React Native Integration (Recommended)
React Native Integration (Recommended)
React Native Integration (Recommended)
You can integrate the SDK into a React Native project. This article explains how to integrate and implement the HUMAN React Native Wrapper into a React Native app.
ios folder and install pods.The HUMAN Security React Native Wrapper API offers the following functions:
The most important step is to start the SDK as early as possible in your app flow. If your app sends a URL request to your server before the SDK starts, the attached headers won’t include the latest updated tokens. As a result, HUMAN’s Enforcer could block the request, and the SDK won’t present a challenge to the user. Be sure to start the SDK only once.
To start the SDK, call startWithAppId in your main entry point (App.tsx) or at the starting point of your app where you register and initialize one-time services. It’s better to start the SDK outside of any UI component to avoid lifecycle issues.
Don’t forget to change the <APP_ID> to your own application ID.
Currently, the HSPolicy class includes two settings:
hybridAppPolicy: Use this if your app operates in hybrid mode, meaning it has a WebView that loads a site also protected by HUMAN and running its sensor. In this case, configure all relevant website domains with the app ID.detectionPolicy: This setting lets you configure whether the SDK can send touch and motion events, either touch only or both touch and motion, to the server to improve detection. By default, it’s off, and you can choose to enable it.For example:
Here’s what the code includes:
startWithAppId function of the SDK is called with the following parameters:
HSPolicy instance configures the SDK’s behavior. This object defines settings such as hybridAppPolicy.webRootDomains, indicating that the app uses WebViews containing pages from a domain also protected by HUMAN Security, which is considered hybrid mode. Additionally, detectionPolicy is configured to send touch and motion data. If these parameters aren’t needed, you can just omit the policy.If your app communicates with multiple servers that use different application IDs, you can call HumanSecurity/startWithAppIds(appIds: string[], policy?: HSPolicy): Promise<void>. This lets you to pass an array of IDs. If you do, you must specify the relevant ID for each API call to the SDK. If you only have one ID, then providing it in most functions is optional.
axios, you might need to call JSON.stringify(error.response?.data) before passing the response body to the SDK. Additionally, in Axios, the catch block handles blocked responses because it indicates a failed request.The following are examples using either a fetch API or using axios.
Here’s what the code includes:
canHandleResponse. If canHandleResponse returns true, handleResponse is called to present the challenge to the user.HSBotDefenderChallengeResult can be one of the following:
handleResponse function.Note that you can await handleResponse, but if you do, you would be waiting until the user solves the challenge. You can also continue your flow and handle the result in the .then block.
When HUMAN’s Enforcer blocks a request, it returns a JSON string in the response body with status code 403. This body contains metadata for the SDK. For example:
Your app should pass the entire JSON as response in a string format to the SDK. Otherwise, the SDK won’t present a challenge to the user.
You can set custom parameters to configure HUMAN’s backend with additional values. To do so:
setCustomParameters after calling startWithAppId.For example:
Bot Defender provides several delegates, or callbacks, to notify about events related to headers and challenges. These callbacks are mainly intended for analytics and statistics rather than for taking specific actions. In the Expo library, these callbacks work as events.
To listen for Bot Defender events, subscribe to the onBotDefenderEvent listener. The received event will be of type BotDefenderEvent and can be handled as needed.
Only the botDefenderDidUpdateHeaders event provides headers. The rest have the app ID.
To enable Account Defender, you should set the UserID of your current logged-in user in the SDK. When the user logs out, make sure to call the function with null to clear the user ID. For example:
To let Account Defender protect the user’s account, your app must provide the SDK with outgoing URL requests. This should be done after you set the user ID.
You should call the HumanSecurity.AD.registerOutgoingUrlRequest(url: string, appId?: string): Promise<void> function before sending the URL request. If you’re using a custom HttpClient service, add this function to the request interceptor.
You can set additional data to configure HUMAN’s backend with extra parameters. To do so, call HumanSecurity.AD.setAdditionalData(parameters: { [key: string]: string }, appId?: string): Promise<void> after calling HumanSecurity.startWithAppId(appId: string, policy?: HSPolicy): Promise<void>.
For example:
You can simulate a challenge to test the integration. To do so, follow the steps in our help article.