versions.
• The list of collected fonts is different. Also, on v5, the font_list is empty by default but can be turned on with the font_list configuration option. Only the font_count and font_hash fields are populated correctly; the font_list field is empty by default to reduce payload size.
• The private mode detection is more accurate on v5.
• The accept_language field will always be an empty list due to the different integration methods.
• The window_size, screen_resolution, screen_available_resolution fields in v5 always follow the <WIDTH>x<HEIGHT> format instead of the alphabetically ordered format of v3.
• Some fields might have a different value in edge cases due to some improvements.

Integration changes

The changes required in the integration highly depend on the customer's chosen integration method.

The latest v3 SDK version allows for two different methods:

• Calling the seon.getBase64Session JavaScript function, the SDK returns the encrypted session string, which can be linked to a transaction by sending it in as the session parameter in the Fraud API v2 call.
• Calling the seon.saveSession JavaScript function, the SDK sends in the device fingerprint to SEON services, and you can connect these details to a transaction in the Fraud API call with the given session_id.

Using seon.getBase64Session

The first option requires the least amount of changes from the customers, as the JavaScript interface did not change between v3 and v5. You can simply switch the CDN URL to one of our supported URLs (see SEON Docs). The public_key configuration option is deprecated in v5 because it is no longer used, but will not generate a warning if it is still included.

Using seon.saveSession

In v3, the JS SDK sent in the device fingerprint to SEON services automatically by calling the seon.saveSession, and you could link the device fingerprint with your Fraud API call with the session_id.

In v5, the SDK generates a base64 encoded encrypted payload, which has to be sent in with the Fraud API request. So the new flow is the following:

1. Generate the session string on your frontend with the getBase64Session
2. Send this session string to your backend
3. Send the session string as the session parameter to the Fraud API

Additionally, you have to call the Fraud API v2 instead of v1 to send in sessions. Please refer to the Fraud API v2 documentation for more information.

Content-Security-Policy

The v5 SDK sends network requests to our custom domains for more accurate identification and fraud detection. If your site uses CSP HTTP headers, you need to explicitly allow these requests with a connect-src directive. For more info please refer to the v5 configuration section of the API reference.

Removed fields

There were no fields removed.

Renamed fields

• avail_screen -> screen_available_resolution
• flash -> flash_enabled
• font_names -> font_list
• fonts -> font_count
• fonts_hash -> font_hash
• java -> java_enabled
• js_ip -> device_ip_address
• js_ip_country -> device_ip_country
• js_ip_isp -> device_ip_isp
• op_sys -> os
• plugin_names -> plugin_list
• plugins -> plugin_count
• plugins_hash -> plugin_hash
• private_mode -> private
• screen -> screen_resolution
• timezone -> region_timezone
• useragent -> user_agent
• window_screen -> window_size

New fields

See v5 documentation for all available new fields. It also includes an additional bot, fraud tool, privacy tool, and spoofing detection using the Scoring Engine.

Field value changes

• All _hash fields are generated differently, meaning they will break between versions.
  The collected list of fonts is different. On v5, the font_list is empty by default but can be turned on with the font_list configuration option. Only the font_count and font_hash fields are populated correctly; the font_list field is empty by default to reduce payload size.
• The private mode detection is more accurate on v5.

Integration changes

In v1, the JS SDK sent in the device fingerprint to SEON services automatically, and you could link the device fingerprint with your Fraud API call with the session_id.

In v5, the SDK generates a base64 encoded encrypted payload, which has to be sent in with the Fraud API request. The new flow is the following:

1. Generate the session string on your frontend with the getBase64Session.
2. Send this session string to your backend.
3. Send the session string as the session parameter to the Fraud API.

Additionally, you have to call the Fraud API v2 instead of v1 to send in sessions. Please refer to the Fraud API v2 documentation for more information.

JavaScript integration changes

v1:

<script src="https://cdn.seon.io/v1.0/js/agent-dev.js"></script>
<script>
 start(sessionId, () => console.log('success'));
</script>

v2:

<script src="https://cdn.seon.io/v2.0/js/agent-dev.js"></script>
<script>
 seon.start({
   session_id: sessionId,
   onSuccess: () => console.log('success'),
   onError: () => console.log('error'),
 });
</script>

v5:

<script src="https://cdn.seon.io/js/v5/agent.prod.js"></script>
<script>
 seon.config({
   session_id: sessionId,
   onSuccess: (msg) => console.log('config success', msg),
   onError: (msg) => console.error('config error', msg),
 });
 
 seon.getBase64Session().then((session) => {
   console.log('Session string:', session);
   // Send 'session' to your backend and send it in the Fraud API call
 });
</script>

Please refer to the JS SDK v5 documentation for more information and additional configuration options.

Content-Security-Policy

The V5 SDK sends network requests to our custom domains for more accurate identification and fraud detection. If your site uses CSP HTTP headers, then you need to allow these requests explicitly with a connect-src directive. For more info, please refer to the v5 configuration section of the API reference.

Removed fields

There were no fields removed.

Renamed fields

There were no renamed fields.

Field value changes

device_hash field is calculated differently, resulting in different values for a given device. This means these values are going to break between versions.

Integration changes

SDK Integration changes

• Starting from v6, there is a change in SEON’s API Policy. From now on SEON might introduce new fields in the SDK with minor versions. We advise you to integrate in a way that the addition of new fields is handled gracefully.
• Removed deprecated interface members:

• SeonBuilder.seon
• SeonBuilder.getInstance()

Fraud API Integration changes

There were no Fraud API integration changes.

New fields

• Biometric authentication Status
  Type: string
  Fraud API field name: biometric_status
  Indicates the status of biometric authentication on the device.
  Useful for determining the end user's security awareness.
• Bootloader state
  Type: string
  Fraud API field name: bootloader_state
  Bootloader lock state, calculation based on system properties.
  High-value security information.
• Device build model identifier
  Type: string
  Fraud API field name: build_model
  A human-readable name that represents the marketing or consumer-facing name of the device.
• Developer options state
  Type: string
  Fraud API field name: developer_options_state
  Returns the state of the developer options setting.
  High-value security information which can be tied to fraud and can be determined to ID rooted devices or emulators in conjunction with other fields.
• Device orientation
  Type: string
  Fraud API field name: device_orientation
  Returns the current orientation of the device.
• Google Service Framework identifier
  Type: string
  Fraud API field name: gsf_id
  Requires permission: com.google.android.providers.gsf.permission.READ_GSERVICES
  Returns a unique identifier which only changes after a factory reset is performed on the device.
• Possibly interfering apps
  Type: string[]
  Fraud API field name: interfering_apps
  Contains the list of installed applications that were given permissions to potentially interfere with other applications on the device by our metric.
  Accurate results to the given metric. Applications might interfere with the host application through different methods/permissions, which are not detected here.
• Click automator installed
  Type: boolean
  Fraud API field name: is_click_automator_installed
  Detects if a click automator is installed
  Reliably detecting enabled click automator applications known to us. Returns false negative if the user has a click automator installed which we haven’t added to our blacklist yet.
• Keyguard secured
  Type: boolean
  Fraud API field name: is_keyguard_secure
  Indicates whether the keyguard is secured by a PIN, pattern or password or a SIM card is currently locked.
• NFC hardware available
  Type: boolean
  Fraud API field name: is_nfc_available
  Returns whether the device has NFC hardware available.
• NFC features enabled
  Type: boolean
  Fraud API field name: is_nfc_enabled
  Returns whether the device has NFC functionalities enabled.
• Currently is on a phone call
  Type: boolean
  Fraud API field name: is_on_call
  Returns true or false depending on whether the device was on a call while collecting the fingerprint. Detects both cellular and VOIP calls.
• Is device currently being remotely controlled
  Type: boolean
  Fraud API field name: is_remote_control_connected
  Returns whether the device is being remotely controlled by a known remote control application at the time of the fingerprint.
  High-value security information which can be tied to fraud.
• Is the current screen is being mirrored
  Type: boolean
  Fraud API field name: is_screen_being_mirrored
  Returns whether the screen of the device is being mirrored to an additional display. This is triggered by screen sharing, screen mirroring to a television, using a display through HDMI connection, etc. This might be the indicator that the user’s screen content is visible to someone else in some way.
  High-value security information which can be tied to fraud.
• Connected remote control provider’s name
  Type: string
  Fraud API field name: remote_control_provider
  If is_remote_control_connected is true, this field returns the readable name of the detected remote control application, otherwise null.
  Best effort detection of the used tool.
• Timezone identifier
  Type: string
  Fraud API field name: timezone_identifier
  Returns the current system timezone’s geopolitical region ID.
• Current USB cable state
  Type: string
  Fraud API field name: usb_cable_state
  Shows if the device is currently being connected to a PC/other device by a USB cable.
  Being connected to a charger does not affect this value.
• USB debugging setting
  Type: string
  Fraud API field name: usb_debugging_state
  State of USB debugging toggle in developer options.
  If both this and usb_cable_state are true at the same time, the device is possibly connected to ADB debugger.

Removed fields

There were no fields removed.

Renamed fields

There were no renamed fields.

Field value changes

• device_hash field is calculated differently, resulting in different values for a given device. This means these values are going to break between versions.

Integration changes

SDK Integration changes

• Starting from v6, there is a change in SEON’s API Policy. From now on SEON might introduce new fields in the SDK with minor versions. We advise you to integrate in a way that the addition of new fields is handled gracefully.
• Removed the following transitive runtime dependencies for the SDK

• com.jaredrummler.android-device-names:1.1.8

• Removed deprecated interface members:

• SeonBuilder.seon
• SeonBuilder.getInstance()

Fraud API Integration changes

There were no Fraud API integration changes.

New fields

• Biometric authentication Status
  Type: string
  Fraud API field name: biometric_status
  Indicates the status of biometric authentication on the device.
  Useful for determining the end user's security awareness.
• Bootloader state
  Type: string
  Fraud API field name: bootloader_state
  Bootloader lock state, calculation based on system properties.
  High-value security information.
• Device build model identifier
  Type: string
  Fraud API field name: build_model
  A human-readable name that represents the marketing or consumer-facing name of the device.
• Developer options state
  Type: string
  Fraud API field name: developer_options_state
  Returns the state of the developer options setting.
  High-value security information which can be tied to fraud and can be determined to id rooted devices or emulators in conjunction with other fields.
• Device orientation
  Type: string
  Fraud API field name: device_orientation
  Returns the current orientation of the device.
• Google Service Framework identifier
  Type: string
  Fraud API field name: gsf_id
  Requires permission: com.google.android.providers.gsf.permission.READ_GSERVICES
  Returns a unique identifier which only changes after a factory reset is performed on the device.
• Possibly interfering apps
  Type: string[]
  Fraud API field name: interfering_apps
  Contains the list of installed applications that were given permission to potentially interfere with other applications on the device by our metric.
  Accurate results to the given metric. Applications might interfere with the host application through different methods/permissions, which are not detected here.
• Click automator installed
  Type: boolean
  Fraud API field name: is_click_automator_installed
  Detects if a click automator is installed
  Reliably detecting enabled click automator applications known to us. Returns false negative if the user has a click automator installed which we haven’t added to our blacklist yet.
• Keyguard secured
  Type: boolean
  Fraud API field name: is_keyguard_secure
  Indicates whether the keyguard is secured by a PIN, pattern or password or a SIM card is currently locked.
• NFC hardware available
  Type: boolean
  Fraud API field name: is_nfc_available
  Returns whether the device has NFC hardware available.
• NFC features enabled
  Type: boolean
  Fraud API field name: is_nfc_enabled
  Returns whether the device has NFC functionalities enabled.
• Currently is on a phone call
  Type: boolean
  Fraud API field name: is_on_call
  Returns true or false depending on whether the device was on a call while collecting the fingerprint. Detects both cellular and VOIP calls.
• Is device currently being remotely controlled
  Type: boolean
  Fraud API field name: is_remote_control_connected
  Returns whether the device is being remotely controlled by a known remote control application at the time of the fingerprint.
  High-value security information which can be tied to fraud.
• Is the current screen being mirrored
  Type: boolean
  Fraud API field name: is_screen_being_mirrored
  Returns whether the screen of the device is being mirrored to an additional display. This is triggered by screen sharing, screen mirroring to a television, using a display through HDMI connection, etc. This might be the indicator of the user’s screen content is being visible to someone else in some way.
  High-value security information which can be tied to fraud.
• Connected remote control provider’s name
  Type: string
  Fraud API field name: remote_control_provider
  If is_remote_control_connected is true, this field returns the readable name of detected remote control application, otherwise null.
  Best effort detection of the used tool.
• Timezone identifier
  Type: string
  Fraud API field name: timezone_identifier
  Returns the current system timezone’s geopolitical region ID.
• Current USB cable state
  Type: string
  Fraud API field name: usb_cable_state
  Shows if the device is currently being connected to a PC/other device by a USB cable.
  Being connected to a charger does not affect this value.
• USB debugging setting
  Type: string
  Fraud API field name: usb_debugging_state
  State of USB debugging toggle in developer options.
  If both this and usb_cable_state are true at the same time, the device is possibly connected to ADB debugger.

Removed fields

There were no fields removed.

Renamed fields

There were no renamed fields.

Field value changes

• device_hash field is calculated differently, resulting in different values for a given device. This means these values are going to break between versions.

Integration changes

SDK Integration changes

• Starting from v6, there is a change in SEON’s API Policy. From now on, SEON might introduce new fields in the SDK with minor versions. We advise you to integrate in a way that the addition of new fields is handled gracefully.
• SeonBuilder.getInstance() has been deprecated. To get a valid Seon object instance pass the context and your session ID to SeonBuilder() and then call the build() method on the configured instance. For more detailed information and examples, please visit the SDK documentation.
• getFingerprintBase64() returns the fingerprint asynchronously. Thread management is fully handled by the SDK internally and doesn’t require any extra effort from the integration side.
  For more detailed information and examples, please visit the SDK documentation.
• Introduced the following transitive runtime dependencies for the SDK

• androidx.annotation:annotation:1.6.0
• com.getkeepsafe.relinker:relinker:1.4.4

• Removed the following transitive runtime dependencies for the SDK

• com.jaredrummler:android-device-names

• minSdkVersion has been raised from 15 to 21
• Removed deprecated interface members:

• SeonBuilder.seon
• SeonBuilder.getInstance()

Fraud API Integration changes

There were no Fraud API integration changes.

New fields

Biometric authentication Status

• Type: string
  Fraud API field name: biometric_status
  Indicates the status of biometric authentication on the device.
  Useful for determining the end user's security awareness.
• Bootloader state
  Type: string
  Fraud API field name: bootloader_state
  Bootloader lock state, calculation based on system properties.
  High-value security information.
• Device build model identifier
  Type: string
  Fraud API field name: build_model
  A human-readable name that represents the marketing or consumer-facing name of the device.
• Developer options state
  Type: string
  Fraud API field name: developer_options_state
  Returns the state of the developer options setting.
  High-value security information which can be tied to fraud and can be determined to ID rooted devices or emulators in conjunction with other fields.
• Device orientation
  Type: string
  Fraud API field name: device_orientation
  Returns the current orientation of the device.
• Google Service Framework identifier
  Type: string
  Fraud API field name: gsf_id
  Requires permission: com.google.android.providers.gsf.permission.READ_GSERVICES
  Returns a unique identifier which only changes after a factory reset is performed on the device.
• Possibly interfering apps
  Type: string[]
  Fraud API field name: interfering_apps
  Contains the list of installed applications that were given permission to potentially interfere with other applications on the device by our metric.
  Accurate results to the given metric. Applications might interfere with the host application through different methods/permissions, which are not detected here.
• Click automator installed
  Type: boolean
  Fraud API field name: is_click_automator_installed
  Detects if a click automator is installed
  Reliably detecting enabled click automator applications known to us. Returns false negative if the user has a click automator installed which we haven’t added to our blacklist yet.
• Keyguard secured
  Type: boolean
  Fraud API field name: is_keyguard_secure
  Indicates whether the keyguard is secured by a PIN, pattern, or password or a SIM card is currently locked.
• NFC hardware available
  Type: boolean
  Fraud API field name: is_nfc_available
  Returns whether the device has NFC hardware available.
• NFC features enabled
  Type: boolean
  Fraud API field name: is_nfc_enabled
  Returns whether the device has NFC functionalities enabled.
• Currently is on a phone call
  Type: boolean
  Fraud API field name: is_on_call
  Returns true or false depending on whether the device was on a call while collecting the fingerprint. Detects both cellular and VOIP calls.
• Is device currently being remotely controlled
  Type: boolean
  Fraud API field name: is_remote_control_connected
  Returns whether the device is being remotely controlled by a known remote control application at the time of the fingerprint.
  High-value security information which can be tied to fraud.
• Is the current screen is being mirrored
  Type: boolean
  Fraud API field name: is_screen_being_mirrored
  Returns whether the device's screen is being mirrored to an additional display. This is triggered by screen sharing, screen mirroring to a television, using a display through HDMI connection, etc. This might be the indicator that the user’s screen content is visible to someone else in some way.
  High-value security information which can be tied to fraud.
• Connected remote control provider’s name
  Type: string
  Fraud API field name: remote_control_provider
  If is_remote_control_connected is true, this field returns the readable name of the detected remote control application, otherwise null.
  Best effort detection of the used tool.
• Timezone identifier
  Type: string
  Fraud API field name: timezone_identifier
  Returns the current system timezone’s geopolitical region ID.
• Current USB cable state
  Type: string
  Fraud API field name: usb_cable_state
  Shows if the device is currently being connected to a PC/other device by a USB cable.
  Being connected to a charger does not affect this value.
• USB debugging setting
  Type: string
  Fraud API field name: usb_debugging_state
  State of USB debugging toggle in developer options.
  If both this and usb_cable_state are true at the same time, the device is possibly connected to ADB debugger.

Removed fields

There were no fields removed.

Renamed fields

• device_id has been renamed to device_cellular_id
• ip_address has been renamed to device_ip_address

Field value changes

• session_id doesn’t need to include the Android_ platform prefix anymore.
• device_hash field is calculated differently, resulting in different values for a given device. This means these values are going to break between versions.

Integration changes

SDK Integration changes

• Starting from v6 there is a change in SEON’s API Policy. From now on SEON might introduce new fields in the SDK with minor versions. We advise you to integrate in a way that addition of new fields is handled gracefully.
• The SDK package is available through Maven Central Repository
• The preferred way to integrate the SDK and its dependencies through Gradle. For an example integration snippet and more information about installing the SDK, please visit the SDK documentation.
• SeonBuilder.getInstance() has been deprecated. To get a valid Seon object instance, pass the context and your session ID to SeonBuilder() and then call the build() method on the configured instance. For more detailed information and examples, please visit the SDK documentation.
• getFingerprintBase64() returns the fingerprint asynchronously. Thread management is fully handled by the SDK internally and doesn’t require any extra effort from the integration side.
  For more detailed information and examples, please visit the SDK documentation.
• Introduced the following transitive runtime dependencies for the SDK

• androidx.annotation:annotation:1.6.0
• com.getkeepsafe.relinker:relinker:1.4.4

• Removed the following transitive runtime dependencies for the SDK

• com.jaredrummler:android-device-names

• minSdkVersion has been raised from 15 to 21
• Removed deprecated interface members:

• SeonBuilder.seon
• SeonBuilder.getInstance()

Fraud API Integration changes

In v2, the Android SDK sent in the device fingerprint to SEON services automatically, and you could link the device fingerprint with your Fraud API call with the session_id. In v6 the SDK generates a base64 encoded encrypted payload, which has to be sent in with a Fraud API request. The new flow looks like this:

1. Generate the base64 session string in your Android application with calling the SDK’s getFingerprintBase64 method.
2. Send the session string to your backend.
3. Set the session string as the session parameter in your Fraud API request.
4. Call SEON’s Fraud API v2 to send in the configured session. Please refer to the Fraud API v2 documentation for more information.

New fields

• Biometric authentication Status
  Type: string
  Fraud API field name: biometric_status
  Indicates the status of biometric authentication on the device.
  Useful for determining the end user's security awareness.
• Bootloader state
  Type: string
  Fraud API field name: bootloader_state
  Bootloader lock state, a calculation based on system properties.
  High-value security information.
• Device build model identifier
  Type: string
  Fraud API field name: build_model
  A human-readable name that represents the marketing or consumer-facing name of the device.
• Developer options state
  Type: string
  Fraud API field name: developer_options_state
  Returns the state of the developer options setting.
  High-value security information which can be tied to fraud and can be determined to id rooted devices or emulators in conjunction with other fields.
• Device cellular ID
  Type: string
  Fraud API field name: device_cellular_id
  Unique identifier of the user's device based on IMEI, MEID, ESN, or IMSI, which is non-resettable. The device must have cellular services.
  Requires permission: READ_PHONE_STATE,ACCESS_NETWORK_STATE
• Device country based on IP
  Type: string
  Fraud API field name: device_ip_country
  A two-character ISO 3166-1 country code for the country associated with the IP address.
• Device IP ISP
  Type: string
  Fraud API field name: device_ip_isp
  The Internet Service Provider name of the device based on its IP.
• Domain Name System IP
  Type: string
  Fraud API field name: dns_ip
  The user’s DNS IP address.
• Domain Name System IP Country
  Type: string
  Fraud API field name: dns_ip_country
  The user’s DNS IP country.
• Domain Name System IP’s Internet Service Provider
  Type: string
  Fraud API field name: dns_ip_isp
  The Internet Service Provider name of the device based on the DNS IP.
• Google Service Framework identifier
  Type: string
  Fraud API field name: gsf_id
  Requires permission: com.google.android.providers.gsf.permission.READ_GSERVICES
  Returns a unique identifier which only changes after a factory reset is performed on the device.
• Possibly interfering apps
  Type: string[]
  Fraud API field name: interfering_apps
  Contains the list of installed applications that were given permission to potentially interfere with other applications on the device by our metric.
  Accurate results to the given metric. Applications might interfere with the host application through different methods/permissions, which are not detected here.
• Click automator installed
  Type: boolean
  Fraud API field name: is_click_automator_installed
  Detects if a click automator is installed
  Reliably detecting enabled click automator applications known to us. Returns false negative if the user has a click automator installed which we haven’t added to our blacklist yet.
• Keyguard secured
  Type: boolean
  Fraud API field name: is_keyguard_secure
  Indicates whether the keyguard is secured by a PIN, pattern or password or a SIM card is currently locked.
• NFC hardware available
  Type: boolean
  Fraud API field name: is_nfc_available
  Returns whether the device has NFC hardware available.
• NFC features enabled
  Type: boolean
  Fraud API field name: is_nfc_enabled
  Returns whether the device has NFC functionalities enabled.
• Currently is on a phone call
  Type: boolean
  Fraud API field name: is_on_call
  Returns true or false depending on whether the device was on a call while collecting the fingerprint. Detects both cellular and VOIP calls.
• Is device currently being remotely controlled
  Type: boolean
  Fraud API field name: is_remote_control_connected
  Returns whether the device is being remotely controlled by a known remote control application at the time of the fingerprint.
  High-value security information which can be tied to fraud.
• Is the current screen is being mirrored
  Type: boolean
  Fraud API field name: is_screen_being_mirrored
  Returns whether the screen of the device is being mirrored to an additional display. This is triggered by screen sharing, screen mirroring to a television, using a display through HDMI connection, etc. This might be the indicator of the user’s screen content is being visible to someone else in some way.
  High-value security information which can be tied to fraud.
• Connected remote control provider’s name
  Type: string
  Fraud API field name: remote_control_provider
  If is_remote_control_connected is true, this field returns the readable name of detected remote control application, otherwise null.
  Best effort detection of the used tool.
• Timezone identifier
  Type: string
  Fraud API field name: timezone_identifier
  Returns the current system timezone’s geopolitical region ID.
• Platform type
  Type: string
  Fraud API field name: type
  Returns the static string android indicating the platform.
• Current USB cable state
  Type: string
  Fraud API field name: usb_cable_state
  Shows if the device is currently being connected to a PC/other device by a USB cable.
  Being connected to a charger does not affect this value.
• USB debugging setting
  Type: string
  Fraud API field name: usb_debugging_state
  State of USB debugging toggle in developer options.
  If both this and usb_cable_state are true at the same time, the device is possibly connected to ADB debugger.

Removed fields

• is_plugged_in has been removed. The same information and more can be derived when considering the value of battery_charging and usb_cable_state

Renamed fields

• cpu_model -> cpu_type
• ip_address -> device_ip_address
• local_language -> region_language
• local_country_code -> region_country
• memory_size -> physical_memory
• model -> device_name
• network_name -> network_config

Field value changes

• memory_size (now physical_memory) type has been changed to represent the physical memory size in bytes. The return value has also changed from string to double
• The value and type of system_uptime have both changed. The return type is now long instead of string and it indicates the uptime of the system in seconds instead of the hh:mm:ss format.

Integration changes

SDK Integration changes

• Starting from v6 there is a change in SEON’s API Policy. From now on SEON might introduce new fields in the SDK with minor versions. We advise you to integrate in a way that the addition of new fields is handled gracefully.
• The SDK package is available through the Maven Central Repository
• The preferred way to integrate the SDK and its dependencies is through Gradle. Please visit the SDK documentation for an example integration snippet and more information about installing the SDK.
• SeonBuilder.getInstance() has been deprecated. To get a valid Seon object instance, pass the context and your session ID to SeonBuilder() and then call the build() method on the configured instance. For more detailed information and examples, please visit the SDK documentation.
• getFingerprintBase64() returns the fingerprint asynchronously. Thread management is fully handled by the SDK internally and doesn’t require any extra effort from the integration side. For more detailed information and examples, please visit the SDK documentation.
• Introduced the following transitive runtime dependencies for the SDK

• androidx.annotation:annotation:1.6.0
• com.getkeepsafe.relinker:relinker:1.4.4
• com.scottyab:rootbeer-lib:0.1.0

• minSdkVersion has been raised from 15 to 21

Fraud API Integration changes

In v1, the Android SDK sent in the device fingerprint to SEON services automatically, and you could link the device fingerprint with your Fraud API call with the session_id. In v6 the SDK generates a base64 encoded encrypted payload, which has to be sent in with a Fraud API request. The new flow looks like this:

1. Generate the base64 session string in your Android application with calling the SDK’s getFingerprintBase64 method.
2. Send the session string to your backend.
3. Set the session string as the session parameter in your Fraud API request.
4. Call SEON’s Fraud API v2 to send in the configured session. Please refer to the Fraud API v2 documentation for more information.

New fields

• The application’s Globally Unique Identifier
  Type: string
  Fraud API field name: app_guid
  A globally custom unique identifier for the app instance.
• Audio mute status
  Type: boolean
  Fraud API field name: audio_mute_status
  Indicates if the phone is muted or not.
• Current audio volume
  Type: integer
  Fraud API field name: audio_volume_current
  Current level of device system’s volume on a 0 to 100 scale.
• Battery charge status
  Type: boolean
  Fraud API field name: battery_charging
  Indicates if the phone is currently charging or not.
• Battery health status
  Type: string
  Fraud API field name: battery_health
  Indicates the health status of the device’s battery reported by the OS.
• Battery level
  Type: integer
  Fraud API field name: battery_level
  The current level of the device’s battery charge on a 0 to 100 scale.
• Battery temperature
  Type: double
  Fraud API field name: battery_temperature
  The current temperature of the device’s battery in centigrade.
• Battery voltage
  Type: integer
  Fraud API field name: battery_voltage
  The current voltage of the device’s battery in millivolts.
• Biometric authentication Status
  Type: string
  Fraud API field name: biometric_status
  Indicates the status of biometric authentication on the device.
  Useful for determining the end user's security awareness.
• Bootloader state
  Type: string
  Fraud API field name: bootloader_state
  Bootloader lock state, calculation based on system properties.
  High value security information.
• Device build model identifier
  Type: string
  Fraud API field name: build_model
  A human-readable name that represents the marketing or consumer-facing name of the device.
• Carrier country
  Type: string
  Fraud API field name: carrier_country
  Returns the ISO-3166-1 alpha-2 country code equivalent of the MCC (Mobile Country Code) of the current registered operator or the cell nearby, if available.
• Carrier name
  Type: string
  Fraud API field name: carrier_name
  Returns the alphabetic name of current registered operator when if the device has hardware radio access and the user is registered to a network.
• CPU count
  Type: integer
  Fraud API field name: cpu_count
  Returns the number of logical cores.
• CPU speed
  Type: long
  Fraud API field name: cpu_speed
  Returns the nominal cpu clock speed available in Megahertz.
• Developer options state
  Type: string
  Fraud API field name: developer_options_state
  Returns the state of the developer options setting.
  High-value security information which can be tied to fraud and can be determined to id rooted devices or emulators in conjunction with other fields.
• Device cellular ID
  Type: string
  Fraud API field name: device_cellular_id
  Unique identifier of the user's device based on IMEI, MEID, ESN, or IMSI, which is non-resettable. The device must have cellular services.
  Requires permission: READ_PHONE_STATE,ACCESS_NETWORK_STATE
• Device Hash
  Type: string
  Fraud API field name: device_hash
  A strong unique identifier of the user’s device based on SEON’s arbitrary algorithm.
  This property can be used to identify the same device between sessions and even between app reinstalls. More info can be found here.
• Device country based on IP
  Type: string
  Fraud API field name: device_ip_country
  A two-character ISO 3166-1 country code for the country associated with the IP address.
• Device IP ISP
  Type: string
  Fraud API field name: device_ip_isp
  The Internet Service Provider name of the device based on it’s IP.
• Device orientation
  Type: string
  Fraud API field name: device_orientation
  Returns the current orientation of the device.
• Domain Name System IP
  Type: string
  Fraud API field name: dns_ip
  The user’s DNS IP address.
• Domain Name System IP Country
  Type: string
  Fraud API field name: dns_ip_country
  The user’s DNS IP country.
• Domain Name System IP’s Internet Service Provider
  Type: string
  Fraud API field name: dns_ip_isp
  The Internet Service Provider name of the device is based on the DNS IP.
• Free Storage
  Type: long
  Fraud API field name: free_storage
  Returns the current free storage of the device’s file system in bytes.
• Google Service Framework identifier
  Type: string
  Fraud API field name: gsf_id
  Requires permission: com.google.android.providers.gsf.permission.READ_GSERVICES
  Returns a unique identifier which only changes after a factory reset is performed on the device.
• Possibly interfering apps
  Type: string[]
  Fraud API field name: interfering_apps
  Contains the list of installed applications that were given permission to potentially interfere with other applications on the device by our metric.
  Accurate results to the given metric. Applications might interfere with the host application through different methods/permissions, which are not detected here.
• Click automator installed
  Type: boolean
  Fraud API field name: is_click_automator_installed
  Detects if a click automator is installed
  Reliably detecting enabled click automator applications known to us. Returns false negative if the user has a click automator installed which we haven’t added to our blacklist yet.
• Emulator detection
  Type: boolean
  Fraud API field name: is_emulator
  Returns whether the device is possibly an emulator or not.
  Reliably detecting the most popular emulators available. A high-value security information which can be tied to fraud.
• Keyguard secured
  Type: boolean
  Fraud API field name: is_keyguard_secure
  Indicates whether the keyguard is secured by a PIN, pattern, or password or a SIM card is currently locked.
• NFC hardware available
  Type: boolean
  Fraud API field name: is_nfc_available
  Returns whether the device has NFC hardware available.
• NFC features enabled
  Type: boolean
  Fraud API field name: is_nfc_enabled
  Returns whether the device has NFC functionalities enabled.
• Currently is on a phone call
  Type: boolean
  Fraud API field name: is_on_call
  Returns true or false depending on whether the device was on a call while collecting the fingerprint. Detects both cellular and VOIP calls.
• Is device currently being remotely controlled
  Type: boolean
  Fraud API field name: is_remote_control_connected
  Returns whether the device is being remotely controlled by a known remote control application at the time of the fingerprint.
  High-value security information which can be tied to fraud.
• Device is rooted
  Type: boolean
  Fraud API field name: is_rooted
  Returns whether the device is possibly rooted or not.
  High-value security information which can be tied to fraud.
• Is the current screen is being mirrored
  Type: boolean
  Fraud API field name: is_screen_being_mirrored
  Returns whether the device's screen is being mirrored to an additional display. This is triggered by screen sharing, screen mirroring to a television, using a display through HDMI connection, etc. This might be the indicator of the user’s screen content is being visible to someone else in some way.
  High-value security information which can be tied to fraud.
• The kernel’s architecture
  Type: string
  Fraud API field name: kernel_arch
  Information about the device’s kernel architecture.
• Name of the kernel
  Type: string
  Fraud API field name: kernel_name
  Name of the device’s kernel.
• Last boot time
  Type: long
  Fraud API field name: last_boot_time
  Returns when the device booted last time in UNIX time format.
• Pasteboard hash
  Type: string
  Fraud API field name: pasteboard_hash
  A hash created of the content or the content’s description ( API Level 31+ )
• Region timezone
  Type: string
  Fraud API field name: region_timezone
  Returns the device's timezone settings as an offset.
• Connected remote control provider’s name
  Type: string
  Fraud API field name: remote_control_provider
  If is_remote_control_connected is true, this field returns the readable name of detected remote control application, otherwise null.
  Best effort detection of the used tool.
• Screen brightness
  Type: integer
  Fraud API field name: screen_brightness
  Current level of device’s screen brightness ranging between 0 and 100.
• Screen height of the device
  Type: integer
  Fraud API field name: screen_height
  Device’s screen height in pixels.
• Screen scale
  Type: integer
  Fraud API field name: screen_scale
  Returns the scaling factor for the Density Independent Pixel unit.
• Screen width of the device
  Type: integer
  Fraud API field name: screen_width
  Device’s screen width in pixels.
• Sensor hash
  Type: string
  Fraud API field name: sensor_hash
  Returns a hash built from collected information about the available built-in device sensors.
• Session ID
  Type: string
  Fraud API field name: session_id
  A unique identifier of the user session set when initializing the SDK.
• Source
  Type: string
  Fraud API field name: source
  Identifies the SDK version that originated the request.
• Timezone identifier
  Type: string
  Fraud API field name: timezone_identifier
  Returns the current system timezone’s geopolitical region ID.
• Total storage
  Type: long
  Fraud API field name: total_storage
  Returns the total usable internal storage of the device’s file system in bytes.
• Platform type
  Type: string
  Fraud API field name: type
  Returns the static string androidindicating the platform
• Current USB cable state
  Type: string
  Fraud API field name: usb_cable_state
  Shows if the device is currently being connected to a PC/other device by a USB-cable.
  Being connected to a charger does not affect this value.
• USB debugging setting
  Type: string
  Fraud API field name: usb_debugging_state
  State of USB debugging toggle in developer options.
  If both this and usb_cable_state are true at the same time, the device is possibly connected to ADB debugger.
• Local WiFi network identifier
  Type: string
  Fraud API field name: wifi_ssid
  Requires Permission: ACCESS_FINE_LOCATION, ACCESS_COARSE_LOCATION, ACCESS_WIFI_STATE
  Name of the WIFI network, the device is connected to.

Removed fields

The following fields are no longer collected and removed from the Fraud API response to comply with Apple’s required reason API policy.

• carrier_country
• carrier_name
• free_storage
• last_boot_time
• total_storage

Renamed fields

There were no renamed fields.

Field value changes

• device_hash field is calculated differently, resulting in different values for a given device. This means these values are going to break between versions.

Integration changes

SDK Integration changes

• Starting from iOS SDK v5.0.0 there is a change in SEON’s API Policy. From now on SEON might introduce new fields in the SDK with minor versions. We advise you to integrate in a way that addition of new fields is handled gracefully.
• Minimum deployment target has been raised to iOS 11.0
• SeonFingerprint class has been renamed to SEONFingerprint
• fingerprintBase64With has been renamed to getFingerprintBase64 and changed to return the fingerprint asynchronously. Thread management is fully handled by the SDK internally and doesn’t require any extra effort from the integration side.
• getFingerprintBase64’s completion handler now returns an NSError object which contains details about possible integration and runtime errors. For now the following errors are forwarded by the SDK:

• SEONErrorInvalidSessionID
• SEONErrorFingerprintFailed

• The iOS SDK has been also made available through the Swift Package Manager. This doesn’t affect the SDK’s availability through CocoaPods, it’s still supported to integrate the SDK as a pod. You can find more information about integrating it as a swift package here.

Fraud API Integration changes

There were no Fraud API integration changes.

New fields

• Email setup state
  Type: boolean
  Fraud API field name: can_send_mail
  Returns whether the device is setup to send and receive emails.
  Information whether the device is set up for use properly.
• Texting setup state
  Type: boolean
  Fraud API field name: can_send_te
  Returns whether the device is set up to send and receive text messages or iMessage.
  Information on whether the device is set up for use properly.
• Biometrics state
  Type: boolean
  Fraud API field name: is_biometrics_enabled
  Returns whether any kind ( either fingerprint or FaceID ) of biometric authentication is enabled on the device or not.
  Useful for determining the end user's security awareness.
• Host application is running on MacOS
  Type: boolean
  Fraud API field name: is_ios_app_on_mac
  Returns true if the host process is an iOS app running on a Mac. The value of the property is also true for apps built using Mac Catalyst.
  Useful output about the environment the host application is running in.
• Device is on call
  Type: boolean
  Fraud API field name: is_on_call
  Returns true if the device is engaged in an ongoing call during the fingerprint collection. Detects both cellular and VOIP calls.
  High-value security information which can be tied to fraud.
• Passcode lock is enabled
  Type: boolean
  Fraud API field name: is_passcode_enabled
  Returns true if the device is set up to authenticate the user with a passcode.
  Useful for determining the end user's security awareness.
• Screen is being captured
  Type: boolean
  Fraud API field name: is_screen_captured
  Returns true if the device’s screen is currently being captured during the fingerprint collection.
  High-value security information which can be tied to fraud.
• Timezone identifier
  Type: string
  Fraud API field name: timezone_identifier
  Returns the current system time zone’s geopolitical region ID. E.g.: Europe/Budapest.
  Another source of locale information.

Removed fields

The following fields are no longer collected and removed from the Fraud API response to comply with Apple’s required reason API policy.

• carrier_country
• carrier_name
• free_storage
• last_boot_time
• total_storage

Renamed fields

There were no renamed fields.

Field value changes

• device_hash field is calculated differently, resulting in different values for a given device. This means these values are going to break between versions.

Integration changes

SDK Integration changes

• Starting from iOS SDK v5.0.0, there is a change in SEON’s API Policy. From now on SEON might introduce new fields in the SDK with minor versions. We advise you to integrate in a way that the addition of new fields is handled gracefully.
• Minimum deployment target has been raised to iOS 11.0
• SeonFingerprint class has been renamed to SEONFingerprint
• fingerprintBase64 has been renamed to getFingerprintBase64 and changed to return the fingerprint asynchronously. Thread management is fully handled by the SDK internally and doesn’t require any extra effort from the integration side.
• getFingerprintBase64’s completion handler now returns an NSError object which contains details about possible integration and runtime errors. For now the following errors are forwarded by the SDK:

• SEONErrorInvalidSessionID
• SEONErrorFingerprintFailed

• The SDK binary is being distributed as an XCFramework instead of a Universal Binary format, optimizing compatibility for multiple platforms in one package. This shift streamlines integration with Xcode's build system, enhancing performance and ensuring a unified experience while also adheres to Apple’s development guidelines.
• The iOS SDK has been also made available through the Swift Package Manager. This doesn’t affect the SDK’s availability through CocoaPods, it’s still supported to integrate the SDK as a pod. You can find more information about integrating it as a swift package here.

Fraud API Integration changes

There were no Fraud API integration changes.

New fields

• Email setup state
  Type: boolean
  Fraud API field name: can_send_mail
  Returns whether the device is setup to send and receive emails.
  Information whether the device is set up for use properly.
• Texting setup state
  Type: boolean
  Fraud API field name: can_send_text
  Returns whether the device is set up to send and receive text messages or iMessage.
  Information on whether the device is set up for use properly.
• Biometrics state
  Type: boolean
  Fraud API field name: is_biometrics_enabled
  Returns whether any kind ( either fingerprint or FaceID ) of biometric authentication is enabled on the device or not.
  Useful for determining the end user's security awareness.
• Host application is running on MacOS
  Type: boolean
  Fraud API field name: is_ios_app_on_mac
  Returns true if the host process is an iOS app running on a Mac. The value of the property is also true for apps built using Mac Catalyst.
  Useful output about the environment the host application is running in.
• Device is on call
  Type: boolean
  Fraud API field name: is_on_call
  Returns true if the device is engaged in an ongoing call during the fingerprint collection. Detects both cellular and VOIP calls.
  High-value security information which can be tied to fraud.
• Passcode lock is enabled
  Type: boolean
  Fraud API field name: is_passcode_enabled
  Returns true if the device is setup to authenticate the user with a passcode.
  Useful for determining the end user's security awareness.
• Screen is being captured
  Type: boolean
  Fraud API field name: is_screen_captured
  Returns true if the device’s screen is currently being captured during the fingerprint collection.
  High-value security information which can be tied to fraud.
• Timezone identifier
  Type: string
  Fraud API field name: timezone_identifier
  Returns the current system time zone’s geopolitical region ID. E.g.: Europe/Budapest.
  Another source of locale information.

Removed fields

The following fields are no longer collected and removed from the Fraud API response to comply with Apple’s required reason API policy.

• carrier_country
• carrier_name
• free_storage
• last_boot_time
• total_storage

Renamed fields

There were no renamed fields.

Field value changes

• device_hash field is calculated differently, resulting in different values for a given device. This means these values are going to break between versions.
• region_language Instead of the language tag format (“en-EN”) , the value now conforms to the ISO 3166 alpha-2 country code format (“en”).

Integration changes

SDK Integration changes

• Starting from iOS SDK v5.0.0 there is a change in SEON’s API Policy. From now on SEON might introduce new fields in the SDK with minor versions. We advise you to integrate in a way that addition of new fields is handled gracefully.
• Minimum deployment target has been raised to iOS 11.0
• SeonFingerprint class has been renamed to SEONFingerprint
• scanFingerprint has been renamed to getFingerprintBase64 and changed to return the fingerprint asynchronously. Thread management is fully handled by the SDK internally and doesn’t require any extra effort from the integration side.
• getFingerprintBase64’s completion handler now returns an NSError object which contains details about possible integration and runtime errors. For now the following errors are forwarded by the SDK:

• SEONErrorInvalidSessionID
• SEONErrorFingerprintFailed

• The SDK binary is being distributed as an XCFramework instead of a Universal Binary format, optimizing compatibility for multiple platforms in one package. This shift streamlines integration with Xcode's build system, enhancing performance and ensuring a unified experience while also adheres to Apple’s development guidelines.
• The iOS SDK has been also made available through the Swift Package Manager. This doesn’t affect the SDK’s availability through CocoaPods, it’s still supported to integrate the SDK as a pod. You can find more information about integrating it as a swift package here.

Fraud API Integration changes

In v2, the iOS SDK sent in the device fingerprint to SEON services automatically, and you could link the device fingerprint with your Fraud API call with the session_id. In v5 the SDK generates a base64 encoded encrypted payload, which has to be sent in with a Fraud API request. The new flow looks like this:

1. Generate the base64 session string in your Android application with calling the SDK’s getFingerprintBase64 method.
2. Send the session string to your backend.
3. Set the session string as the session parameter in your Fraud API request.
4. Call SEON’s Fraud API v2 to send in the configured session. Please refer to the Fraud API v2 documentation for more information.

New fields

• Email setup state
  Type: boolean
  Fraud API field name: can_send_mail
  Returns whether the device is setup to send and receive emails.
  Information whether the device is set up for use properly.
• Texting setup state
  Type: boolean
  Fraud API field name: can_send_text
  Returns whether the device is set up to send and receive text messages or iMessage.
  Information on whether the device is set up for use properly.
• Device IP
  Type: string
  Fraud API field name: device_ip_address
  The IP address of the device where the fingerprint is originating from.
• Device country based on IP
  Type: string
  Fraud API field name: device_ip_country
  A two-character ISO 3166-1 country code for the country associated with the IP address.
• Device IP ISP
  Type: string
  Fraud API field name: device_ip_isp
  The Internet Service Provider name of the device based on its IP.
• Domain Name System IP
  Type: string
  Fraud API field name: dns_ip
  The user’s DNS IP address.
• Domain Name System IP Country
  Type: string
  Fraud API field name: dns_ip_country
  The user’s DNS IP country.
• Domain Name System IP’s Internet Service Provider
  Type: string
  Fraud API field name: dns_ip_isp
  The Internet Service Provider name of the device based on the DNS IP.
• Biometrics state
  Type: boolean
  Fraud API field name: is_biometrics_enabled
  Returns whether any kind ( either fingerprint or FaceID ) of biometric authentication is enabled on the device or not.
  Useful for determining the end user's security awareness.
• Host application is running on MacOS
  Type: boolean
  Fraud API field name: is_ios_app_on_mac
  Returns true if the host process is an iOS app running on a Mac. The value of the property is also true for apps built using Mac Catalyst.
  Useful output about the environment the host application is running in.
• Device is on call
  Type: boolean
  Fraud API field name: is_on_call
  Returns true if the device is engaged in an ongoing call during the fingerprint collection. Detects both cellular and VOIP calls.
  High-value security information which can be tied to fraud.
• Passcode lock is enabled
  Type: boolean
  Fraud API field name: is_passcode_enabled
  Returns true if the device is set up to authenticate the user with a passcode.
  Useful for determining the end user's security awareness.
• Screen is being captured
  Type: boolean
  Fraud API field name: is_screen_captured
  Returns true if the device’s screen is currently being captured during the fingerprint collection.
  High-value security information which can be tied to fraud.
• Timezone identifier
  Type: string
  Fraud API field name: timezone_identifier
  Returns the current system time zone’s geopolitical region ID. E.g.: Europe/Budapest.
  Another source of locale information.
• Platform type
  Type: string
  Fraud API field name: type
  Returns the static string ios indicating the platform.

Removed fields

• cpu_speed
• file_system_size
• has_proximity_sensor
• screen_resolution - there are two separate fields where the information can be derived from screen_width and screen_height.

Renamed fields

accessories_number -> accessories_count.

app_platform_type -> device_name.

currency_code -> region_country.

icloud_ubiqility_token -> icloud_ubiquity_token.

intcpu_count -> cpu_count.

ip_address -> device_ip_address.

local_language -> region_language.

Field value changes

• accessories_number (now accessories_count) value has been changed from string to integer.
• battery_level value has changed from string to integer.
• intcpu_count (now cpu_count) value has changed from string to integer.
• system_uptime value has changed from string to integer.
• physical_memory value has changed from string to integer.

Integration changes

SDK Integration changes

• Starting from iOS SDK v5.0.0, there is a change in SEON’s API Policy. From now on SEON might introduce new fields in the SDK with minor versions. We advise you to integrate in a way that addition of new fields is handled gracefully.
• Minimum deployment target has been raised to iOS 11.0
• SeonFingerprint class has been renamed to SEONFingerprint
• The fingerprinting process is no longer automatically generated and sent in to SEON’s Fraud API once the App gets focus. The method getFingerprintBase64 has to be called explicitly to get the session data to be attached to a Fraud API v2 request. For more information please refer to the Fraud API integration changes section.
• getFingerprintBase64’s completion handler now returns an NSError object which contains details about possible integration and runtime errors. For now the following errors are forwarded by the SDK:

• SEONErrorInvalidSessionID
• SEONErrorFingerprintFailed

• The SDK binary is being distributed as an XCFramework instead of a Universal Binary format, optimizing compatibility for multiple platforms in one package. This shift streamlines integration with Xcode's build system, enhancing performance and ensuring a unified experience while also adheres to Apple’s development guidelines.
• The iOS SDK has been also made available through the Swift Package Manager. This doesn’t affect the SDK’s availability through CocoaPods, it’s still supported to integrate the SDK as a pod. You can find more information about integrating it as a swift package here.

Fraud API Integration changes

In v1 the iOS SDK sent in the device fingerprint to SEON services automatically, and you could link the device fingerprint with your Fraud API call with the session_id. In v5 the SDK generates a base64 encoded encrypted payload, which has to be sent in with a Fraud API request. The new flow looks like this:

1. Generate the base64 session string in your Android application with calling the SDK’s getFingerprintBase64 method.
2. Send the session string to your backend.
3. Set the session string as the session parameter in your Fraud API request.
4. Call SEON’s Fraud API v2 to send in the configured session. Please refer to the Fraud API v2 documentation for more information.

New fields

• Audio mute status
  Type: boolean
  Fraud API field name: audio_mute_status
  Indicates if the phone is muted or not.
• Current audio volume
  Type: integer
  Fraud API field name: audio_volume_current
  Current level of device system’s volume on a 0 to 100 scale.
• Battery charge status
  Type: boolean
  Fraud API field name: battery_charging
  Indicates if the phone is currently charging or not.
• Email setup state
  Type: boolean
  Fraud API field name: can_send_mail
  Returns whether the device is set up to send and receive emails.
  Information on whether the device is set up for use properly.
• Texting setup state
  Type: boolean
  Fraud API field name: can_send_text
  Returns whether the device is set up to send and receive text messages or iMessage.
  Information on whether the device is set up for use properly.
• Device Hash
  Type: string
  Fraud API field name: device_hash
  A strong unique identifier of user’s device based on SEON’s arbitrary algorithm.
  This property can be used to identify the same device between sessions and even between app reinstalls. More info can be found here.
• Device country based on IP
  Type: string
  Fraud API field name: device_ip_country
  A two-character ISO 3166-1 country code for the country associated with the IP address.
• Device IP ISP
  Type: string
  Fraud API field name: device_ip_isp
  The Internet Service Provider name of the device based on it’s IP.
• Domain Name System IP
  Type: string
  Fraud API field name: dns_ip
  The user’s DNS IP address.
• Domain Name System IP Country
  Type: string
  Fraud API field name: dns_ip_country
  The user’s DNS IP country.
• Domain Name System IP’s Internet Service Provider
  Type: string
  Fraud API field name: dns_ip_isp
  The Internet Service Provider name of the device based on the DNS IP.
• Biometrics status
  Type: boolean
  Fraud API field name: is_biometrics_enabled
  Indicates the status whether some kind of biometric authentication is enabled on the device or not.
• Emulator detection
  Type: boolean
  Fraud API field name: is_emulator
  Returns whether the device is possibly an emulator or not.
  Reliably detecting the most popular emulators available. A high-value security information which can be tied to fraud.
• Host application is running on MacOS
  Type: boolean
  Fraud API field name: is_ios_app_on_mac
  Returns true if the host process is an iOS app running on a Mac. The value of the property is also true for apps built using Mac Catalyst.
  Useful output about the environment the host application is running in.
• Device is jailbroken
  Type: boolean
  Fraud API field name: is_jailbroken
  Returns whether the device is possibly jailbroken or not.
  Useful output about the environment the host application is running in.
• Currently is on a phone call
  Type: boolean
  Fraud API field name: is_on_call
  Returns true or false depending on whether the device was on a call while collecting the fingerprint. Detects both cellular and VOIP calls.
• Passcode lock is enabled
  Type: boolean
  Fraud API field name: is_passcode_enabled
  Returns true if the device is set up to authenticate the user with a passcode.
  Useful for determining the end user's security awareness.
• Screen is being captured
  Type: boolean
  Fraud API field name: is_screen_captured
  Returns true if the device’s screen is currently being captured during the fingerprint collection.
  High-value security information which can be tied to fraud.
• The kernel’s architecture
  Type: string
  Fraud API field name: kernel_arch
  Information about the device’s kernel architecture.
• Name of the kernel
  Type: string
  Fraud API field name: kernel_name
  Name of the device’s kernel.
• Pasteboard hash
  Type: string
  Fraud API field name: pasteboard_hash
  A hash created of the content or the content’s description ( iOS 14.0+ )
• Region timezone
  Type: string
  Fraud API field name: region_timezone
  Returns the device's timezone settings as an offset.
• Screen height of the device
  Type: integer
  Fraud API field name: screen_height
  Device’s screen height in pixels.
• Screen width of the device
  Type: integer
  Fraud API field name: screen_width
  Device’s screen width in pixels.
• Source
  Type: string
  Fraud API field name: source
  Identifies the SDK version that originated the request.
• Timezone identifier
  Type: string
  Fraud API field name: timezone_identifier
  Returns the current system time zone’s geopolitical region ID. E.g.: Europe/Budapest.
  Another source of locale information.
• Platform type
  Type: string
  Fraud API field name: type
  Returns the static string ios indicating the platform
• Local WiFi network identifier
  Type: string
  Fraud API field name: wifi_ssid
  Requires Optional Permission:
  Access WiFi Information entitlement for wifi_mac_address and wifi_ssid
  Core Location permission for wifi_mac_address and wifi_ssid (starting from iOS 13)
  Name of the WIFI network, the device is connected to.