# DeviceAssure Web Client #
The purpose of this JavaScript library is to analyse and validate a device
visiting a webpage with the library embedded. The collected data is compared
with sets of known valid characteristics for legitimate devices. This
comparison and validation is performed by the DeviceAssure backend service.
The data collected by the library may be sent to the DeviceAssure service in two
ways.
1) Client to server model
The data is sent directly from the client library to the DeviceAssure backend
service. Validation results are returned to the library and optionally to a
configured callback URL.
2) Server to server model
The data is collected and made available on the client. The DeviceAssure library
will not make a request to the DeviceAssure service. It is the responsibility of
the calling application to transmit the data to a suitable server and for that
server to make the request to the DeviceAssure service. The validation results
are returned directly back to the calling server and not to the client
application.
## Data ##
The library collects data about the underlying hardware and browser
capabilities. It does not collect any PII data.
The library stores a non-configurable cookie to prevent subsequent calls to the
DeviceAssure library for a **30 minute** period. DeviceAssure will not be called
again until the cookie expires or is deleted.
## Setup ##
The DeviceAssure JavaScript library must be included on a webpage for it to
function. It is recommended to include the library at the end of the web page.
This section shows how to setup the library for both "Client to Server" and also
"Server to Server" usage.
### Client to Server usage ###
In this scenario the data is collected by the library and automatically sent to
the DeviceAssure service to be analysed.
The below sample code shows how to include and call the library. A valid licence
key _must_ be provided by replacing the placeholder "LICENCE_KEY".
```javascript
```
Please see the Implementation Guide for the structure and examples of returned
validation data.
Alternatively, the library may be included and called asynchronously. This is
shown below:
```javascript
```
### Server to Server usage ###
In this scenario, the data is collected by the library and made available to the
calling application. The calling application must send the data to an appropriate
server that subsequently makes a request to the DeviceAsssure service. Please
see the Implementation Guide for further details on how to send the data from a
server context.
Note: A licence key is not required on the client side in this scenario. It must
however be provided on the server side before making the request to the
DeviceAssure service.
The Server to Server functionality may be enabled by adding a **serverToServer: true**
parameter to the options object before calling the library. This flag will
disable the automatic validation to the DeviceAssure service and will instead
make the collected data available to the calling application.
The collected data may be retrieved from the library synchronously or
asynchronously. Both approaches are shown below:
```javascript
```
## Sample Application ##
A sample application is included in the package. This sample shows usage for
both the "Client to Server" and the "Server to Server" approaches. A valid
DeviceAssure licence key is required for the "Client to Server" example.
## Copyright ##
Copyright (c) DeviceAtlas Limited 2022. All rights reserved. https://deviceatlas.com