Fusebill Payments API Risk Fields
When using Fusebill Payments, additional fields will need to be included in your payment method creation payload.
The Fusebill Post Payment method call accepts:
- ClientIP
- riskToken
These elements are mandatory when configured with the Fusebill Payment Gateway and should be captured by the registration page obtaining customer payment method information in order to improve Fusebill’s risk decision making process.
Client IP
The Post payment method call must contain the public IP address of the client whom the API call is made on behalf of.
Use the following format when passing in the ClientIP element, where 100.166.99.123 is the public IP address of the client:
“clientIp”: “100.166.99.123”
Risk-Token
Risk-token is a proprietary javascript library generated token that gathers a variety of client side information and associates it to a generated GUID which can be passed to Fusebill via the RiskToken
field in the post payment method call.
This riskToken element value should be the risk token UUID generated by the Risk JavaScript library (defined below) on the webpage of the user who triggered the API request on your system.
Use the following form when passing in the RiskToken element, where 123e4567-e89b-12d3-a456-426655440000 is the risk token generated by the Risk JavaScript library:
“RiskToken”: “123e4567-e89b-12d3-a456-426655440000”
Risk JavaScript library
The WePay Risk JavaScript library (Risk.js) is responsible for generating a risk token for use with the RiskToken element used by Fusebill Payments. It collects risk-related information from the client that loads the JavaScript and associates it with the risk token.
Usage
To use the JavaScript library, add a script HTML element to your webpage using https://static.wepay.com/min/js/risk.1.latest.js
as the source.
<script type="text/javascript" src="https://static.wepay.com/min/js/risk.1.latest.js"></script>
When your webpage finishes loading, Risk.js waits 5 seconds and then generates a risk token. This delay ensures that the token generation process does not impact your page load performance. You can also choose to manually generate the token when you are ready.
Documentation
Risk.js has two methods for generating and receiving the risk token:
WePay.risk.get_risk_token()
Returns a UUID token that is associated with the client machine on which Risk.js is loaded. If called before the token has been generated it returns 0.
WePay.risk.generate_risk_token()
Immediately generates the risk token. If called after the risk token has been generated, it will have no effect. The best time to use this method is after your page has fully finished rendering so as not to impact page load performance. Note: this method does not return the risk token.
Best Practices
To get the most out of Risk.js, follow these recommended best practices:
- Load the Risk JavaScript library on the webpage that triggers your API calls to WePay.
- Load the Risk JavaScript library as soon as possible on the webpage. This gives the library time to collect and tokenize risk related information.
- WePay risk tokens are only valid for 48 hours, so try to generate new ones when possible.
- When your webpage has fully finished rendering, call
WePay.risk.generate_risk_token()
to ensure that the risk token is available when you callWePay.risk.get_risk_token()
. - If you are choosing not to load the Risk JavaScript library immediately on page view, make sure to call
WePay.risk.generate_risk_token()
immediately after loading the script.
<script type="text/javascript" src="https://static.wepay.com/min/js/risk.1.latest.js"></script>
<script type="text/javascript">
WePay.risk.generate_risk_token()
</script>
Updated about 3 years ago