ProPay will help you to download a hidden JavaScript widget that you are expected to place on your website. This widget will gather information about the computer accessing your website and send it to ThreatMetrix.
Step 1: include the ThreatMetrix widget on your website.
In one of the pages you present to a new user during signup, you need to include this information in your html header:
<head>
<script type="text/javascript"
src="https://h.online-metrix.net/fp/tags.js?org_id=4uw65rkp&session_id=01f50c4d1430a620a3b50005ffe98541">
</script>
</head> |
In the body of your page, you should include the following:
org_id will usually be '4uw65rkp' (However, in some special cases, ProPay may elect to provide partners with their own org_id.)
session_id should be a value that you generate to uniquely identify an individual signup instance. (Explained further below) It should consist of:
- Upper and lowercase English letters (a-z, A-Z)
- Digits (0-9)
- Underscore (_)
- Hyphen (-)
Step 2: Pass many of the same values into the ProPay API when you Process.
(These additional tags are also documented under the various processing API methods)
Request Value |
Type |
Description |
InputIpAddress |
String |
Collect this from the header info as the customer processes through your website. |
SessionId |
String |
This is the same unique identifier you picked and sent to Threat Metrix via their widget. |
ProtectPay SOAP example
If you use the non-tokenized ProPay API to process transactions, simply pass the two extra tags in the body of your message. Users of ProtectPay need do follow a slightly more complicated format
<fraud:FraudDetector xmlns:threatmetrix="http://schemas.datacontract.org/2004/07/Propay.Contracts.FraudDetection.Providers" type="threatmetrix:ThreatMetrixFraudDetection">
<fraud:FraudDetectorProviderName>ThreatMetrix</fraud:FraudDetectorProviderName>
<fraud:InputIpAddress>12.105.192.18</fraud:InputIpAddress>
<threatmetrix:SessionId>08a3958c-f2f5-43ad-b171-9de35633ff68</threatmetrix:SessionId>
</fraud:FraudDetector> |