Web App Fraud Setup

Web App Fraud Analytics

Keyri provides a JavaScript agent for fraud analytics that produces durable device ID fingerprints that persist across sessions. It provides risk analytics data to your client and server for events you want analyzed. Trigger the fraud analytics agent at each event that you want to assess the risk of; the Keyri API will provide a summary of the risk level and details about the event's risk signals as well as details about the user such as location. The JavaScript agent is lightweight and can be deployed in a few minutes.


  • Retrieve device data for logging and analytics
  • Create device identifier based on device data


Package manager

Using npm:

$ npm i @keyri/xray

Once the package is installed, you can import the library using import or require:

import { XRAY } from "@keyri/xray";
const xray = new XRAY();
const info = await xray.scan(
  data.eventType, // The type of event: Login, Signup, Visits, Access
  data.userId, // The id of the user in your system
  data.yourPublicEcdhKey, // This comes from our dashboard and is used
                          // -- to identify you and as an encryption key
  5000,  // Optional Timeout. 
         // -- If nothing happens before this, an error is returned 
  "safe"  // Optional Commit-Mode. When used, the API does not
          // -- automatically update information about the device or user.
          // -- The Relying-Party (you) must make an additional API
          // -- call to make this happen. 

You can get the constant you need (your serviceEncryptionKey(pair)) from the Keyri Dashboard under Setup & Credentials


Note CommonJS usage


import { XRAY } from "@keyri/xray";
const serviceEncryptionKey = 'your_ECDH_public_key';
async function login(userId, password) {
  const xray = new XRAY();
  // Call the Keyri fraud analytics function and await its response
  const encryptedRiskObject = await xray.scan('login', userId, serviceEncryptionKey, 5000);
  // Send the Keyri response object
  // as part of your API call to retrieve protected resources
  const loginResponse = await fetch('/api/login', {
    method: 'POST',
    body: { userId, password, encryptedRiskObject },