dtect Security API
Status PageDashboard
Status PageDashboard
  1. Getting Started
  • Getting Started
    • Introduction
    • Security Features
    • Security Request
    • API Credentials
    • Adding to Survey Platforms
  • Frontend SDK
    • Introduction
    • Quality Questions & AI Detection
    • React
    • JavaScript
    • Error List
  • Security Token
    • Introduction
    • Retrieve Security Result using Security Token
      GET
  1. Getting Started

Security Features

The dtect Security API helps you gather valuable insights about your visitors, improving the quality of your data by returning a Security Result with checks that classify each visitor as good, suspicious, or bad.

dtect Score#

Every visitor is assigned a dtectScore:
good: No bad or suspicious checks were triggered.
suspicious: At least one suspicious check was triggered, but no bad checks.
bad: At least one bad check was triggered.

Results#

The results object contains a set of boolean checks that evaluate different aspects of a visitor's session. Each check is classified as either Bad or Suspicious, and together they determine the dtectScore assigned to the visitor.
CategoryCheckVariableDescription
🔴 BadLocation LockisLocationBlockedUses the list of allowed countries (countriesAllowed) you provided to ensure the visitor is located in an approved location.
🔴 BadDevice DeduplicationisDuplicateDeviceIdentifies whether the visitor's device has already been captured in your project (projectId).
🔴 BadIP DeduplicationisDuplicateIpIdentifies whether the visitor's IP address has already been captured in your project (projectId).
🔴 BadDuplicate IDisDuplicateIdIdentifies whether the visitorId has already been captured in your project (projectId).
🔴 BadAutomation DetectionisAutomationDetectedIndicates whether automation or bot-like behavior was detected.
🔴 BadUntrusted Browser / OSisUntrustedBrowserOrOSFlags browsers or operating systems used for fraudulent behavior.
🔴 BadIP BlocklistisBlockedIPFlags if the visitor's IP address is found in our threat intelligence blocklist.
🔴 BadAI DetectionisAIUsageDetectedFlags if AI tools or behavior patterns were detected during the session. The value will be null unless you call .isAIUsageDetected()
🔴 BadQuality QuestionsisQualityRejectedFlags if the participant failed validation through quality questions. The value will be null unless you call .checkQualityQuestions()
🟡 SuspiciousLocation ValidationisLocationInvalidVerifies the visitor's location by cross-referencing their IP address, device, and browser details. This helps detect if they are trying to mask their location.
🟡 SuspiciousVPN UsageisVpnDetectedFlags visitors whose connection is routed through a VPN provider.
🟡 SuspiciousDevice TamperingisDeviceTamperedDetects evidence of device or browser tampering (e.g., spoofed user-agent).
🟡 SuspiciousVirtual MachineisVirtualMachineIndicates the session is running inside a virtual machine environment.
🟡 SuspiciousDev ToolsisDevToolsOpenedFlags visitors with browser developer tools open.
🟡 SuspiciousPrivacy-Focused SettingsisPrivacySettingsEnabledDetects hardened or privacy-focused settings/extensions that block us from capturing browser details.
🟡 SuspiciousTor Exit NodeisTorDetectedFlags traffic coming from Tor exit nodes.
🟡 SuspiciousHigh-Activity DeviceisHighActivityDeviceDetects devices generating an unusually high volume of activity in a short time window.
🟡 SuspiciousIncognito ModeisIncognitoDetects private/incognito browsing mode in the visitor's browser.

Extended Response#

In addition to the core security checks, the response includes categories and signals that provide more context about what was detected and why.

Categories#

Categories are human-readable labels derived from the security checks. They summarize what type of risk was detected in a session. A category is only included in the response when at least one of its supporting signals is true.
CategoryDescriptionTriggered when any of these are true
REPEAT_SUBMISSIONThe same device, IP, or visitor ID has been seen before in this projectId.isDuplicateDevice, isDuplicateId, isDuplicateIp
LOCATION_MISMATCHThe visitor's location signals are inconsistent or don't match expected patterns.isLocationInvalid, isLocationBlocked
NETWORK_MASKINGThe visitor is obscuring their true network origin using anonymization or relay services.isVpnDetected, isTorDetected
BOT_ACTIVITYThe session shows signs of automation or bot-like behavior.isAutomationDetected, isHighActivityDevice, isBlockedIP
SETUP_MANIPULATIONThe visitor's device or browser environment appears altered or restricted.isDeviceTampered, isVirtualMachine, isDevToolsOpened, isPrivacySettingsEnabled, isIncognito, isUntrustedBrowserOrOS
UNUSUAL_BEHAVIORThe visitor's interaction patterns suggest inauthentic or low-quality engagement.isAIUsageDetected, isQualityRejected

Signals#

Signals provide detailed data that gives transparency into why certain checks were triggered, including details about the visitor's location,network and device.
Location
The location object provides the IP-based timezone alongside the browser-reported timezone, so you can understand whether the visitor's location signals are consistent. It also includes the visitor's country and city inferred from their IP address.
NameTypeDescription
ipTimezonestringThe timezone inferred from the visitor's IP address
browserTimezonestringThe timezone reported by the visitor's browser
countrystring or nullThe visitor's country inferred from their IP address in ISO 3166-1 alpha-3 format. Returns null if unavailable.
citystring or nullThe visitor's city inferred from their IP address. Returns null if unavailable.
Network
The network object reveals whether the connection was routed through a data center, relay service (e.g. Apple Private Relay from iCloud), or shows a timezone mismatch, helping you understand more about the visitor's network.
NameTypeDescription
ipstringThe visitor's detected IP address
timezoneMismatchbooleanWhether the IP timezone and browser timezone do not match
dataCenterbooleanWhether the visitor's IP originates from a data center
relaybooleanWhether the visitor's connection is routed through a relay service
Device
The device object provides details about the visitor's device and browser environment.
NameTypeDescription
idstringA unique identifier for the visitor's device
userAgentstringThe full user-agent string reported by the browser
browserNamestringThe detected browser name
browserVersionstringThe detected browser version
deviceModelstringThe detected device model
deviceVendorstringThe detected device manufacturer
osNamestringThe detected operating system
osVersionstringThe detected operating system version
lastSeenAtstring or nullThe last time this device was seen in your project in ISO-8601 format. Returns null if it's the first time the device is seen.

Technical Reference#

You will be able to get a Security Result by using our Frontend SDKs or by sending a security token to Retrieve Security Result with Security Token.
Security Result

Previous
Introduction
Next
Security Request