Risk SDK for Web
Overview
This SDK integrates solutions from Checkout and Forter, two leading risk management providers, to collect user device information on merchant websites and submit risk data via OpenAPI during order creation. It helps build a multi-layered intelligent defense system for your business.
- Checkout acts like a “device fingerprint detective,” identifying device-level risks (e.g., virtual machines, cheating tools) and preventing automated or repeated attacks.
- Forter acts like a “behavior analyst,” analyzing user behavior patterns in real-time using a global identity graph to accurately distinguish legitimate users from fraudsters.
By combining both, the SDK can significantly reduce fraud (such as carding or reward abuse) while minimizing false positives for genuine users, improving approval rates, and maximizing transaction revenue without compromising security.
Core functions
Provides the getRiskHash method to automatically collect client environment information, build a complete device fingerprint, submit all risk data to the server, and return an encrypted clientInfoToken for use in subsequent OpenAPI calls.
Collected device information
The getRiskHash method automatically collects the following device information:
| Field Name | Type | Description | Data Source |
|---|---|---|---|
terminalType | string | Terminal type (fixed value "1" indicates WEB) | Built into SDK |
deviceId | string | Unique device identifier | Generated by fingerprint algorithm |
deviceSessionId | string | Checkout device session ID | Checkout Risk SDK |
forterTokenCookie | string | Forter risk token | Forter SDK |
userAgent | string | Browser user agent string | navigator.userAgent |
currentUrl | string | Full URL of the current page | window.location.href |
browserWidth | string | Browser viewport width (pixels) | window.innerWidth |
browserHeight | string | Browser viewport height (pixels) | window.innerHeight |
browserScreenColorDepth | string | Screen color depth (bits) | window.screen.colorDepth |
lan | string | Browser language setting | navigator.language |
browserTimezone | string | Browser timezone | Intl.DateTimeFormat or UTC offset |
Integration example
<!-- sandbox -->
<script src="https://ramptest.osl-pay.com/js/op-risk-v2.min.js"></script>
<!-- production -->
<script src="https://ramp.osl-pay.com/js/op-risk-v2.min.js"></script>
<script>
// Basic usage (returns empty string on failure, does not block the flow)
const clientInfoToken = await OSLPayRisk.getRiskHash();
console.log('Risk clientInfoToken:', clientInfoToken);
// Usage with error handling
try {
const clientInfoToken = await OSLPayRisk.getRiskHash({ throwError: true });
console.log('Risk clientInfoToken:', clientInfoToken);
} catch (error) {
console.error('Failed to get Risk Hash:', error);
}
</script>If your website enforces a Content Security Policy (CSP) header, please allow the following directives:
connect-src https://*.osl-pay.com https://*checkout.com wss://*.checkout.com https://*.forter.com
frame-src https://*.osl-pay.com https://*checkout.com wss://*.checkout.com https://*.forter.com
script-src https://*.osl-pay.com https://*checkout.com wss://*.checkout.com https://*.forter.com
Updated about 1 month ago