# Security Recommendations

### Retrieve the analysis response and process it on the back end

Even though the analysis result is available to the host application via Web Plugin callbacks, it is recommended that the application back end receives it directly from Oz API. All decisions of the further process flow should be made on the back end as well. This eliminates any possibility of malicious manipulation with analysis results within the browser context.

<figure><img src="https://2532558063-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F5g6dgsxRbyrCvB0uAf8f%2Fuploads%2F7YmQokAg54gm5a4jrsrQ%2Fsafety%20recs%20v.2%201.svg?alt=media&#x26;token=12508556-0669-4404-b45b-83091cff1c79" alt=""><figcaption></figcaption></figure>

To find your folder from the back end, you can follow these steps:

1. On the front end, add your unique identifier to the folder metadata.

```javascript
OzLiveness.open({
  ...
  meta: { 
  // the user or lead ID from an external lead generator 
  // that you can pass to keep track of multiple attempts made by the same user
    'end_user_id': '<user_or_lead_id>',
  // the unique attempt ID
    'transaction_id': '<unique_transaction_id>'
  }
});
```

You can add your own key-value pairs to attach user document numbers, phone numbers, or any other textual information. However, ensure that tracking personally identifiable information (PII) complies with relevant regulatory requirements.

```
/api/folders/?meta_data=transaction_id==unique_id1&with_analyses=true
```

2. Use the `on_complete` callback of the plugin to be notified when the analysis is done. Once used, call your back end and pass the `transaction_id` value.
3. On the back end side, find the folder by the identifier you've specified using the Oz API `Folder LIST` method:

   ```json
   /api/folders/?meta_data=transaction_id==unique_id1&with_analyses=true
   ```

   To speed up the processing of your request, we recommend adding the time filter as well:

   ```json
   /api/folders/?meta_data=transaction_id==unique_id1&with_analyses=true&time_created.min=([CURRENT_TIME]-1hour)
   ```
4. In the response, find the analysis results and `folder_id` for future reference.

### Limit amount of the information sent to Web Plugin from the server

Web Adapter may send analysis results to the Web Plugin with various levels of verbosity. It is recommended that, in production, the level of verbosity is set to minimum.\
In the Web Adapter [configuration](https://doc.ozforensics.com/oz-knowledge/guides/administrator-guide/web-adapter) file, set the  `result_mode` parameter to "safe".

```json
"result_mode": "safe"
```