How to Create a Session ID for the Device Data Collector (DDC)

May 18, 2023 18:23

The session identifier (or session ID, s, sessionId, or sess) is used by Kount to join device data with login or order information. The customer determines what the session ID is, but must follow the Session ID requirements.

Note: For Kount Command, the RIS process post must use the session identifier that was created when the customer initiated the Device Data Collector (DDC). It is important to understand that the session ID used here is not the same concept as a web session. The session ID used for the integration to Kount must be unique per each risk assessment transaction.

Implementation Details

Generating your own session ID allows control over the value that is passed to Kount. Session IDs can be created either client-side or server-side.

Once generated, send the session ID using the s parameter in the URL to download the Device Data Collection SDK (web implementation only).

The following example assumes the session ID is abcdefg12345abababab123456789012:

<script type='text/javascript' src='https://DATA_COLLECTOR_URL/collect/sdk?m=123456&s=abcdefg12345abababab123456789012'> </script>

Session ID requirements

Must be unique per request and for a minimum of 30 days
Must contain only alphanumeric characters (0-9, a-z, or A-Z), dashes (-) or underscores (_)
Session ID values cannot exceed 32 characters in length

Note: If the session ID exceeds 32 characters or contains any invalid characters, an error is returned when attempting to download the SDK.

Code Examples for Generating a Session ID

A quick and convenient way to generate a valid session ID is to generate a Universally Unique Identifier (UUID) and remove the dashes – this shortens the value to 32 characters (refer to Session ID requirements). The following examples use the UUID method to generate the session ID:

JavaScript (client-side)/NodeJS (server-side)

//npm install uuidv4
const { uuid } = require('uuidv4');
const sessionID = uuid().replace(/-/g, '');

.NET

Guid myuuid = Guid.NewGuid();
string sessionID = myuuid.ToString().Replace("-","");

Java

String sessionID = UUID.randomUUID().toString().replaceAll("-","");

PHP

$SESS = substr(uniqid().uniqid().uniqid(),0,32);

Python

import uuid
sess = str(uuid.uuid4()).replace("-","")

Ruby

require 'securerandom'
sessionID = SecureRandom.uuid.gsub("-","")

Android (Kotlin)

deviceSessionID = UUID.randomUUID().toString().replace('-','');

Accessing the Session ID

Whether you generate your own session ID or let Kount generate it (refer to the FAQ), the session ID is available to the script on the page through the ka.sessionId attribute that is included in the downloaded Device Data Collection SDK. For further information, review How to Integrate the Kount Web Client for Device Data Collection into Your Website.

Using the Session ID in the Server-Side Call

Submit the session ID used in the Device Data Collection in the server-side API call to Kount. If the session ID is generated on the client side (web browser or native mobile app), a common approach is to send the session ID to the server as a hidden parameter in the payment or login form. If the session ID is generated server-side, keep the session ID in the session storage (or similar location) to retrieve and pass in the API call to Kount after payment or login is complete.

For more details, review the Kount integration guide for the product in which you are integrating.

Frequently Asked Questions (FAQ)

Can I automatically generate a session ID (Kount generated)?

Yes, a session ID can automatically be generated by downloading the Kount DDC SDK. The value (UUIDv4 without the dashes) is created by Kount and returned when the Device Data Collection SDK is downloaded. This method guarantees the session ID is unique and meets the requirements. To have Kount generate the session ID, exclude the session ID parameter in the call to download the Device Data Collection SDK, as shown in the following example (web implementation only):

<script type='text/javascript' src='https://DATA_COLLECTOR_URL/collect/sdk?m=123456'> </script>

Note: This option is not available for a native mobile device collection integration.

What happens if I leave the page after a session ID is created, and then return to complete the order?

There can be multiple session identifiers or session IDs created, but only the last session ID will be used to link the device data with the RIS transaction.

What happens if JavaScript does not run on an end-user’s computer?

If Kount is generating the session ID for you, a session ID will not be generated if JavaScript does not run. If you create a session ID server side, this issue is prevented.

Was this article helpful?

2 out of 2 found this helpful