DeviceAssure Documentation

# DeviceAssure Web Client ## Table of Contents - [Introduction](#introduction) - [Client to server model](#client-to-server-model) - [Server to server model](#server-to-server-model) - [Sample Application](#sample-application) - [Data](#data) - [Getting Started](#getting-started) - [Client to Server](#client-to-server-usage) - [Page Load Setup](#c2s-page-load-setup) - [User Event Setup](#c2s-user-event-setup) - [Server to Server](#server-to-server-usage) - [Page Load Setup](#s2s-page-load-setup) - [User Event Setup](#s2s-user-event-setup) - [IMEI Corroboration](#imei-corroboration) - [DeviceAssure Cache Configuration](#deviceassure-cache-configuration) - [Storage Types/Location](#storage-typeslocation) - [Cache Expiry Configuration](#cache-expiry-configuration) - [Troubleshooting](#troubleshooting) - [iFrame](#iframe-usage) - [Alternative Setups](#alternative-setups) - [Using Javascript Modules](#alternative-setups-javascript-modules) - [Vue, Angular, React etc](#alternative-setups-vue-angular-react-etc) <h2 id="introduction">Introduction</h2> The purpose of this JavaScript library is to analyse and validate a device visiting a webpage with the library embedded. The collected data is compared with sets of known valid characteristics for legitimate devices. This comparison and validation is performed by the DeviceAssure backend service. The data collected by the library may be sent to the DeviceAssure service in two ways. <h3 id="client-to-server-model">Client to server model</h3> The data is sent directly from the client library to the DeviceAssure backend service. Validation results are returned to the library and optionally to a configured callback URL. <h3 id="server-to-server-model">Server to server model</h3> The data is collected and made available on the client. The DeviceAssure library will not make a request to the DeviceAssure service. It is the responsibility of the calling application to transmit the data to a suitable server and for that server to make the request to the DeviceAssure service. The validation results are returned directly back to the calling server and not to the client application. --- <h2 id="sample-application">Sample Application</h2> A sample application is included in the package. This sample shows usage for the examples listed. - Client to Server (On Page Load) - Client to Server (On User Event) - Server to Server (On Page Load) - Server to Server (On User Event) - IMEI Check A valid DeviceAssure licence key is required for the "Client to Server" and IMEI Check examples. #### Running the Sample Application #### ```bash # Unzip the package and navigate to the SampleApplication directory cd SampleApplication python3 -m http.server 3000 # Now navigate to http://localhost:3000 ``` --- <h2 id="data">Data</h2> The library collects data about the underlying hardware and browser capabilities. It does not collect any PII data. The library stores our data in a configurable location to prevent subsequent calls to the DeviceAssure library for a **30 minute** period. DeviceAssure will not be called again until the cache expires or is deleted. It is possible to delete the cached location within our library. The expiry and the location of the cache can be set, or can be disabled entirely. Please see the DeviceAssure Cache Configuration section for more details. --- <h2 id="getting-started">Getting Started</h2> The DeviceAssure JavaScript library must be included on a webpage for it to work. It is recommended to include the library at the end of the web page. The DeviceAssure library can be used in three different ways: ["Client to Server"](#client-to-server-usage), ["Server to Server"](#server-to-server-usage) and ["IMEI Corroboration"](#imei-corroboration). There are a number of methods exposed in the DeviceAssure library. However, the `.load` method is the recommended method to use. The remaining methods have been deprecated and should no longer be used. These will be removed in a future release. Property | Description ------------ | ------------------------------------------------------------------------------------------------------------------- `.load` | Entrypoint method for the library. Please see the setup guides below for more details. `.check` | [Deprecated, use `load`] Please see the Migration Guide included in our bundle for help moving to the new `.load` method above. `.checkIMEI` | [Deprecated, use `load`] Please see the Migration Guide included in our bundle for help moving to the new `.load` method above. `.getData` | [Deprecated, use `load`] Please see the Migration Guide included in our bundle for help moving to the new `.load` method above. <h2 id="client-to-server-usage">Client to Server</h2> For this option the data is collected by the library and automatically sent to the DeviceAssure API for device verification. There are two recommended ways to use the library in this scenario. The first is ["Page Load Setup"](#page-load-setup) and the second is upon a ["User Event"](#user-event-setup) e.g. a click of a button the `.check` method is called directly. <h3 id="c2s-page-load-setup">Page Load Setup</h3> The following is a list of configurations that can be set on the DeviceAssure library for the page load setup. | Property | Type | Default | Description | |------------------|----------|-----------------|-------------------------------------------------------------------------------------------------------------------------------------------------| | `serverToServer` | Boolean | `false` | Enable server to server mode. This will disable the automatic validation to the DeviceAssure service and manual data collection can then occur. | | `imei` | String | 'undefined' | Provide an IMEI for use as another identifier for device verification. When `imei` is present it must not be defined with an IMEI value. | | `licence` | String | `null` | The licence key to use for the DeviceAssure service. Required for Client to Server. | | `onSuccess` | Function | `function() {}` | The callback function to call when the DeviceAssure service returns a successful response. | | `onError` | Function | `function() {}` | The callback function to call when the DeviceAssure service returns an error response. | | `storageType` | String | `local-storage` | The type of storage to use for the DeviceAssure cache. Available options are `local-storage`, `cookie` or `none`. | | `storageExpiry` | Number | `1800000` | The time in milliseconds that the DeviceAssure cache will be valid for. The minimum value is 1 millisecond and the maximum value is 24 hours. | #### Example #### ```html  <script type="text/javascript"> function onDeviceAssureLoad() { DeviceValidation.load({ licence: '<LICENCE_KEY>', storageType: 'local-storage', // override 'local-storage' default to 'cookie' or 'none' onSuccess: function(response) { console.log('Handle successful response here.', response); }, onError: function(error) { console.log('Handle error or failed response here.', error) } }); } </script>  <script src="<path/to/deviceAssure.min.js>" defer async onload="onDeviceAssureLoad()"></script> ``` A working example can be found in `SampleApplication/index.html`. --- <h3 id="c2s-user-event-setup">User Event Setup</h3> The below sample code shows how to include and how to call the DeviceAssure library when an event is triggered. An event is triggered on button press. A valid licence key _must_ be provided by replacing the placeholder `<LICENCE_KEY>`. ```html  <script src="<path/to/deviceAssure.min.js>" async defer></script>  <script type="text/javascript"> var onSuccess = function (response) { console.log('Handle successful response here.', response); }; var onError = function (error) { console.log('Handle error or failed response here.', error) }; $('.example-submit-button').on('click', function() { DeviceValidation.load({ licence: '<LICENCE_KEY>', onSuccess: function(response) { console.log('Handle successful response here.', response); }, onError: function(error) { console.log('Handle error or failed response here.', error) } }); }); </script> ``` A working example can be found in `SampleApplication/on-event.html`. --- <h2 id="server-to-server-usage">Server to Server</h2> In this use-case, the device data is collected by the library and made available to the calling application. It is then the responsibility of the calling application to send the data to an appropriate server that subsequently makes a request to the DeviceAssure service. Please see the Implementation Guide for further details on how to send the data from a server context. Note: A licence key is not required on the client side in this scenario. It must however be provided on the server side before making the request to the DeviceAssure API. The Server to Server functionality may be enabled by adding **serverToServer: true** and an **onSuccess** callback parameter. **Please Note:** When using the Server to Server mode the data will not be cached by the library. This is the responsibility of the calling application to store the data and send it to the server. Parameter | Required | Type | Default | Description --------- | -------- | ------ | ----------- | ------------------------------------------------------------------------------------------------- `payload` | Yes | Object | `undefined` | This is the only argument passed in to the server to server functions. It is a javascript object. Please see below for examples. <h3 id="s2s-page-load-setup">Page Load Setup</h3> ```html  <script type="text/javascript"> function onDeviceAssureLoad() { DeviceValidation.load({ serverToServer: true, onSuccess: function (payload) { console.log('DeviceValidation Payload', payload); } }); } </script>  <script src="<path/to/deviceAssure.min.js>" type="text/javascript" defer async onload="onDeviceAssureLoad()"></script> ``` A working example can be found in `SampleApplicaiton/s2s.html` page. <h3 id="s2s-user-event-setup">User Event Setup</h3> The below is an example using jquery. The event is triggered on button press. ```html  <script type="text/javascript"> window.addEventListener('DOMContentLoaded', function() { $('#on-button').on('click', function () { DeviceValidation.load({ serverToServer: true, onSuccess: function (payload) { console.log('DeviceValidation Payload', payload); } }); return false; }); }); </script>  <script src="<path/to/deviceAssure.min.js>" type="text/javascript" defer async></script> ``` A working example can be found in `SampleApplicaiton/s2s-event.html` page. --- <h2 id="imei-corroboration">IMEI Corroboration</h2> This feature allows for the validation of the alignment between an IMEI and headers of the device under test. A valid licence key with the IMEI feature enabled is required. Please contact support@deviceassure.com for more details. Once this feature has been enabled for a licence the IMEI can be included as one of the configurations when calling the DeviceAssure library. The collected data can be retrieved from the library asynchronously and sent along with the IMEI to the DeviceAssure API. See below for an example: Additionally, the ability to check if a provided IMEI is lost / stolen is another optional extra and must also be turned on for a licence via DeviceAssure support. **Please Note:** The IMEI value must be provided in the `imei` configuration once included. The IMEI value must be a string. It is also recommended to use a storageType of `none` when validating with an IMEI. If another IMEI is used and the storageType is not `none`, the library will use the cached data and not the new IMEI response. This is to prevent any mis-detections due to user error or slips. ```html  <script src="<path/to/deviceAssure.min.js>" type="text/javascript" async defer></script> <script type="text/javascript"> $('.example-submit-button').on('click', function() { DeviceValidation.load({ imei: '<IMEI>', storageType: 'none', licence: '<LICENCE_KEY>', onSuccess: function (response) { console.log('Handle successful response here.', response); }, onError: function(error) { console.log('Handle error or failed response here.', error) } }); }); </script> ``` A working example can be found in `SampleApplication/imei.html` page. --- <h2 id="deviceassure-cache-configuration">DeviceAssure Cache Configuration</h2> The DeviceAssure API Response can be stored in the browser inside a cache. This is to prevent subsequent calls to the DeviceAssure API if neccessary. By default the cache is stored in local-storage. It is possible to modify the default behaviour in order to store this information in another type of web-storage. <h3 id="storage-typeslocation">Storage Types/Location</h3> The available options are: #### local-storage #### Using `local-storage` (default behaviour) means DeviceAssure will use localStorage to track whether to call the check endpoint. It stores a JSON string with the time of expiry and the blocking value. #### cookie #### Using `cookie` means DeviceAssure will use cookies to track whether to call the check endpoint. The expiration of the cookie will indicate whether to make another call or not. #### none #### Using `none` will never save any response from DeviceAssure. This means that every time the DeviceAssure library is called, it will make a call to the DeviceAssure service. It will also wipe any DeviceAssure keys from the cache (cookies and local-storage) that were previously added. If any of these storage options are cleared or expire, then another DeviceAssure call is made. <h3 id="cache-expiry-configuration">Cache Expiry Configuration</h3> It is also possible to set the expiry time of the cache. This is the time in milliseconds that the cache will be valid for. The default value is 30 minutes. It is not necessary to specify the storageExpiry if the default is used. Once the cache expires, another DeviceAssure API call will be made. The valid configuration for this property is between 1 millisecond and 24 hours. This is to prevent some unwanted/persisted behaviour. #### Examples: ### ##### Configuring storageType and Cache Expiry on page load ##### ```html  <script type="text/javascript"> function onDeviceAssureLoad() { DeviceValidation.load({ licence: '<LICENCE_KEY>', onSuccess: function(response) { // success callback is optional console.log('Handle successful response here.', response); }, onFailure: function(error) { // failure callback is optional console.log('Handle error or failed response here.', error) }, storageType: 'cookie' // cache type to store test results - available options 'cookie', 'local-storage' or 'none. Default is 'local-storage'. storageExpiry: 8 * 60 * 60 * 1000 // cache expiry time in milliseconds. Default is 30 minutes. }); } </script>  <script src="<path/to/deviceAssure.min.js>" defer async onload="onDeviceAssureLoad()"></script> ``` ##### Configuring storageType and Cache Expiry on user event #### ```html  <script src="<path/to/deviceAssure.min.js>" defer async></script>  <script type="text/javascript"> var onSuccess = function (response) { console.log('Handle successful response here.', response); }; var onError = function (error) { console.log('Handle error or failed response here.', error) }; $('.example-submit-button').on('click', function() { DeviceValidation.load({ licence: '<LICENCE_KEY>' storageType: 'none' // cache type to store test results - available options 'cookie', 'local-storage' or 'none storageExpiry: 8 * 60 * 60 * 1000 // cache expiry time in milliseconds. Default is 30 minutes. onSuccess: onSuccess, onError: onError }); }); </script> ``` A more in depth example can be found in `SampleApplication/index.html`. --- <h2 id="troubleshooting">Troubleshooting</h2> <h3 id="iframe-usage">iFrame</h3> If the DeviceValidation library is embedded in a cross-origin iframe, the following attributes are required to surpress warnings in the console. The library will continue to work, the errors/warnings are non-blocking in the library. `allow="accelerometer; gyroscope;"` ##### Warning logs ``` [Violation] Permissions policy violation: accelerometer is not allowed in this document. [Violation] Permissions policy violation: gyroscope is not allowed in this document. ``` ##### Full Example: ```html <iframe id="deviceassure-iframe" src="https://path-to-cross-origin-page>" allow="accelerometer; gyroscope;" > </iframe> ``` --- <h2 id="alternative-setups">Alternative Setups</h2> Below are a few different approaches to using the DeviceAssure library. Each setup still uses the same configs as listed above. <h2 id="alternative-setups-javascript-modules">Javascript Modules</h2> ```html <script type="module"> import('/js/lib/dv.min.js').then(() => { DeviceValidation.load({ licence: '<LICENCE_KEY>', onSuccess: function (response) { console.log('DeviceValidation', response); }, onError: function (error) { console.error('DeviceValidation Error', error); } }); }); </script> ``` --- <h2 id="alternative-setups-vue-angular-react-etc">Vue, Angular, React etc</h2> Alternatively, the DeviceValidation library can be declared on the window object. (This can be useful when implementing in a framework such as AngularJS, React or Vue). ### Javascript for Vue, Angular, React etc ### The library can to be imported into a js file dynamically and then setup at runtime inside a component. Angular and React will need to do something similar too with loading the library in at runtime. A Vue example component can be seen below: ```vue <template> <div class="deviceassure-component"></div> </template> <script> export default { name: "DeviceAssure", props: { licence: String, imei: { type: Boolean, default: false, }, onSuccess: { type: Function, default: () => {}, }, onError: { type: Function, default: () => {}, }, }, created() { this.loadDeviceAssure(); }, methods: { loadDeviceAssure() { if (this.isLoaded()) { this.instance = window.DeviceValidation; return; } import("@/libs/dv.min.js").then(() => { if (!this.instance) { this.instance = window.DeviceValidation; console.log("loaded library", this.instance); } }); }, isLoaded() { return window.DeviceValidation && !!window.DeviceValidation.load; }, validateWithIMEI(imei) { var params = { onSuccess: (data) => { console.log("DeviceAssure onSuccess: ", data); this.response = data; this.$props.onSuccess(data); }, onError: (err) => { console.log("DeviceAssure onError: ", err); this.error = err; this.$props.onError(err); }, licence: this.$props.licence, imei: imei, }; this.instance.load(params); }, validate() { var params = { onSuccess: (data) => { console.log("DeviceAssure onSuccess: ", data); this.response = data; this.$props.onSuccess(data); }, onError: (err) => { console.log("DeviceAssure onError: ", err); this.error = err; this.$props.onError(err); }, licence: this.$props.licence, }; this.instance.load(params); }, getResponse() { return this.response; }, }, data() { return { instance: null, response: {}, error: {}, }; }, }; </script> ``` --- ## Copyright ## Copyright (c) DeviceAtlas Limited 2025. All rights reserved. https://deviceatlas.com