Skip to main content
Sign in Homepage

Integrate through Server Intelligence

Support
  • Updated

By using the Server Intelligence (server to server or s2s) integration, Opticks can analyse traffic without executing client side Javascript or redirecting traffic. Instead, you send Opticks basic information like IP address and HTTP headers so that Opticks can provide an analysis. This integration allows you to analyse bid requests before bidding when working with RTB.

NOTE: any Server Intelligence analysis is much more basic than the Opticks Firewall or OpticksJS integrations and can provide limited levels of protection. It is best to combine Server Intelligence along with Opticks Firewall or OpticksJS for complete pre-bid and post-bid protection.

Quick start

If you already have an Opticks API key, follow the steps below. If you don’t yet have an API token, see the Get an API token section.

Create one server-to-server endpoint and extract the trackingLink

Create a server-to-server link using the HTTP method described below:

Endpoint: https://api.optickssecurity.com/campaigns
Method: POST
Headers: Content-Type: application/json
Authorization: {{api_key}}
Body: 
{
  "name": "My server to server link",
  "type": "s2s"
}
Example request: 
curl --request POST \
--url https://api.optickssecurity.com/campaigns \
--header 'Authorization: {{api_key}}' \
--header 'Content-Type: application/json' \
--data '{"name": "My server to server link","type": "s2s"}'

🔴 From the response, extract the trackingLink value. It can take up to 5 minutes for the new URL to become active.

Send traffic data to the server-to-server link

Once you have retrieved the server-to-server link from the trackingLink property above and waited 5 minutes, you are ready to start analyzing traffic. Use the HTTP method described below. Pay special attention to the $.analysis.level field in the response JSON. Reject any high risk traffic and depending on business requirements, medium risk as well.

Endpoint: {{trackingLink}} (from step above)
Method: POST
Headers: Content-Type: application/json
Body: 
{
  "ip":{{visitors_ip_address}},
  "headers": {
    {{header-key}}:{{header-value}},
    ...
  },
  "pubId": {{publisherId}},
  "subId": {{sourceId}}, 
  "requestId": {{clickId}},
  "var2": {{other-data}},
  "var3": {{more-data}}
}
Example request: 
curl --request POST \
--url https://track.domain.com/s/247b8?auth=92d4ca7f \
--header 'Content-Type: application/json' \
--data '{"ip":"172.28.0.1",
"headers":{"X-Requested-With":"com.test.app",
"Accept-Language":"en-US,en",
"Accept-Encoding":"none",
"User-Agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5)
 AppleWebKit/537.36 (KHTML, like Gecko) 
 Chrome/76.0.3809.100 Safari/537.36"},
"pubId":"pub100","subId":"source200",
"requestId":"34543tgr4645tg",
"var2":"foo","var3":"bar"}'
Notes: pubId, subId, var2, and var3 will be visible on the Opticks dashboard.
Example response: 
{
  "analysis": {
    "level": "high",
    "detections": [
      {
        "group": {
          "id": 5,
          "name": "Proxy/VPN/Datacenter Traffic",
          "triggers": [
            {
              "id": 27,
              "trigger": "Hosting/CDN proxy"
            }
          ]
        }
      },
      {
        "group": {
          "id": 2,
          "name": "Header Injections",
          "triggers": [
            {
              "id": 11,
              "trigger": "MSISDN Injection"
            }
          ]
        }
      }
    ]
  },
  "invalidClickReasons":[],
  "inTarget": true,
  "id": "track_20190823065828_e3e76092_2057_4ed1_be59_397f3d898f23"
}

s2s Response

Field Description
$.analysis.level whether the visit is low, medium or high risk. We recommend rejecting any high risk visits.
$.analysis.detections array containing anything detected about the visit.
$.invalidClickReasons array of optional detections the campaign may have been configured to refuse.
$.inTarget boolean indicating whether the visit is within optional targeting contraints (country, OS, etc.).

Detections

The details below are purely informational.

Groups

Opticks uses the concept of Detection Groups to categorise different suspicious or fraudulent behaviours found in the traffic.

Id Name Description
2 Header Injections Header alteration detected
3 Harmful applications Detected as Malware
4 Non-reputable IP addresses IP is in a Non-reputable list
5 Proxy Traffic IP is in a Proxy list
7 Suspicious acquisition App is not from a trusted source
8 Adult acquisition Detected Adult content
9 Suspicious conversion patterns* Conversion has unusual pattern

*Only available when sending Opticks conversion information.

Triggers

Triggers are detailed here: Trigger description and IDs

Related articles

Comments

0 comments

Please sign in to leave a comment.