For AI agents: a documentation index is available at the root level at /llms.txt and /llms-full.txt. Append /llms.txt to any URL for a page-level index, or .md for the markdown version of any page.
HUMAN DashboardHUMAN WebsiteRequest a Demo
Product GuidesEnforcer GuidesMobile SDKAPI ReferenceCustomer support
Product GuidesEnforcer GuidesMobile SDKAPI ReferenceCustomer support
  • Getting Started
    • Overview
    • Best practices
  • Sightline Cyberfraud Defense
    • About Sightline Cyberfraud Defense
    • Getting Started
    • What's different in Sightline Cyberfraud Defense
    • Sensor changelog
    • About the Overview Dashboard
    • Glossary
  • AgenticTrust
    • Getting started with AgenticTrust
    • AI Agents Monitoring Dashboard
    • AI Visitors Overview Dashboard
    • Manage AI Agent Permissions
    • Agentic Activity Priority
    • Agent Trust Levels
  • Account Defender
    • Account Defender Overview
    • Use Cases
    • Prerequisites
    • Getting Started with Account Defender
    • Optimizing Account Defender Detection
    • Validating Account Defender Integration
    • Risk Triggers
    • About Network Events
    • Troubleshooting
  • Bot Defender
    • Bot Defender Overview
    • Detection
    • Bot Defender Policy Settings
    • Footprint
  • Credential Intelligence
    • Credential Intelligence Overview
    • How to Access the Breached Flag
    • Credential Intelligence FAQ
    • Credential Intelligence Dashboard
  • Code Defender
    • Code Defender Introduction
    • Getting Started with Code Defender
    • Code Defender Glossary
    • Website Risk Analyzer
  • Platform
    • Account settings
    • Manage users
    • Role permissions
    • Enforcer configurations
    • Page Type Mapping
  • Client-Side Integration
    • JavaScript tag
    • Improving first page performance
    • Use of cookies & web storage
    • Advanced client integration
LogoLogo
Login
Login
HUMAN DashboardHUMAN WebsiteRequest a Demo
On this page
  • Overview
  • Accessing the Credential Intelligence Flag
  • Option 1 - Compromised Credentials Header
  • Option 2 - Additional Activity Handler and PXDE Object
Credential Intelligence

How to Access the Credential Intelligence Flag

Was this page helpful?
Previous

Getting Started with Credential Intelligence

Next
Built with

Overview

This guide demonstrates a couple of ways to access the Credential Intelligence flag and to identify requests containing compromised credentials.
The first is through a request header, and the second is through the additional activity handler custom function in the enforcer itself.

Accessing the Credential Intelligence Flag

Option 1 - Compromised Credentials Header

If credentials are flagged as compromised, a header will be added to the request. This way, inline flow operation in your app can implement the desired business logic. This will be done by checking this header and performing operations based on the result of the flag - compromised or not.
Please note that if the Bot Defender product is enabled and on block mode, if this request is determined as a request coming from a bot, it will be blocked by the enforcer.

The name of the header is determined by the px_compromised_credentials_header. By default, the header name is px-compromised-credentials. If the credentials are compromised, the value of this header will be 1; otherwise, the header will not be present on the request.

The header name can be modified in all enforcers with the exception of the Fastly VCL Enforcer.

See the pseudocode example below. The HUMAN middleware is added before the request to /login. The handleLogin function checks the px-compromised-credentials header to decide which business logic to apply to the request.

1router.addMiddleware(px.middleware);
2router.post('/login', handleLogin);
3
4function handleLogin(req, res) {
5    const areCredentialsCompromised = req.headers['px-compromised-credentials'] == '1';
6    if (areCredentialsCompromised) {
7        // some logic
8    } else {
9        // some other logic
10    }
11}

Option 2 - Additional Activity Handler and PXDE Object

It’s possible to identify compromised credentials from within the HUMAN Enforcer as well. This can be done using the Additional Activity Handler, a customizable function that executes additional logic within the enforcer. This is useful if you need to perform additional operations during enforcement, or if headers are not a viable option for your backend architecture. 

See the pseudocode example below. The pxCtx may contain the property pxde, a HUMAN data enrichment object. If this PXDE object exists and the breached_account property on it also exists, then the credentials have been flagged as compromised.

1px.init({
2    px_app_id: "PX_APP_ID",
3    // ...
4    px_additional_activity_handler: additionalActivityHandler
5});
6
7function additionalActivityHandler(pxCtx, pxConfig) {
8    const areCredentialsCompromised = pxCtx.pxde && pxCtx.pxde['breached_account'];
9    if (areCredentialsCompromised) {
10        // some logic
11    } else {
12        // some other logic
13    }
14}

The Additional Activity Handler is called for every request, not only those that trigger the Credentials Intelligence flow.