TruValidate (Iovation) Device Risk Integration

Alloy's SDK supports TruValidate's Third Party Device Risk product. You'll still need to do the first party integration outside of the Alloy SDK.

Set Up

First, install the web SDK npm package version 1.x: (if you already have the SDK downloaded, make sure to upgrade to version 1.x)

yarn add @alloyidentity/web-sdk

or 

npm install @alloyidentity/web-sdk

Journey Integration

1. Set up your TruValidate credentials in your Alloy Dashboard in the Settings > Services page
2. Navigate to Settings > SDK page on your Alloy Dashboard
3. Enable TruValidate via toggle
4. Run alloy.init() to initialize the SDK on each page you’d like TruValidate to run on
5. Capture the Blackbox from the iovationBlackboxId field in the alloy.init() callback response. When you're ready to submit your Journey Application, include the Blackbox in your POST /applications request in the iovation_blackbox entity payload field.

Workflow Integration

1. Set up your TruValidate credentials in your Alloy Dashboard in the Settings > Services page
2. Navigate to Settings > SDK page on your Alloy Dashboard
3. Enable TruValidate via toggle
4. Run alloy.init() to initialize the SDK you’d like TruValidate to run on.
5. Capture the Blackbox from the iovationBlackboxId field in the alloy.init() callback response. When you're ready to submit your Evaluation, include the Blackbox in your POST /evaluations request in the iovation_blackbox payload field.

First-Party Javascript Integration

To increase device risk fingerprint success rates, you still need to implement first party javascript.

In the same domain that you are running the Alloy SDK you will need to setup a reverse proxy with the path /iojs

Deploying First-Party JavaScript Components via a Reverse Proxy

Test and production hosts are available for configuring and obtaining first party components. Use the following
URLs for your specified environment.

• Test https://ci-first.iovation.com/_
• Production https://first.iovation.com/_

Deploying the Static First-Party JavaScript

You must deploy a static JavaScript file to support first-party integration.

1. Download the static first-party JavaScript from iovation at the following URL:
   https://first.iovation.com/latest/static_wdp.js
2. Deploy the static JavaScript to any location within your domain that is accessible to your web pages. For
   example, you can deploy it to a content delivery service such as Akamai.

📘

Important

The static file must be hosted within the same domain, protocol (http or https), and port as the page it is
integrated into. Do not host the file on a sub-domain.

This prevents fraudsters from blocking a sub-domain and in turn prevents the file from being downloaded.

Setting up the Reverse Proxy

The static first-party JavaScript collects basic device attributes. The script works together with the dynamic
JavaScript to provide more unique identifiers that are stored in cookies, and that obtains network information.

Reverse proxy configuration is environment specific and your URLs should be mapped to one of the following
based on your environment:

• Test https://ci-first.iovation.com/
• Production https://first.iovation.com/

To reference the dynamic script, your included URL, https://www.domain.com/iojs/latest/dyn_wdp.js, should map
to:

• Test: https://ci-first.iovation.com/latest/dyn_wdp.js
• Production: https://first.iovation.com/latest/dyn_wdp.js

To establish the reverse proxy:

1. Set up a proxy configuration within your domain.
2. Within the proxy URL, include a directory called iojs and set this as the proxy point. For example, in the
   following URL, the iojs directory is the proxy point:
   http://my.domain.com/iojs
3. Direct the proxy to the following URL:
   https://first.iovation.com
   Once you have set this up, the following URL:
   https://my.domain.com/iojs/latest/dyn_wdp.js
   Maps to:
   https://first.iovation.com/latest/dyn_wdp.js
4. Change the URLs in your proxy configurations to the following test URL in our CI environment:
   https://ci-first.iovation.com/
   When you have completed testing, restore the proxy configurations back to the production URL:
   https://first.iovation.com/
5. Pull down the latest version of the static integration JavaScript from the following URL:
   https://ci-first.iovation.com/latest/static_wdp.js
   To test this JavaScript, deploy it into your infrastructure and update JavaScript inclusions on your web pages
   to call this file.
6. Test incoming transactions to verify the following:
   ◦ There are no resource loading issues resulting in time-out responses back to the browser.
   ◦ Two blackboxes - generated from first and third-party JavaScript - continue to be generated.
   ◦ There are no changes in web page appearance, performance, or behavior.
   ◦ There are no errors in the browser console.

If the reverse proxy has been properly set up, the Alloy SDK will detect it and proceed to run it both the 3rd party and the 1st party.