Real-Time Logging

Overview

Real-time logging (RTL) is a collection of detailed logs of user activity provided by Arkose Labs servers. They are sent to a to an endpoint that you specify. The endpoint may be a server you run directly, or a third-party service designed to digest and package logging data for analysis.

The RTL data is made up of events. Each event is tagged with a unique session token that ties it to a user. The events are sent in real-time and cover the entire user experience, from Arkose Labs session creation to the session verification attempt. Included in the RTL data is telemetry data about the user, including what we have learned from the user's presence elsewhere on the Arkose Labs network. If the user was given an elevated security level, the reasons for that are also included. RTL data is raw and uninterpreted to enable you to interpret the effectiveness of the Arkose Labs Fraud and Abuse Prevention Platform (Arkose Labs Platform).

Caution!

Do not share the information in this document outside your organization. This information can be used by fraudsters to their advantage. They could become harder to exclude from trend analysis.

RTL Events

When the RTL events are sent

RTL events are POSTed to the server or endpoint at different times in the verification process, depending on the user’s security level and the method used to display the EC:

Event

 Standard mode

Fallback mode

 Transparent mode

loaded

When Arkose Labs solution is fully loaded

When Arkose Labs EC is fully loaded

When session is created

user_clicked_verify

First time user clicks the Verify button in the EC

First time user clicks the Verify button in the EC

No entry - no EC in transparent mode

user_clicked_audio

Every time the audio mode button is clicked

Every time the audio mode button is clicked

No entry - no EC in transparent mode

verify_attempt

When the Arkose Labs session is checked by your server to find if it is valid

When the Arkose Labs session is checked by your server to find if it is valid

When the Arkose Labs session is checked by your server to find if it is valid

Fields in RTL Events

The information passed through RTL will change according to which event is being reported. The table below shows all the possible fields, their valid values and what they represent.

See the Database Schema section below for information about what fields are provided in which circumstances.

Field

Value options and meaning

client_theme

 

This field shows the name of the client theme that was applied by the Arkose Labs Platform on this particular session. A theme is a predefined set of EC settings that control security features for a given session.
Authentic or otherwise unclassified traffic will log the standard client_theme for your implementation. This theme is usually called failwhale, but exceptions exist if you’re using a legacy data exchange method. For suspicious users, the Arkose Labs Platform may also enforce other themes, as shown in client_param_action. For example, the Arkose Labs Platform may apply themes that contain settings aimed at mitigating automated abuse or at curbing sweatshop abuse.

client_param_supplied

 

Legacy (only relevant for older data exchange implementations).
This shows the client theme (i.e. a predefined set of EC settings) that you requested from the Arkose Labs Platform verbatim. Note that client_param_supplied logs the theme that was requested by you, but this may not be the theme that ends up being applied to this session as it can be overridden by the Arkose Labs Platform.

client_param

Legacy (only relevant for older data exchange implementations).
This field shows the result of parsing your client theme request. If the parsing was successful, the value will be a valid theme name (ie matching the value in client_param_supplied), otherwise it will be an error code:

  • err_other: The theme you requested did not match any of the configured values on your public key. 

  • err_missing: No theme was requested.

  • err_decrypt_fail: The data that was passed in could not be decrypted or was missing (encrypted data exchange method only).

client_param_action

The field shows the action taken by the Arkose Labs Platform. It will show the client theme (a predefined set of EC settings) that was selected by the Arkose Labs Platform to apply specific pressure to this session. 

Authentic or otherwise unclassified traffic will have no pressure applied, so no value will be shown in this field.

game_type

 

0: Audio mode game

1: Correct way up game

2: This game type has been deprecated

3: Pick a tile game

101: New Audio game

null: A null value signifies there was no game_type value. This is usually due to the session being in Transparent Mode.

user_id

 

Customer-internal ID that was passed to the Arkose Labs Platform.

The default value is NOT SET.

punishable

 

A flag that indicates that the Arkose Labs Platform intends to enact punishment. Punishment is a specific mechanism employed to wear down the effectiveness of attacks and other fraudulent activities. When punishment is active, the user will receive random failures such as correct solves appearing as incorrect, a time out, or a failure at the game verification step. These failures will occur at a rate configured by the Arkose Labs Platform. For example, a 1 in 3 failure rate means that roughly a third of the user's sessions will receive the random failure.

If this flag is set the value will be 1 and the user associated with this session will be flagged and will receive the random failures at the configured rate.

punishable_actioned

 

If the value of this flag is 1, this session received a punishment. The user received an incorrect answer or timed out result on the game, regardless of whether the EC was solved correctly or not, or the user was unable to proceed even after being shown a correct answer result.

render_type

This field shows how the EC was rendered on the screen. The valid values are:

  • canvas: The EC rendered in Standard mode

  • liteJS: The EC rendered in Fallback mode

  • noJS: The EC rendered in Compatibility mode

  • suppressed: The EC was presented in Transparent mode. The user did not see an EC.

For more explanation of Standard mode, Fallback mode, Compatibility mode, and Transparent mode see Render Types.

sec_level_minimum

 

The minimum security_level that this user is allowed to have. This value is determined by the Arkose Labs decision engine based on analysis of the user. Users that are suspected to be fraudsters may have a sec_level_minimum set, which acts as a lower bound on security_level. That user will not be able to lower their security_level beyond the sec_level_minimum through usual ways, such as rehabilitating their reputation by achieving correct solves.

secure_client

If this field is 1, the EC is in encrypted in Obscure Mode

secure_decrypt_failure

If this field is 1, the user was detected with a violation of secure code encryption, a telltale sign of fraudulent activity

For more information, see Obscure Mode

security_level

 

A number that indicates the security level that was used for this session. For example, a user with security_level:3 will get transparent mode, a user with security_level:10 will get 1 puzzle in the EC, and a user with security_level:20 will get two puzzles in the EC.
Be aware that security_level can have a null value. This only occurs on audio mode verifies. Audio mode does not follow the concept of security levels, so the value of security_level for audio mode is null.
For more information about security levels, see How is Friction Applied?

session

Token for the Arkose Labs Platform session. A session is the whole experience from solution load to verification.

session_is_legit

This indicates the level of suspicion so far in this session.

  • 1: No telltales of fraudulent activity have been detected at this point in the session

  • 0: The session shows at least one sign of fraudulent activity.

session_timed_out

A value of 1 indicates that timed mode was active, and too much time passed between correct answer and verify attempt

For more information, see Timed Mode.

theme_ab

 

ID for an AB test variant to compare two or more different EC settings.

This setting is not used but may appear in the log.

user_agent

User agent as declared by the user.

user_ip_direct

The IP address of the user.

If reported in verify_attempt this is the IP address of the Arkose Labs server, not the user. Ignore it in these circumstances.

The IP address will be hashed if anon-mode option is set

user_language

The language used in the EC, usually determined from the user's browser 

split_test_group

 

The ID of the weighted split testing group/variant, to compare two or more different EC settings

country

The country code of the user, determined by the user's IP address.

user_ip

The IP address of the user.

public_key

The public key used with the Arkose Labs API to create the session.

telltale_list

All telltales matching a session.

telltale_user

Unique identifier for a combination of telltales that identify a particular bad user or organisation

raw_fingerprint

A comma separated string containing fingerprint data points in plain text.

The data points are prefixed by the following acronyms:

DNT - Do not track
L - Language
D - Color Depth
PR - Pixel Ratio
S - Resolution - screen resolution
AS - Available Resolution - window/iframe resolution
TO - Timezone Offset - in minutes, negative east of Greenwich, positive west of Greenwich
SS - Session Storage - boolean
LS - Local Storage - boolean
IDB - Indexed Database - boolean
B - Behavior - boolean
ODB - Open Database - boolean
CPUC - CPU class
PK - Navigator Platform
CFP - Canvas Fingerprint
FR - Fake Resolution - boolean
FOS - Fake OS - boolean
FB - Fake Browser - boolean
JSF - Fonts Installed
P - Plugins - browser plugins
T - Touch Support
H - Hardware Concurrency Value
SWF - Flash detection - boolean

suspicion_flags

A list of unique identifiers for suspicious characteristics that match the session.

The following are for the event verify_attempt only

Field

Value options and meaning

already_verified

A value of 1 indicates that this session was previously verified.

This may be non-suspicious user activity such as clicking back in the browser and resubmitting the form.

It may be fraudulent activity such as attempting to get extra use out of a single session.

completion_time_from_click

Milliseconds between user clicking the Verify button and getting a correct answer. It is expected this value may be or null when render_type is not canvas.

For more information, see How is Friction Applied? .

failed_low_sec_validation

A value of 1 indicates that this session was started in a low-security mode but when verify was attempted, the user no longer qualified for this mode. Verification fails with this flag set.

incorrect_answer_check_amount

A value of 1 shows the user submitted a number of wrong answers, a certain telltale of fraudulent activity.

lack_of_litejs_fallback

A value of 1 shows that the user tried to use Fallback mode through non-legitimate means, such as direct API call.

For more information, see Render Types.

lack_of_init_load

A value of 1 shows that the user did not properly call init_load, a certain telltale of fraudulent activity.

lowsec_limited

 

A user that started out in a low security session, such as transparent mode or interactive mode with a No Wrong Answers puzzle, can sometimes fail the verification step. This may be because that user's IP or fingerprint was determined to be no longer valid for low security at some point during the session. The lowsec_limited field is a text string describing the reason that low security is no longer valid for a user.

  • user_credits: This indicates that the user's security credits have dropped during the session to a point where the user becomes suspicious and we no longer serve lowsec to that user

  • rate_limit_exceeded: This indicates that one of the rate limits configured for this user's IP or across the entire key was exceeded at some point during the session.

  • no_site_low_sec: (rare) indicates that at some point during the session, we removed the ability for this site to serve lowsec at all, possibly due to a settings change.

session_attempted

0: The user never submitted a correct answer, but attempted to verify anyway
1 or field missing: Ignore; has no relevant meaning.

solved

1: Arkose Labs certified the session as verified and solved
0: The session was not solved, but was submitted for verification anyway.

stop_forum_spam

1: User’s IP was found in the Stop Forum Spam database.

ua_mismatch

1: User changed the declared user agent partway through session, a certain telltale of inauthentic activity.

user_wrong_answers

Number of times the user guessed a wrong answer this session, before getting it right.

How RTL Works

The Arkose Labs Platform sends the RTL request directly to your specified endpoint. The latency from Arkose Labs servers to your server and your execution time is added to our execution time on every endpoint that handles RTL.

Be aware that using RTL may increase the load times for each EC.

How to Set Up RTL

RTL sends a request directly to your server or endpoint. As a result, the set up of RTL involves set up of security processes.

  1. You must provide Arkose Labs with a REST endpoint to which the logs will be sent.

    1. Arkose Labs will send POST events with a JSON body.

    2. Each event will create an individual log which will be sent when it is produced. There is no option for batching logs.

  2. If you want to use HMAC record validation, Arkose Labs will provide you with a secret to use.

  3. To authenticate your request, Arkose Labs will require you to pass a HTTP_REQUEST_HMAC header with your request.

    1. The value of the header will follow the following scheme:
      <current unix timestamp>.<hmac>. ex 257894000.oCImj7I2w/+lkB91dkmbzaVNBMyjP1VgRWb57o5rZAk=

  4. The HMAC is generated by sha256 hashing the timestamp with a secret that will be provided by Arkose Labs, then base64 encoded.
    The algorithm Arkose Labs use is at https://play.golang.org/p/dAfnMQCAF30.

  5. You can find a list of implementations of the algorithm in other languages at the following link: https://github.com/danharper/hmac-examples

The timestamp will have a valid window of 20 minutes. Therefore it cannot be older than 10 minutes, or 10 minutes in the future.

How to use RTL

How you access the RTL data depends on the way you have chosen to consume the data. Arkose Labs can not give step-by-step instructions, but we can provide pointers to the best use of the information.

Fraudster Traffic

RTL can be used to to expose trends in traffic using your site. You can filter out the fraudster traffic from the non-suspicious traffic to expose information about each type of user. Fraudsters will often fail to verify the session or they will try to verify sessions that have not been solved. Fraudster traffic creates a lot of noise, so it should be filtered out before looking for genuine problems that affect non-suspicious users.

Fraudster signifies a broad range of users which may include the following :

  • Humans paid to solve ECs while using software tools that make this as efficient as possible. The humans are necessarily low-paid to increase profits, so they typically are in real or virtual sweatshops, which are very low-cost operating environments. To increase efficiency, sweatshops often use console software that directly operates the Arkose Labs API by mimicking (often only partially) the traffic generated by a consumer-grade device or browser.

  • Software programs using machine vision methods to accurately guess the correct answer to the EC.

See Filter Results for more information about how to filter out fraudster traffic.

Non-Suspicious Traffic

When properly screened to exclude fraudsters, RTL can be used for insights about non-suspicious users.

Once filtered properly, RTL data for non-suspicious users can be used to find trends such as the following examples:

  • High number of EC invocations, low number of loaded events.

    • User agents with possible performance problems

These may be extremely efficient fraudsters who sniff the session fast enough to abandon the session even before the loaded event fires

  • High number of user_clicked_verify events, low number of verify_attempt events with solved=1

    • This pattern could indicate a GUI operation problem

    • It could indicate poor understanding of the instructions

    • It could indicate user confusion, which results in submission of EC for verification when it is not solved

  • EC configuration options that perform the best or reduce abuse the most

    • Compare results by game_type

    • Compare results by theme_ab

Filter Results

The results need to be filtered to gain the best insights into what the data is telling you. The following instructions are a suggestion of an approach to filtering the data:

  1. Make a list of session values ($bad_sessions) by adding the session values from each log matching any of the following:

    • event=”verify_attempt” AND session_is_legit=0

    • A session with event=”loaded” but without any corresponding event=”user_clicked_verify” in any log for that session

      • This is a bad session because it’s very unlikely a authentic user would make no attempt at all to interact with the EC

      • By contrast, a fraudster will often load the session to sniff its contents, then abandon the session, or operate the Arkose Labs API without actually clicking any GUI elements

    • A session appears more than once with the same event type

      • For example, two loaded logs with the same session value

  2. Build a list ($good_logs) of all logs with a session value that is not in the $bad_session list

  3. Examine $good_logs for trends

  4. Tell Arkose Labs what you find so we can update our telltales, fix bugs, and improve performance.

Sample JSON logs 

The JSON logs shown below are samples of those POSTed to the your endpoint for each event:

User loads the Enforcement Challenge (event=="loaded")

 

 

{
  "event": "loaded",
  "user_id": "NOT SET",
  "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36",
  "render_type": "canvas",
  "client_param": null,
  "client_param_supplied": null,
  "client_theme": null,
  "user_language": "en-gb",
  "session": "5645fb45a37710701.8198310203",
  "failed_low_sec_validation": null,
  "secure_client": null,
  "security_level": 20,
  "game_type": 1,
  "country": null,
  "user_ip": "172.30.0.1",
  "public_key": "00CEF279-B39F-27F6-84B4-7541322B5B56",
  "telltale_user": "eng-1265-qa",
  "raw_fingerprint": "DNT:unknown, L:en-GB, D:24, PR:2.5, S:2560,1440, AS:2560,1440, TO:-600, SS:true, LS:true, IDB:true, B:false, ODB:true, CPUC:unknown, PK:MacIntel, CFP:-1575076396, FR:false, FOS:false, FB:false, JSF:Andale Mono,Arial,Arial Black,Arial Hebrew,Arial Narrow,Arial Rounded MT Bold,Arial Unicode MS,Comic Sans MS,Courier,Courier New,Geneva,Georgia,Helvetica,Helvetica Neue,Impact,LUCIDA GRANDE,Microsoft Sans Serif,Monaco,Palatino,Tahoma,Times,Times New Roman,Trebuchet MS,Verdana,Wingdings,Wingdings 2,Wingdings 3, P:Chrome PDF Plugin,Chrome PDF Viewer,Native Client, T:0,false,false, H:8, SWF:false",
  "client_param_action": null,
  "theme_ab":2,
  "telltale_list": ["eng-1265-qa-1", "eng-1265-qa"],
  "suspicion_flags": ["ip-info", "detection-flag-1"],
  "session_is_legit": 0,
  "split_test_group": "group_a"
}

 

 

User first interacts with the Enforcement Challenge (event=="user_clicked_verify")

 

 

{
  "event": "user_clicked_verify",
  "user_id": "NOT SET",
  "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36",
  "render_type": "canvas",
  "client_param": null,
  "client_param_supplied": null,
  "client_theme": null,
  "user_language": "en-gb",
  "session": "8495fb3584743eb60.0886033203",
  "failed_low_sec_validation": null,
  "secure_client": null,
  "security_level": 50,
  "game_type": 1,
  "country": null,
  "theme_ab":2,
  "user_ip": "172.30.0.1",
  "public_key": "00CEF279-B39F-27F6-84B4-7541322B5B56",
  "telltale_user": "eng-1265-qa",
  "raw_fingerprint": "DNT:unknown, L:en-GB, D:24, PR:2, S:2560,1440, AS:2560,1440, TO:-600, SS:true, LS:true, IDB:true, B:false, ODB:true, CPUC:unknown, PK:MacIntel, CFP:-1575076396, FR:false, FOS:false, FB:false, JSF:Andale Mono,Arial,Arial Black,Arial Hebrew,Arial Narrow,Arial Rounded MT Bold,Arial Unicode MS,Comic Sans MS,Courier,Courier New,Geneva,Georgia,Helvetica,Helvetica Neue,Impact,LUCIDA GRANDE,Microsoft Sans Serif,Monaco,Palatino,Tahoma,Times,Times New Roman,Trebuchet MS,Verdana,Wingdings,Wingdings 2,Wingdings 3, P:Chrome PDF Plugin,Chrome PDF Viewer,Native Client, T:0,false,false, H:8, SWF:false",
  "client_param_action": null,
  "telltale_list": ["eng-1265-qa-1", "eng-1265-qa"],
  "suspicion_flags": ["ip-info", "detection-flag-1"],
  "session_is_legit": 0,
  "split_test_group": "group_a"
}

 

 

User enters the Audio Mode Challenge (event=="user_clicked_audio")

 

 

{
  "event": "user_clicked_audio",
  "user_id": "NOT SET",
  "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36",
  "render_type": "canvas",
  "client_param": null,
  "client_param_supplied": null,
  "client_theme": null,
  "user_language": "en-gb",
  "session": "5705fb35a2735c500.8446474503",
  "failed_low_sec_validation": null,
  "secure_client": null,
  "security_level": 20,
  "game_type": 101,
  "country": null,
  "user_ip": "172.30.0.1",
  "public_key": "00CEF279-B39F-27F6-84B4-7541322B5B56",
  "telltale_user": "eng-1265-qa",
  "raw_fingerprint": "DNT:unknown, L:en-GB, D:24, PR:2, S:2560,1440, AS:2560,1440, TO:-600, SS:true, LS:true, IDB:true, B:false, ODB:true, CPUC:unknown, PK:MacIntel, CFP:-1575076396, FR:false, FOS:false, FB:false, JSF:Andale Mono,Arial,Arial Black,Arial Hebrew,Arial Narrow,Arial Rounded MT Bold,Arial Unicode MS,Comic Sans MS,Courier,Courier New,Geneva,Georgia,Helvetica,Helvetica Neue,Impact,LUCIDA GRANDE,Microsoft Sans Serif,Monaco,Palatino,Tahoma,Times,Times New Roman,Trebuchet MS,Verdana,Wingdings,Wingdings 2,Wingdings 3, P:Chrome PDF Plugin,Chrome PDF Viewer,Native Client, T:0,false,false, H:8, SWF:false",
  "client_param_action": null,
  "theme_ab":2,
  "telltale_list": ["eng-1265-qa-1", "eng-1265-qa"],
  "suspicion_flags": ["ip-info", "detection-flag-1"],
  "session_is_legit": 0
}

 

 

User attempts to verify the Enforcement Challenge (event=="verify_attempt")

 

 

{
  "event": "verify_attempt",
  "session_is_legit": 0,
  "user_id": "NOT SET",
  "client_id": "NOT SET",
  "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36",
  "render_type": "canvas",
  "user_language": "en-gb",
  "client_param": null,
  "client_param_supplied": null,
  "client_theme": null,
  "session": "5625fb456fc7ffad6.3655840803",
  "solved": 1,
  "completion_time_from_click": 17492,
  "user_wrong_answers": 0,
  "failed_low_sec_validation": null,
  "punishable": null,
  "secure_client": null,
  "session_attempted": null,
  "lowsec_limited": null,
  "security_level": 30,
  "country": null,
  "theme_ab":2,
  "split_test_group": "group-F",
  "user_ip": "172.30.0.1",
  "public_key": "00CEF279-B39F-27F6-84B4-7541322B5B56",
  "telltale_user": "eng-1265-qa",
  "raw_fingerprint": "DNT:unknown, L:en-GB, D:24, PR:2.5, S:2560,1440, AS:2560,1440, TO:-600, SS:true, LS:true, IDB:true, B:false, ODB:true, CPUC:unknown, PK:MacIntel, CFP:-1575076396, FR:false, FOS:false, FB:false, JSF:Andale Mono,Arial,Arial Black,Arial Hebrew,Arial Narrow,Arial Rounded MT Bold,Arial Unicode MS,Comic Sans MS,Courier,Courier New,Geneva,Georgia,Helvetica,Helvetica Neue,Impact,LUCIDA GRANDE,Microsoft Sans Serif,Monaco,Palatino,Tahoma,Times,Times New Roman,Trebuchet MS,Verdana,Wingdings,Wingdings 2,Wingdings 3, P:Chrome PDF Plugin,Chrome PDF Viewer,Native Client, T:0,false,false, H:8, SWF:false",
  "client_param_action": null,
  "game_type": 1,
  "region_mismatch_sid": null,
  "region_mismatch_token": null,
  "telltale_list": ["eng-1265-qa-1", "eng-1265-qa"],
  "suspicion_flags": ["ip-info", "detection-flag-1"]
}

 

 

Database Schema 

When using a schema-based database to store the RTL event, use the schemas below to ensure that all data is received and can be stored without error or truncation.

If the schemas below are ever modified, all relevant clients will be contacted and given time to make any required changes.

The required field is a list of fields that will be sent in the JSON string for every record. Any field not included in the required list must support a null value. The logs also contain null chars where appropriate, therefore some fields are specified as both string and null or integer and null. 

Event type: loaded

 

 

{
	"type": "object",
	"properties": {
		"event": { "type": "string", "minLength": 0, "maxLength": 128},
		"user_agent": { "type": "string", "minLength": 0, "maxLength": 1500},
		"render_type": { "type": "string", "enum": ["canvas", "noJS", "liteJS", "suppressed"] }, "client_param": { "type": ["string", "null"], "minLength": 0, "maxLength": 128},
		"client_param_supplied": { "type": ["string", "null"], "minLength": 0, "maxLength": 128},
		"client_theme": { "type": ["string", "null"], "minLength": 0, "maxLength": 128},
		"user_language": { "type": "string", "minLength": 0, "maxLength": 10},
		"session": { "type": ["integer", "null"], "minimum": 0, "maximum": 1},
		"game_type": { "type": ["integer", "null"],"minimum": 0,"maximum": 128 },
		"theme_ab": { "type": ["integer", "null"], "minimum": 1, "maximum": 1024 },
		"session_is_legit": { "type": ["integer", "null"], "minimum": 0, "maximum": 1 },
		"user_id": { "type": "string", "minLength": 0, "maxLength": 1500 },
		"security_level": { "type": ["integer", "null"], "minimum": 0, "maximum": 500 },
		"split_test_group": { "type": "string", "minLength": 1, "maxLength": 32 },
		"country": { "type": ["string", "null"], "minLength": 0, "maxLength": 10 },
		"user_ip": { "type": ["string", "null"], "minLength": 0, "maxLength": 100 },
		"public_key": { "type": "string", "minLength": 0, "maxLength": 36 },
		"telltale_user": { "type": ["string", "null"], "minLength": 0, "maxLength": 128 },
		"raw_fingerprint": { "type": ["string", "null"] },
		"telltale_list": { "type": ["array", "null"], "items": { "type": "string", "minLength": 0, "maxLength": 128	} },
		"suspicion_flags": { "type": ["array", "null"], "items": { "type": "string" } },
		"client_param_action": { "type": ["string", "null"] }
	},
	"required": ["event","user_agent","render_type","client_param","client_param_supplied","client_theme","user_language","session","game_type","security_level","country","user_ip","public_key","telltale_user","raw_fingerprint"]
}

 

 

Event type: user_clicked_verify

 

 

{
	"type": "object",
	"properties": {
		"event": {"type": "string",	"minLength": 0, "maxLength": 128 },
		"user_agent": {"type": "string", "minLength": 0, "maxLength": 1500 },
		"render_type": {"type": "string", "enum": ["canvas", "noJS", "liteJS", "suppressed"] },
		"client_param": {"type": ["string", "null"], "minLength": 0, "maxLength": 128 },
		"client_param_supplied": {"type": ["string", "null"],	"minLength": 0, "maxLength": 128 },
		"client_theme": {"type": ["string", "null"],	"minLength": 0, "maxLength": 128 },
		"user_language": {"type": "string",	"minLength": 0, "maxLength": 10 },
		"session": { "type": "string", "minLength": 0, "maxLength": 40 },
		"failed_low_sec_validation": {"type": ["integer", "null"],	"minimum": 0, "maximum": 1 },
		"secure_client": {"type": ["integer", "null"],	"minimum": 0, "maximum": 1 },
		"game_type": {"type": ["integer", "null"],	"minimum": 0, "maximum": 128 },
		"theme_ab": {"type": ["integer", "null"],	"minimum": 1, "maximum": 1024 },
		"session_is_legit": {"type": ["integer", "null"],	"minimum": 0, "maximum": 1 },
		"user_id": {"type": "string",	"minLength": 0, "maxLength": 1500 },
		"security_level": {"type": ["integer", "null"],	"minimum": 0, "maximum": 500 },
		"split_test_group": {"type": "string",	"minLength": 1, "maxLength": 32 },
		"country": { "type": ["string", "null"],	"minLength": 0, "maxLength": 10 },
		"user_ip": { "type": ["string", "null"],	"minLength": 0, "maxLength": 100 },
		"public_key": { "type": "string",	"minLength": 0, "maxLength": 36 },
		"telltale_user": { "type": ["string", "null"],	"minLength": 0, "maxLength": 128 },
		"raw_fingerprint": { "type": ["string", "null"]},
		"telltale_list": { "type": ["array", "null"], "items": { "type": "string", "minLength": 0, "maxLength": 128 } },
		"suspicion_flags": { "type": ["array", "null"],	"items": { "type": "string"	} },
		"client_param_action": { "type": ["string", "null"] }
	},
	"required": ["event","user_agent","render_type","client_param","client_param_supplied","client_theme","user_language","session","failed_low_sec_validation","secure_client","game_type","security_level","country","user_ip","public_key","telltale_user","raw_fingerprint"]
}

 

 

Event type: user_clicked_audio

 

 

{
	"type": "object",
	"properties": {
		"event": { "type": "string", "minLength": 0, "maxLength": 128 },
		"user_agent": { "type": "string", "minLength": 0, "maxLength": 1500 },
		"render_type": { "type": "string", "enum": ["canvas", "noJS", "liteJS", "suppressed"] },
		"client_param": { "type": ["string", "null"], "minLength": 0, "maxLength": 128 },
		"client_param_supplied": { "type": ["string", "null"], "minLength": 0, "maxLength": 128 },
		"client_theme": { "type": ["string", "null"], "minLength": 0, "maxLength": 128 },
		"user_language": { "type": "string", "minLength": 0, "maxLength": 10 },
		"session": { "type": "string", "minLength": 0, "maxLength": 40 },
		"failed_low_sec_validation": { "type": ["integer", "null"], "minimum": 0, "maximum": 1 },
		"secure_client": { "type": ["integer", "null"], "minimum": 0, "maximum": 1 },
		"game_type": { "type": ["integer", "null"], "minimum": 0, "maximum": 128 },
		"theme_ab": { "type": ["integer", "null"], "minimum": 1, "maximum": 1024 },
		"session_is_legit": { "type": ["integer", "null"], "minimum": 0, "maximum": 1 },
		"user_id": { "type": "string", "minLength": 0, "maxLength": 1500 },
		"security_level": { "type": ["integer", "null"], "minimum": 0, "maximum": 500 },
		"split_test_group": { "type": "string", "minLength": 1, "maxLength": 32 },
		"country": { "type": ["string", "null"], "minLength": 0, "maxLength": 10 },
		"user_ip": { "type": ["string", "null"], "minLength": 0, "maxLength": 100 },
		"public_key": { "type": "string", "minLength": 0, "maxLength": 36 },
		"telltale_user": { "type": ["string", "null"], "minLength": 0, "maxLength": 128 },
		"raw_fingerprint": { "type": ["string", "null"] ,"telltale_list": { "type": ["array", "null"], "items": { "type": "string", "minLength": 0,	"maxLength": 128 } } },
		"suspicion_flags": { "type": ["array", "null"], "items": { "type": "string" } },
		"client_param_action": { "type": ["string", "null"] }
	},
	"required": ["event","user_agent","render_type","client_param","client_param_supplied","client_theme","user_language","session","failed_low_sec_validation","secure_client","game_type","security_level","country","user_ip","public_key","telltale_user","raw_fingerprint"]
}

 

 

Event type: verify_attempt

 

 

{
	"type": "object",
	"properties": {
		"event": { "type": "string", "minLength": 0, "maxLength": 128 },
		"session_is_legit": { "type": ["integer", "null"], "minimum": 0, "maximum": 1 },
		"security_level": { "type": ["integer", "null"], "minimum": 0, "maximum": 500 },
		"client_id": { "type": "string", "minLength": 0, "maxLength": 256 },
		"user_agent": { "type": "string", "minLength": 0, "maxLength": 1500 },
		"render_type": { "type": "string", "enum": ["canvas", "noJS", "liteJS", "suppressed"] }, "user_language": { "type": "string", "minLength": 0, "maxLength": 10 },
		"client_param": { "type": ["string", "null"], "minLength": 0, "maxLength": 128 },
		"client_param_supplied": { "type": ["string", "null"], "minLength": 0, "maxLength": 128 },
		"client_theme": { "type": ["string", "null"], "minLength": 0, "maxLength": 128 },
		"session": { "type": "string", "minLength": 0, "maxLength": 40 },
		"solved": { "type": "integer", "minimum": 0, "maximum": 2 },
		"completion_time_from_click": { "type": ["integer", "null"], "minimum": 0, "maximum": 1000000 },
		"user_wrong_answers": { "type": "integer", "minimum": 0, "maximum": 1 },
		"failed_low_sec_validation": { "type": ["integer", "null"], "minimum": 0, "maximum": 1 },
		"punishable": { "type": ["integer", "null"], "minimum": 0, "maximum": 1 },
		"secure_client": { "type": ["integer", "null"], "minimum": 0, "maximum": 1 },
		"session_attempted": { "type": ["integer", "null"], "minimum": 0, "maximum": 1 },
		"lowsec_limited": { "type": ["string", "null"], "minLength": 0, "maxLength": 50 },
		"region_mismatch_sid": { "type": ["integer", "null"], "minimum": 0, "maximum": 1 },
		"region_mismatch_token": { "type": ["integer", "null"], "minimum": 0, "maximum": 1 },
		"game_type": { "type": "integer", "minimum": 0, "maximum": 128 },
		"theme_ab": { "type": ["integer", "null"], "minimum": 1, "maximum": 1024 },
		"telltale_user": { "type": ["string", "null"], "minLength": 0, "maxLength": 128 },
		"already_verified": { "type": ["integer", "null"], "minimum": 0, "maximum": 1 },
		"user_id": { "type": "string", "minLength": 0, "maxLength": 1500 },
		"split_test_group": { "type": "string", "minLength": 1, "maxLength": 32 },
		"country": { "type": ["string", "null"], "minLength": 0, "maxLength": 10 },
		"user_ip": { "type": ["string", "null"], "minLength": 0, "maxLength": 100 },
		"public_key": { "type": "string", "minLength": 0, "maxLength": 36 },
		"raw_fingerprint": { "type": ["string", "null"] }, "telltale_list": { "type": ["array", "null"], "items": { "type": "string", "minLength": 0, "maxLength": 128 } },
		"suspicion_flags": { "type": ["array", "null"], "items": { "type": "string" } },
		"client_param_action": { "type": ["string", "null"] }
	},
	"required": ["event","session_is_legit","client_id","user_agent","render_type","user_language","client_param","client_param_supplied","client_theme","session","solved","completion_time_from_click","user_wrong_answers","failed_low_sec_validation","punishable","secure_client","session_attempted","lowsec_limited","region_mismatch_sid","region_mismatch_token","security_level","country","user_ip","public_key","telltale_user","raw_fingerprint"]
}

 

 

HMAC

Arkose Labs offers HMAC record validation to ensure that each record being received are delivered only by Arkose Labs.

When turned on, two headers are attached to each delivered record: 

 

HTTP-REQUEST-HMAC
HTTP-REQUEST-HMAC-BODY

 


PHP based example to test HMAC key

 

$hmac_key = "hmacPrivateKeyExample";
list($request_hmac_timestamp, $request_hmac) = explode(".", $_SERVER['HTTP_REQUEST_HMAC']);
$request_hmac_body = explode(".", $_SERVER['HTTP_REQUEST_HMAC_BODY'])[1];
$decrypted_request_hmac = base64_encode(hash_hmac('sha256', $request_hmac_timestamp, $hmac_key, true));
$decrypted_request_hmac_body = base64_encode(hash_hmac('sha256', $message, $hmac_key, true));
// Verify data
$data.="\nRequest body:\n";
if ($request_hmac !== $decrypted_request_hmac) {
$data.='Hmac invalid!!! '.$decrypted_request_hmac." != ".$request_hmac;
} else {
$data.='Hmac verified.';
}
$data.="\n";
if ($request_hmac_body !== $decrypted_request_hmac_body) {
$data.='Hmac body invalid!!! '.$decrypted_request_hmac_body." != ".$request_hmac_body;
} else {
$data.='Hmac body verified.';
}

 

 

Was this article helpful?
0 out of 0 found this helpful