Device Biometrics

Every device has a unique fingerprint that helps to identify potential fraudulent or suspicious activity. In order to remove this risk for our users and partners, every user flow includes a device biometric check.

Initiating Device Biometrics

The following script can be used to initiate the device biometrics. The script will return an OnResponse event, at which point you should submit the sessionKey created via the POST /v1/verify/session endpoint. You can then fetch the results via the GET /v1/verify/device/result endpoint. The results will indicate whether the user is eligible to utilize the Noba integration based on their device risk.

<script>
    var isSandbox=false;
    var sardineHost = isSandbox ? 'api.sandbox.sardine.ai' : 'api.sardine.ai'; //please set isSandbox to true in Sandbox
    (function () {
        var loader = document.createElement('script');
        loader.type = 'text/javascript';
        loader.async = true;
        loader.src = `https://${sardineHost}/assets/loader.min.js`;
        loader.onload = function() {
            sardineContext = window._Sardine.createContext({
                clientId: "CLIENT_ID",        // Reach out to [email protected] for our client ID
                sessionKey: uuidv4(),         // Generate this sessionKey via https://api-partner.noba.com/v1/verify/session
                userIdHash:"12345",
                environment: isSandbox ? "sandbox" : "production",
                parentElement: document.body,
                onDeviceResponse: function(data) {
                    console.log(`sardine's deviceID is ${data.deviceId}`);
                }
            });
            console.log(`sardine context generated: ${sardineContext}`);
        };
        var s = document.getElementsByTagName('script')[0];
        s.parentNode.insertBefore(loader, s);
    })();
</script>

Updating Session Keys and User ID

There are two functions that are loaded to the DOM when creating the sardineContext object. These must be used to update the configuration so that the sessionKey and userIdHash are updated and consistent for every new user session. These should be updated on user login, sign out, and at the creation of each new session.

// set userIdHash after user logs in
sardineContext.updateConfig({ userIdHash: newUserIdHash });

// reset userIdHash and set new sessionKey after log out
sardineContext.updateConfig({ userIdHash: null, sessionKey: newSessionKey });

Timeout Recommendations

Cookies and Incognito Mode

🚧

Don't forget the session key!

The sessionKey created at the start of the user flow must remain consistent throughout.