Skip to content

Human Detector integration

Human-Detector (HD) is a Nitrogen's security module that is able to identify if the request has been made by a human or any script. It can also determine if it has been made by malicious intent based on the request-journey.
Follow these steps to configure HD on your website or mobile-apps.

Prerequisite

  1. You must have a domain configured on Nitrogen.

HD integration steps

Integration on website

  1. Please add following script tag on your webpages at HEAD last position :

    <script src="/n7/n7HD.js" type="text/javascript"></script>

  2. This script will periodically make call to get a tamper-proof token, and will send it on all subsequent requests.
    HD will block any requests (configured for HD protection) not having this token. HD will also block them in other cases where it finds them made with malicious intent. Refer this for the details.

Integration on mobile-app

If you have a mobile app (Android/iOS), you need to add small functionality to it. Please follow the steps mentioned here.

  1. The app should make following GET call at the start before making other calls :

    /n7/getHDToken

    While making this call, it should also send this secret client specific header X-NV-Security-Key. Please connect with N7 team for its secret value.

  2. In response to /getHDToken request, you will receive HD token as value of X-NV-HD-Token response header.
    Send this token in all subsequent requests as request header : X-NV-HD-Token:received-hd-token-value

  3. This token will be valid for 10 minutes. So, please make the getHDToken call periodically in 8-9 minutes.
    HD will block any requests (configured for HD protection) not having this token. HD will also block them in other cases where it finds them made with malicious intent. Refer this for the details.

Notes

  1. Refer this link for configuring the pages/requests on HD dashboard those should be protected.

  2. Though, Human Detector can monitor all requests, it may increase the cost for you. It may also affect the performance.
    To manage it, a set of requests that pose a higher security risk can be identified, and put on the Human Detector monitoring list. Refer this link for the details.
    Please connect with the Nitrogen team to create the most effective use of the Human Detector. As the other requests can be managed by WAF, rate-limits, 2FA.