FAQs

General product behavior

Where did the fingerprint() method on iOS and Android go?

With the introduction of Digital Intelligence, customers no longer need to explicitly fingerprint the device.

Use the initializeSDK() method at app launch. The SDK will automatically fingerprint the device and generate a sessionToken, which can be retrieved via getSessionToken(). There is no need to call fingerprint() directly.

What if I need an explicit fingerprint() call on iOS or Android?

Most use cases don’t require forcing a fingerprint. However, the Digital Intelligence SDK provides a processDevice() method to trigger device data collection for specific contexts (e.g., login, signup, checkout).

What happened to the Base64 session id provided by Device Risk?

Digital Intelligence replaces the session id with sessionToken, a JWT used in subsequent API calls and RiskOS enrichments.

How can I implement a Reverse Proxy when using the Web SDK?

Socure supports Reverse Proxy implementations. Configure configBaseUrl when accessing the SDK through a proxy. Contact your Solutions Consultant team for details.

Does the Web SDK provide Canonical Name (CNAME) support?

No. CNAME support was dropped with the introduction of Digital Intelligence. Using CNAME is not recommended with the Web SDK.

How can I provide a context when configuring the Web SDK?

Context support has been deprecated. An alternative will be provided in a future release.

What will happen to Device Risk?

Starting July 31, 2024, support for Device Risk will be limited. No new features will be added. Customers should migrate to Digital Intelligence.

What is the device.globalDeviceId field in the API response? How is it different from the device.id field?

GlobalDeviceID (device.globalDeviceId) is the primary device node in the Identity Graph linking to our persistent view of identity, SocureID. As we continue to enhance Digital Intelligence capabilities, GlobalDeviceID is our cross-client view of device helping us link and secure every touch point in the consumer journey.

The legacy device ID (device.id) is client-specific and remains in the Digital Intelligence response for backward compatibility.

Integration and SDK usage

What platforms does the SDK support?

Digital Intelligence supports Web Native (JavaScript library and npm package), iOS, Android, and React Native.

How do I install and initialize the SDK?

Full setup instructions are available in the developer documentation. Initialization requires calling initializeSDK() at app launch.

Does the SDK require a key or authentication?

Yes. An SDK key is required for integration. SDK keys can be provisioned and managed in the Authentication Guide (make sure you select the SDK Key tab).

What types of device and behavioral data does the SDK collect?

The SDK automatically collects a wide range of device and behavioral signals. All collected data is available via the sessionToken through the RiskOS Evaluation API. See the Data Dictionary for full field breakdown.

Can I control or limit the data collected?

Data collection cannot generally be disabled once the SDK is initialized. Exceptions include:

Location data – Use omitLocationData (iOS/Android) to disable location capture. By default, only low-precision (2 decimal places) is collected. Higher precision can be enabled on request.
Behavioral data – Use pauseDataCollection() to stop capture and resumeDataCollection() to restart.

Are there performance implications with integrating the SDK?

The SDK is designed to be lightweight. Most computation happens on background threads, and data is flushed at intervals. It should not cause noticeable latency.

Does the SDK require explicit permissions?

No. The SDK does not directly prompt for permissions. It relies on your app to request them. Data will only be collected if permissions are granted.

Can we exchange the sessionToken between sub-accounts?

Yes. Digital Intelligence sessions are accessible for all accounts within the same account hierarchy.