Security Recommendations

Retrieve the analysis response and process it on the back end

Even though the analysis result is available to the host application via Web Plugin callbacks, it is recommended that the application back end receives it directly from Oz API. All decisions of the further process flow should be made on the back end as well. This eliminates any possibility of malicious manipulation with analysis results within the browser context.

To find your folder from the back end, you can follow these steps:

  1. On the front end, add your unique identifier to the folder metadata.{
  meta: { 
  // the user or lead ID from an external lead generator 
  // that you can pass to keep track of multiple attempts made by the same user
    'user_id': '<user_or_lead_id>',
  // the unique attempt ID
    'transaction_id': '<unique_transaction_id>'

You can add your own key-value pairs to attach user document numbers, phone numbers, or any other textual information. However, ensure that tracking personally identifiable information (PII) complies with relevant regulatory requirements.

  1. Use the on_complete callback of the plugin to be notified when the analysis is done. Once used, call your back end and pass the transaction_id value.

  2. On the back end side, find the folder by the identifier you've specified using the Oz API Folder LIST method:


    To speed up the processing of your request, we recommend adding the time filter as well:

  3. In the response, find the analysis results and folder_id for future reference.

Limit amount of the information sent to Web Plugin from the server

Web Adapter may send analysis results to the Web Plugin with various levels of verbosity. It is recommended that, in production, the level of verbosity is set to minimum. In the Web Adapter configuration file, set the result_mode parameter to "safe".

"result_mode": "safe"

Last updated