By using the Server Intelligence (server to server or s2s) integration, Opticks can analyse traffic without executing client side Javascript or redirecting traffic. Instead, you send Opticks basic information like IP address and HTTP headers so that Opticks can provide an analysis. This integration allows you to analyse bid requests before bidding when working with RTB.
NOTE: any Server Intelligence analysis is much more basic than the Opticks Firewall or OpticksJS integrations and can provide limited levels of protection. It is best to combine Server Intelligence along with Opticks Firewall or OpticksJS for complete pre-bid and post-bid protection.
Quick start
If you already have an Opticks API key, follow the steps below. If you don’t yet have an API token, see the Get an API token section.
Create one server-to-server endpoint and extract the trackingLink
Create a server-to-server link using the HTTP method described below:
Endpoint: | https://api.optickssecurity.com/campaigns |
Method: | POST |
Headers: | Content-Type: application/json Authorization: {{api_key}} |
Body: |
{ "name": "My server to server link", "type": "s2s" } |
Example request: |
curl --request POST \ --url https://api.optickssecurity.com/campaigns \ --header 'Authorization: {{api_key}}' \ --header 'Content-Type: application/json' \ --data '{"name": "My server to server link","type": "s2s"}' |
🔴 From the response, extract the trackingLink
value. It can take up to 5 minutes for the new URL to become active.
Send traffic data to the server-to-server link
Once you have retrieved the server-to-server link from the trackingLink property above and waited 5 minutes, you are ready to start analyzing traffic. Use the HTTP method described below. Pay special attention to the $.analysis.level
field in the response JSON. Reject any high risk traffic and depending on business requirements, medium risk as well.
Endpoint: | {{trackingLink}} (from step above) |
Method: | POST |
Headers: | Content-Type: application/json |
Body: |
{ "ip":{{visitors_ip_address}}, "headers": { {{header-key}}:{{header-value}}, ... }, "pubId": {{publisherId}}, "subId": {{sourceId}}, "requestId": {{clickId}}, "var2": {{other-data}}, "var3": {{more-data}} } |
Example request: |
curl --request POST \ --url https://track.domain.com/s/247b8?auth=92d4ca7f \ --header 'Content-Type: application/json' \ --data '{"ip":"172.28.0.1", "headers":{"X-Requested-With":"com.test.app", "Accept-Language":"en-US,en", "Accept-Encoding":"none", "User-Agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) |
Notes: | pubId, subId, var2, and var3 will be visible on the Opticks dashboard. |
Example response: |
{ "analysis": { "level": "high", "detections": [ { "group": { "id": 5, "name": "Proxy/VPN/Datacenter Traffic", "triggers": [ { "id": 27, "trigger": "Hosting/CDN proxy" } ] } }, { "group": { "id": 2, "name": "Header Injections", "triggers": [ { "id": 11, "trigger": "MSISDN Injection" } ] } } ] }, "invalidClickReasons":[], "inTarget": true, "id": "track_20190823065828_e3e76092_2057_4ed1_be59_397f3d898f23" } |
s2s Response
Field | Description |
---|---|
$.analysis.level |
whether the visit is low, medium or high risk. We recommend rejecting any high risk visits. |
$.analysis.detections |
array containing anything detected about the visit. |
$.invalidClickReasons |
array of optional detections the campaign may have been configured to refuse. |
$.inTarget |
boolean indicating whether the visit is within optional targeting contraints (country, OS, etc.). |
Detections
The details below are purely informational.
Groups
Opticks uses the concept of Detection Groups to categorise different suspicious or fraudulent behaviours found in the traffic.
Id | Name | Description |
---|---|---|
2 | Header Injections | Header alteration detected |
3 | Harmful applications | Detected as Malware |
4 | Non-reputable IP addresses | IP is in a Non-reputable list |
5 | Proxy Traffic | IP is in a Proxy list |
7 | Suspicious acquisition | App is not from a trusted source |
8 | Adult acquisition | Detected Adult content |
9 | Suspicious conversion patterns* | Conversion has unusual pattern |
*Only available when sending Opticks conversion information.
Triggers
Triggers are detailed here: Trigger description and IDs
Comments
0 comments
Please sign in to leave a comment.