Human-Detector (HD): Integration steps
Integration on Website:#
- Place the following script at the end of the
<head>tag on all pages:<script src="/n7/n7HD.js" type="text/javascript" async defer></script>
Integration on API/sub-domains#
If backend APIs are served from a different subdomain than the frontend application (for example: frontend on www.domain.com and APIs on api.domain.com), additional configuration is required for HD to function correctly.
Note: Please ensure that HD script is present on the primary domain.
Following CORS response headers are mandatory on API (api.domain.com) domain:
- access-control-allow-origin: https://www.domain.com (Page serverd from a domain from which XHR calls are made)
- access-control-allow-credentials: true
- Notes:
- Access-Control-Allow-Origin must not be set to * when credentials/cookies are used.
- The value of Access-Control-Allow-Origin must exactly match the requesting frontend origin.
- These headers can be managed from N7.
- Allowing cookies on XHRs:
- Based on frontend library used to make backend-XHR requests use appropriate flag to explicitly allow cookies to be included in the request.
- eg:
- AXIOS is used set
withCredentials: true - Fetch API is used set
credentials: include - Other REST Libraries, please refer to respective documentation.
- AXIOS is used set
Integration on Mobile App:#
- For mobile apps, follow these steps:
- Make a GET call to /n7/getHDToken at app launch.
- Include header: X-NV-Security-Key (provided by N7 team).
- Extract token from response header: X-NV-HD-Token.
- Include this token in all requests as: X-NV-HD-Token: <token_value>
- Refresh the token every 8-9 minutes.