Integrating Verisoul in web browsers is straightforward and requires minimal code changes. This guide covers everything you need to implement Verisoul’s fraud prevention in your web application.

Installation

Script Tag Installation

Add the Verisoul script to your HTML:

<script async src="https://js.verisoul.ai/{env}/bundle.js" verisoul-project-id="{project_id}"></script>

Replace the following parameters:

  • {env}: Use either prod or sandbox
  • {project_id}: Your project ID, which must match the environment

Installation Options

It is recommended to use the async or defer script attributes. If you choose these methods, make sure the Verisoul object is initialized on the window before using it.

Content Security Policy (CSP)

If your application has a Content Security Policy, update it to include the following Verisoul domains:

<meta http-equiv="Content-Security-Policy" content="
  script-src 'self' https://js.verisoul.ai;
  worker-src 'self' blob: data:;
  connect-src 'self' https://*.verisoul.ai wss://*.verisoul.ai;
">

Usage

Once installed, you can use the SDK to get the current session_id when you need to make a prediction or reinitialize a session when an account logs out.

session()

If you are looking to get started quickly or to Pilot Verisoul, see account() for a simplified integration.

Verisoul generates a session_id to uniquely identify each user session. The session_id is required when you need to get a risk prediction from the backend API and must be passed from your client to the server.

You can get the current session_id at any time by calling Verisoul.session(). The function returns a promise that resolves once Verisoul collects a minimum amount of session information to make a prediction.

Important: Each session_id expires after 24 hours and cannot be used to call the backend API after expiration. It is recommended to only get a session_id right before you need to make a server-side request.

Example usage:

const login = async () => {
    try {
        const {session_id} = await window.Verisoul.session();

        // pass session_id to backend
    } catch (e) {
        console.log("Verisoul failed get session_id", e);
    }
}

reinitialize()

It is recommended that each session_id only be tied to one account. To avoid problems joining a session to an account, reinitialize the session once an account logs out.

Calling Verisoul.reinitialize() generates a new session_id, which ensures that if a user logs out of one account and into a different account, Verisoul will be able to delineate each account’s data cleanly.

Example usage:

const logout = async () => {
    try {
        await window.Verisoul.reinitialize();
    } catch (e) {
        console.log("Verisoul failed to reinitialize", e);
    }
}

account()

This function is intended only for customers piloting Verisoul. Do not use for long term production use or real-time fraud prevention.

The account() function provides a simplified way to send user account information to Verisoul directly from the client side. While easy to integrate, this method has important limitations:

  • Offline analysis only: Data sent via account() is only visible in the Verisoul dashboard
  • No real-time decisions: Unlike the server-side API, this method doesn’t allow your application to receive and act on Verisoul’s risk scores in real-time
  • Limited use case: Designed specifically for initial pilots and evaluation purposes

The function accepts the Account Object which is the same object used in the authenticate API, making it easy to transition to the server-side integration later.

Example usage:

const login = async () => {
    // Send account information to Verisoul for dashboard analysis
    await window.Verisoul.account({
        id: "example-account-id",
        email: "example@example.com",
        metadata: {
            "paid": true,
        }
    });
}

For production environments, we strongly recommend implementing the full server-side integration to leverage Verisoul’s real-time fraud prevention capabilities.

Next Steps