Sign Up

To sign up for an account, you can contact us via Support Portal.

The Integration Team will work with you to set up your account. They will register your site name and email, and will subsequently provide you with your Test API Keys, which you will need in order to communicate with the Digital Verification API.

If you are having difficulty, please see our FAQs for more detail.

Add Trustev.js

In this step, you will integrate our Digital Verification JavaScript on your site. We recommend that the Digital Verification JavaScript tags are added to all pages on your site, however at a minimum we require the JavaScript tags to be included in at least 3 pages in your Checkout, Account Creation or Application funnel.

REQUIRED ACTION

• Include the Digital Verification JavaScript tags on your site (as below)
  • For US customers, please use https://cdn-us.trustev.com/trustev.min.js
  • For EU customers, please use https://cdn-eu.trustev.com/trustev.min.js
• Initialise the Digital Verification JavaScript and store the returned Session Id
  • Use the JavaScript snippet below as a template to initialise the JavaScript and store the SessionId
  • The JavaScript should be initialised on every page it is included in
  • Your Public Key will be provided by the Digital Verification Integration team

Digital Verification CDN JavaScript

The following <script> tag should be included between the opening and closing <head> tag in your site.

<!--Reference to the CDN based JavaScript, please use the correct URL for your region-->
<script type="text/javascript" src="https://cdn-us.trustev.com/trustev.min.js"></script>

The following JavaScript snippet can be included either directly in each page, or in another JavaScript file that you maintain. It is important to ensure the TrustevV2.Init() is not executed until trustev.min.js has been fully loaded.

<!--Initialise the JavaScript with your Public Key, and receive a SessionId as a call back-->
<script type="text/javascript">  
             //only call once trustev.min.js has been loaded
            TrustevV2.Init('<publickey>', function(sessionId) {
                     //you should store this sessionId for retrieval at a later point
                     console.log(‘SessionId: ‘ + sessionId);
             });
</script>

NB:Make sure to replace publickey with your Public Key value.

Trustev.min.js is a secure, CDN hosted JavaScript file responsible for gathering details about each session and device that visits your site. These details are then returned to the TransUnion digital Verification Platform and will eventually form part of the Digital Verification Decision. For more information, see What is Trustev.js?

TrustevV2.Init() must be executed in all webpages where the trustev.min.js scripts tags are included, as this function initiates the required data collection to support a decision. The SessionId returned is valid for a 20 minute rolling window. If no activity occurs within this 20minute window, the existing SessionId will be invalidated. The next time you call TrustevV2.Init() you will receive a new SessionId.

If you are experiencing any difficulties with the Trustev.min.js, please see our detailed FAQ - which describes how to verify that the Trustev.js is implemented correctly - or contact our Support Portal.

Get Digital Verification SessionId

It is recommended to use the callback option from TrustevV2.Init() method to get the Digital Verification SessionId. Please note that TrustevV2.Init() is asynchronous. This variable can be accessed from any page that has called TrustevV2.Init() method.

A valid SessionId is required to call our AddCase API (which is a precursor to our GetDecision API). You will need to call TrustevV2.Init() on every page the Digital Verification JavaScript is included in, however you will only ever need the most recent Session Id returned in the TrustevV2.Init() call back to interact with our API..

Get a Token

To communicate with the Digital Verification API, you will require an API Token. An API Token is an alphanumeric String returned from the Digital Verification API that must be provided by the Merchant in the Request Header for all subsequent API calls. A Merchant can access an API Token through our Get a Token API method. This involves sending a HTTP POST Request Message with your API Key details.

To Get a Token, you will require your Test API Keys - our Integration Team will have issued these to you at sign-up. Please see API Keys: Explained for more information.

We have a US and EU data centre available, so depending on your location, these are the API Endpoints:

US Customers - Token API Endpoint: https://app.trustev.com/api/v2.0/token

EU Customers - Token API Endpoint: https://app-eu.trustev.com/api/v2.0/token

An API Token Request Message, requires four data fields:

1. UserName: This is your Site UserName, available in your Test API Keys

2. Timestamp: This is the Current Timestamp in UTC in the format yyyy-MM-ddTHH:mm:ss.fffZ.
See What format is accepted for the Timestamp? for more information.

3. PasswordHash:  This is a hashed value involving two steps:

Part 1. Create a Sha256Hash of a String in the format of {0}.{1}, where {0} is the Timestamp above, and {1} your Site Password which is available from your Test API Keys

Part 2. Create a Sha256Hash of a String in the format of {0}.{1}, where {0} is the result of Part 1, and {1} is your Shared Secret which is available from your Test API Keys

4. UserNameHash:   This is a hashed value involving two steps:

Part 1. Create a Sha256Hash of a String in the format of {0}.{1}, where {0} is the Timestamp above, and {1} is your Site UserName which is available from your Test API Keys.

Part 2. Create a Sha256Hash of a String in the format of {0}.{1}, where {0} is the result of Part 1, and {1} is your Shared Secret which is available from your Test API Keys.

Example in PHP

$passwordHash = $this->Get256Hash($timestamp . "." . $password);
$passwordHash = $this->Get256Hash($passwordHash . "." . $secret);
$usernameHash = $this->Get256Hash($timestamp . "." . $username);
$usernameHash = $this->Get256Hash($usernameHash . "." . $secret);

For Authentication in all other API calls, you will require the ‘APIToken’ field that is returned in the Response Message of a successful Get a Token request. We advise that you store this APIToken for re-use in subsequent calls to our API. Once the API Token expires, you can request a new token from our API and continue as normal. Please note that the APIToken will stay valid for 30 minutes and during this time you may use it for as many API requests as required. We include an ‘ExpireAt’ field in the Response Message also which can be used a check before running into expired API Token errors.

Sample Get Token Request Message

Sample Get Token Response Message

Please see, What is an API Token and how do I access it? for more information on accessing this.

PHP HTTP Get A Token Request:

$request = json_encode(TOKEN REQUEST);
$url = "https://app.trustev.com/api/v2.0/token";
$contentType = "Content-type: application/json";

$curl = curl_init($url);
curl_setopt_array($curl, [
CURLOPT_RETURNTRANSFER => true,
CURLOPT_POSTFIELDS => $request,
CURLOPT_HTTPHEADER => [
$contentType
]
]);

$exec = curl_exec($curl);
$result = json_decode ($exec, true);
curl_close($curl);

Add a Case

This API method allows you to ‘Add a Case’. A Digital Verification Case is our term used for the accumulation of all the data fields relevant to a particular ‘transaction’ which can fall under any of these catagories: Transaction Information, Customer Information, Item Details, Payment Details, and Status Details. This method allows you to add all these data fields in one API call.

See What’s a Case? for more information.

Before adding a Case, you must ensure you have the following information:

• The TrustevV2.SessionId that we advised would need to be accessed in Step 3.
• The APIToken that you received from our Get Token API request in Step 4, along with your Digital Verification UserName, available in your Test API Keys - This is required in the Request Header.
• A Case Number, which is a alphanumeric String that you may choose. It must be unique to you as a Merchant. For reporting and data analysis, we advise that the Case Number should be a reference to your own internal reference number which you associate with the ‘transaction’. By doing this, it will allow for an easy reference point should you need more information on the Digital Verification Case through our IDVision Console.

During Integration, you will be using Test API Keys which means that the Digital Verification Decision you receive on a Digital Verification Case will not be based off the data provided, but will be a random generated result. By altering the Case Number that you provide when Adding a Digital Verification Case, you can influence the Digital Verification Decision returned during Testing. Please see our Testing Guide for more information.

The more data fields that you can provide, the better the scoring accuracy, however should you not have some of the data fields (we refer to these as ‘case objects’) listed in a Case, then you can simply leave these sections out. We would request that you advise our Integration Team or Fraud Team if data is not to be provided so that we can configure our system for your production move.

We have a US and EU data centre available, so depending on your location, these are the API Endpoints:

US Customers - Case API Endpoint: https://app.trustev.com/api/v2.0/case

EU Customers - Case API Endpoint: https://app-eu.trustev.com/api/v2.0/case

Please see code below that shows how to forward a Case to the Digital Verification API. Clicking on the ADD CASE REQUEST below will bring you to our detailed technical document that outlines all the available fields and data types required.

PHP HTTP Add A Case Request

$username = SITE USERNAME;
$token = API TOKEN FROM STEP 5:GET A TOKEN;

$request = json_encode(ADD CASE REQUEST)
$url = "https://app.trustev.com/api/v2.0/case";
$contentType = "Content-type: application/json";
$auth = "X-Authorization:" . $username . " " . $token;
$curl = curl_init($url);
curl_setopt_array($curl, [
CURLOPT_RETURNTRANSFER => true,
CURLOPT_POSTFIELDS => $request,
CURLOPT_HTTPHEADER => [
$contentType,
$auth,
]
]);

$exec = curl_exec($curl);
$result = json_decode($exec, true);

curl_close($curl);

Something important to note, is that our API is structured to handle a maximum of 10 Case Requests per TrustevV2.SessionId. If you try to add more than 10 Cases to a Session you will receive a HTTP 403 Forbidden Response, and in that scenario you should start a new session.

Once a Digital Verification Case has been successfully added then the Response Message will include a Digital Verification Case. There will be an Id field in this Case Response Message. This Id parameter should be extracted and stored as it is required for use in the final two steps.

The data gathered from Trustev.js will also now fall under the unique Digital Verification Case you have created.

Get a Digital Verification Decision

The Digital Verification Decision is our recommendation on whether you should allow, block, or flag this transaction for manual review. There are 2 options (and two separate endpoints) to get a Digital Verification Decision:

1. The standard Digital Verification Decision.

2. The Detailed Decision Endpoint

You should use either, but not both.

This API method allows you to retrieve a Digital Verification Decision. You will require the Case Id that was returned in the ‘Add a Case’ method above.

Please see our FAQ for more information on the Digital VerificationDecision. During Integration, you will be using Test API Keys, and this will mean that the Digital Verification Decision returned to you will be a randomly generated result. We provide a Testing Guide at the end of the documentation that outlines how to get expected results from the API.

The Digital Verification Decision is a decision formulated after utilizing all the data that has been gathered in compiling your Digital Verification Case. This includes all the data gathered as your customer browsed your Site through our Trustev.js, and all the information that was supplied in the ‘Add a Case’ method. Once a Digital Verification Case has been added, and a request to get a Digital VerificationDecision has been made, our API will return a Digital Verification Decision. A Digital Verification Decision will indicate either: Pass, Flag or Fail.

Before retrieving a Digital Verification Decision, you must ensure you have the following information:

• The API Token that you received from our Step 4: Get a Token API request, along with your Digital Verification UserName, available in your Test API Keys.
• The Case Id that is returned in Step 5: Add a Case API request. This Case Id will be added to the end of the URL to get a Digital Verification Decision.

We have a US and EU data centre available, so depending on your location, these are the API Endpoints:

US Customers - Decision API Endpoint: https://app.trustev.com/api/v2.0/decision/{caseId}

EU Customers - Decision API Endpoint: https://app-eu.trustev.com/api/v2.0/decision/{caseId}

Format: “https://app.trustev.com/api/v2.0/Decision/” + Case Id
Example: “https://app.trustev.com/api/v2.0/Decision/12345”

PHP HTTP Get Digital Verification Decision Request

$username = SITE USERNAME;
$token = API TOKEN FROM STEP 4:GET A TOKEN;
$caseId = CASEID FROM STEP 5:ADD A CASE

$url = "https://app.trustev.com/api/v2.0/decision/" . $caseId;
$contentType = "Content-type: application/json";
$auth = "X-Authorization:" . $username . " " . $token;

$curl = curl_init($url);
curl_setopt_array($curl, [
CURLOPT_RETURNTRANSFER => true,
CURLOPT_HTTPHEADER => [
$contentType,
$auth,
]
]);

$exec = curl_exec($curl);
curl_close($curl);

Based off all of the information forwarded, you will be returned a Result field in the Response Message of the API call. This Result will indicate:

Sample Get Digital Verification Decision Response Message

 {
"Id": "656b662a-3e15-4c09-8643-c0a7628d6ae3",
"Version": 1,
"SessionId": "efc54b16-17ed-4f57-9a78-6707c2109a23",
"Timestamp": "2015-11-17T15:17:20.4228252",
"Type": 0,
"Result": 3,
"Score": 475,

"Comment": "C# Decision"
}

The main field to consider in the Response Message above is the Result. The Score is just the numeric value, and is directly represented in the Result.

For a more detailed breakdown of the decision returned, you can login to your Order Review Screen through the IDVision Console - https://console-eu.trustev.com (For EU Customers) or https://console-us.trustev.com (For US Customers).  Simply select our reporting features, entering in the Case Number you supplied to see the main elements that influenced the Digital Verification Decision on any particular Case.

Please note that during Integration you will be using Test API Keys, so the Digital Verification Decision results returned will not be based off the data provided, but will instead be randomly generated.

Additionally, during the Calibration Phase, a number of configuration changes will occur while our Fraud Team work to adjust the logic to match your Site environment. Due to this, we advise that Merchant's continue to make all expected API requests but to not accept/deny orders based off the Digital Verification Decision during this time. 

Add a Status

The final step in the Integration process is adding a Status to reflect the outcome of the Digital Verification Case, once you have received a Digital Verification Decision. During the Add a Case step, all transactions/orders automatically receive the status of Placed (8). That being said, this is a temporary status which should be updated to reflect the transaction/order outcome. Please see Why send Statuses? for further information.

This is a critical step in assessing Fraud accuracy and it ultimately feeds our machine learning model to eliminate your Fraud. The Statuses you forward will become a collection of Statuses on the Digital Verification Case, so our system can see the decisions you’ve made throughout the process.

As outlined in Step 6: Get a Digital Verification Decision, the result returned to you will indicate whether or not Digital Verification recommends processing the ‘transaction’. Merchants can face a number of scenarios, and each transaction outcome may not be as simple as Yes/No, therefore we require that a Status is forwarded to Digital Verification, indicating what the final outcome was.

Please see the statuses that can be forwarded to us:

Please Note: It is important that Statuses continue to be added to accurately reflect the outcome, as our system will learn off your decisions. This may involve adding a Status several weeks after a Digital Verification Case has been evaluated. For instance, when a Chargeback occurs, Merchants should have a process in place to add the Status of the Case and communicate this back to the Digital Verification API.

We provide a number of options to update the Statuses of your orders:

1. Using the Status API Endpoint
2. Providing a CSV file through our sFTP service
3. Updating the order Status through the Manual Review Screen

Option 3: Updating the order Status through the Manual Review Screen

Overview

The following document is aimed at walking developers through the Manual Review Screen available on the IDVision Console - https://console-eu.trustev.com (For EU Customers) or https://console-us.trustev.com (For US Customers). This is our online portal that Merchants can access to review orders. The IDVision Console is where you will see the Transactions processed by Digital Verification. During the Integration phase the Manual Review Screen can be used to validate that Requests have been received, that Statuses are being updated and the Transaction data is being correctly processed etc. To note: Only Decisioned Cases will appear on the Manual Review Screen.

• A transaction is submitted on the Merchants web site.
• The Developer or Merchant will:
• Log into the IDVision Console.
• Use the Search functionality to locate the Transaction using the Merchant’s Case Number.
• Click on the Search results listing for the Transaction to display the detailed results on the Manual Review screen.

This is discussed in detail below.

Log In to the IDVision Console.

The first step is to log in to the IDVision Console. This is available here -  https://console-eu.trustev.com (For EU Customers) or https://console-us.trustev.com (For US Customers). You will be presented with the following screen:

The credentials you will need are as follows:

1. Username: This will be the email you provided to the Integration Team during the initial setup phase.

2. Password: A password e-mail will be sent to you where you will be promted to enter a password of your choosing.

Using the IDVision Console Search Features

There are a number of features available on the IDVision Console to help you review transactions and analyse fraud issues.

Transactions Overview Screen

The first screen that you will be presented with is the Home Page. By clicking the search icon, it will bring you to the Search Transactions Screen. 

Below is the Transaction Review Screen:

On the Transaction Review Screen there are a number of functions available:

1. Filter transaction by date: this allows you to give a time range in which to review transactions.

2. Search for a specific Transaction by Case Number: this allows you to search by specific Case Number, to review the details of a single Transaction. It is also possible to do partial searches, by using an asterisk (*).

3. Filter transaction by the Digital Verification Decision and/or the Status of a transaction.
4. Search for transactions with a specific E-mail address that was used.
5. Filter the transaction by Transaction Value.

6. View Transactions: Here you will see the details of the transactions. Unless specified by a filter implied, you will see the last placed transactions in chronological order, from newest to oldest.

    

   You will be presented with:

1. The date and time of the transaction.

2. The Case Number.

3. The current Status of that transaction.

4. The Currency.

5. The Value of that transaction.

6. The Decision that Digital Verification returned, on whether this was a fraudulent transaction or not.

7. The Customers first name, last name and e-mail.

Understanding the Manual Review Screen 

From the Transaction Overview Screen above, you can click through to manually review each  transaction. Depending on the result of each transaction (i.e. “good” transaction or “failed” transaction) you will be presented with a screen that breaks down all the details of the transactions into the following groups:

Decision Summary:

The Decision Summary shows what the decision was on this particular transaction. It is colour coded in relation to the Decision; green being the best, red being the worst. The higher your score, the the greater the evidence of fraud in the transaction. In the example above, we can see that this was a fraudulent transaction. 

This colour coded decision and number reflects the thresholds configured by our Fraud Team, to reflect your site’s fraud needs. That’s to say, each customer will get a personalized configuration of what score is a pass, fail, or flag. Please see “What is a Digital Verification Score?” for a deeper explanation. 

It is necessary to note that when Test Keys are used the Decisions are randomized. For example, they request through the API a Decision for order 123, and receive a Pass. If they went into the Order Review Screen, they might see a Fail for this order. Live API Keys are needed for accurate Decisions, therefore during Integrations you should not be taking these Decisions as accurate.

Fact Summary:

The Fact Summary breaks down the decision, into what “facts” were hit with this transaction. Again, these facts are colour coded, with red being the heaviest weightings and highest in terms of fraud, and green being the lowest.

The Fact Summary allows you to review on a per transaction basis, to get a comprehensive overview of what factors made this transaction pass or fail, and why. The facts shown above are just an example for demo purposes. The Fraud Team will work closely with you during the Calibration Phase, to learn more about your fraud problems, and which of these facts should weigh heavier than others.

Transaction and Case Details: 

In the above screen, we can see the Case details. This is all of the data that is passed through your Case Request during the API call “Add Case”. Essentially, these are the details inputted by the customer of your website when they checkout. We see their name, email, phone number, address and address type (e.g. Billing/Delivery) , etc. We can also see some additional details identified by Digital Verification, like IP Location, and some of the card details (note: these are not PII, the BIN just allows us to tell the country of issue). We can also see the breakdown of what this customer ordered. In certain cases this can be an identifier of fraud if the Total Value is significantly higher than the average. Under "Transaction Information" we also see information on the velocity, completed transactions and rejected transactions.

Overall Transaction History:

Here we can see the history of transactions that have been processed from the same device and/or email address. Above we can see that although there is different email addresses being used in different cities, they are coming from the same device. This function can be used to pick up on any devices or emails that need to be blacklisted. Further, it can help to eliminate the likelihood of Digital Verification failing a good customer, as it is possible to whitelist also. this also gives you visibility into how many overall transaction this customer made and how many are Completed/Rejected or Pending.

Update Status:

As mentioned in the documentation, it is necessary to update the status of each transaction. Ideally this should be done with your company's manual review system, which can be synced to Digital Verification. However if needed, we provide this functionality also. As explained in the documentation, transactions are automatically given the status of Placed when the Case is added (i.e. transaction is processed). Once Digital Verification has returned a decision, you will need to update the system on the outcome of this, by updating the status of the order from Completed to one of the options below:

Webhook

Digital Verification provide a mechanism to ensure that the Order data in a Merchant’s system can stay synchronised with the Order data stored in Digital Verification system.

This is implemented via a webhook which is used to send back an Order Status update to the Merchant’s Site as Status changes take place in other parts of the system.

For example, in your Order Review Screen on the IDVision Console - https://console-eu.trustev.com (For EU Customers) or in https://console-us.trustev.com (For US Customers), you will see the option to update the Status of an order.

On Submit, the Digital Verification system sends back a JSON object to a specified endpoint. This allows the Merchant to have both the Digital Verification system and their own internal order processing system up-to-date.

This is an optional feature, however in order to complete integration, we require that a Merchant provides us with an endpoint on their system that can receive a JSON object.

This JSON object: 

{
"Status": 0,
"Comment": "Wenhook comment",
"SessionId": "edffc5f6-2bf8-411c-974e-04ff24968a4d",
"CaseId": "edffc5f6-2bf8-411c-974e-04ff24968a4d|9288c4b2-5f66-4664-84d6-efd70b9f9d4c",
CaseNumber": "96f9868d-5ff5-4a5c-becc-1ca030d3422b"
}

• CaseNumber: This is the CaseNumber field that was supplied in your Add Case request. We recommend during Integration that you use your internal order number for this to allow for uniformity across Digital Verification systems and your own.

• CaseId: This is the ID field that was returned from the Digital Verification API during the POST Case request. This ID field is used with Decision and Status endpoint on the API.

• Comment : This field will reflect the comment enetered while updating the Status.
• SessionId: This is the ID field that was supplied in your Add Case Request. This field should have retrieved from the browser by loading the JavaScript.

• Status: This is the Status code that was assigned. These are the possible Status codes that you can receive: 

Please note: The Digital Verification webhook will send a Status update to the endpoint you provide when any Status updates occur. As such, if you update the Status directly through the Digital Verification API Status endpoint - POST api/v2.0/case/{caseId}/status - our API will also POST back what the Status change was. 

Communication between Merchant and Digital Verification API with webhook: