Integration Options

There are two (2) primary integration options:

  1. Passive: Detection Tag
  2. Active: Detection Tag and Mitigation API

Passive

Passive Mode enables detection of bot activity in near real-time. You may access decision data via Reporting API. Mitigation is retroactive.

Client configures their system to make a S2S request to the Mitigation API. The request contains business signal, and data injected by the tag into the form (Session ID and Encrypted Data Token).

This method is useful if your system does not expect a response in real-time.

Note: sometimes Passive Mode is referred to as Monitoring Mode.

Active

Active Mode enables both detection and mitigation of bot activity in real-time. Mitigation is proactive.

Client configures their system to make a S2S request to the Mitigation API. The request contains business signal, and data injected by the tag into the form (Session ID and Encrypted Data Token).

The Mitigation API will respond with a Threat Profile, Threat Category, Bot decision, and Action (e.g. Allow, Block, etc.).

Link: Mitigation API

Note: send a S2S request whenever possible

To help rule out entire classes of bot activity it is very important that all S2S requests are made, even when not all data are available.

Integrate upstream of anti-fraud measures: submit data collected from the tag to the Mitigation API independently of the outcome of any pre-existing anti-fraud measures, e.g. IP range checks, VPN checks, email address blocklists etc. We recommend including these external results in the Mitigation API call too.

Send requests whenever possible: The Mitigation API calls must occur independently of the outcome of any server-side data validity checks. The outcome of those checks should be included (e.g. in a summarized or classified manner) in the Mitigation API call to make reporting clearer. Even if, for some reason, not all data can be extracted from the OZ_ hidden fields, sending a request with incomplete data is far more valuable than not sending a request at all.