Getting Started

Best practices

HUMAN recommends certain setup and configuration within your account whenever possible for optimal performance and integration across all of HUMAN’s features and products, including Sightline Cyberfraud Defense, AgenticTrust, and Code Defender.

Deploy both the Sensor and the Enforcer

HUMAN strongly recommends you deploy both the Sensor and the Enforcer for the most complete defense strategy possible for your application. This is because each element protects different parts of your system. The Sensor:

  • Collects user signals from the browser side and sends this data to the Detector for analysis, which returns the risk score
  • Encrypts and injects the risk score into the client
  • Is excellent at detecting primitive bots, particularly those that execute JavaScript

Meanwhile, the Enforcer:

  • Collects user signals from the server side and sends this data to the Detector for analysis
  • Blocks or allows users based on the received risk score and set policy rules
  • Detects and reacts to volumetric patterns, such as high-velocity spikes characteristic of bot attacks
  • Extracts GraphQL-specific operations and header-based context for API queries

Application IDs

An Application ID is a unique ID assigned to each Application you create within HUMAN. You create at least one Application while setting up Sightline or Code Defender. A single Application typically covers all traffic in a single application. This includes traffic across multiple domains within an application as long as their detection logic and traffic are shared. We recommend only using one Application ID whenever possible. This ensures you have complete coverage, optimal functionality, and full feature capabilities across all HUMAN products.

Web and mobile traffic should not be separated into different Application IDs if they share the same traffic, detection logic, and APIs. HUMAN already differentiates between web and mobile traffic in the dashboard. However, if you have a mobile application with separate traffic, it can have a separate Application ID.

That said, there are some situations where it may be appropriate to have multiple Application IDs. This is typically when enterprise businesses might have multiple domains or applications that need to be protected. If you’re unsure, we encourage you to reach out to our support team to determine what best suits your use case.

We strongly discourage using multiple Application IDs within a single application or domain for the following reasons:

  • Multiple Application IDs may increase the risk of false negatives as traffic is segmented across multiple IDs.
  • Multiple Application IDs may increase the risk of false positives, as each Application ID is effectively treated as a separate Application even if they’re on the same domain. This means that, for example, the same malicious user could be mitigated on one Application ID, but not the other.
  • Segmenting traffic between IDs on one domain or application weakens HUMAN’s holistic behavioral analysis model and lessens our ability to reliably predict and block malicious behavior.