Getting Started with Keverd
Welcome to Keverd, the comprehensive fraud detection platform designed to protect your applications from account takeover, fraudulent transactions, and malicious activity. This guide will walk you through everything you need to know to get started.
What is Keverd?
Keverd is a cutting-edge fraud detection and prevention platform that provides real-time risk assessment for user interactions across web and mobile applications. Built with privacy-first principles, Keverd helps businesses identify and prevent fraudulent activities without compromising user privacy or experience.
Our platform combines multiple advanced technologies including device fingerprinting, behavioral biometrics, geographic analysis, and SIM swap detection to create a comprehensive fraud detection system. Unlike traditional fraud prevention methods that rely solely on IP addresses or cookies, Keverd uses a multi-layered approach that works even when users are using VPNs, incognito mode, or have cleared their browser data.
Keverd is designed to be developer-friendly, with easy-to-integrate SDKs for multiple platforms and programming languages. Whether you're building a web application, a mobile app, or a hybrid solution, we have the tools you need to implement robust fraud detection in minutes, not days.
What We Offer
1. Real-Time Risk Assessment
Keverd provides instant risk scores (0-100) for every user interaction, allowing you to make informed decisions in real-time. Our scoring algorithm analyzes multiple data points including device characteristics, user behavior patterns, geographic location, and historical data to generate accurate risk assessments. Scores are calculated in under 100ms (p99 latency), ensuring minimal impact on your application's performance.
The risk score is accompanied by actionable recommendations: allow for low-risk interactions (0-29), soft_challenge for moderate risk (30-49), hard_challenge for high risk (50-69), and block for very high risk (70-100). This allows you to implement graduated security measures that balance user experience with security.
2. Device Fingerprinting
Our device fingerprinting technology creates a unique identifier for each device without storing any personally identifiable information (PII). We collect and hash device characteristics such as screen resolution, timezone, installed fonts, canvas fingerprint, WebGL fingerprint, and hardware specifications to create a stable, privacy-compliant device identifier.
The fingerprint is generated using SHA-256 hashing, ensuring that raw device information never leaves the client in an unhashed form. This approach provides persistent device identification that works across sessions, browsers, and even after clearing cookies, while maintaining full compliance with GDPR, CCPA, and the Kenya Data Protection Act.
3. Behavioral Biometrics
Keverd analyzes user behavior patterns to detect anomalies that may indicate fraudulent activity. We track typing patterns (dwell time and flight time between keystrokes), mouse movements, touch gestures, swipe velocities, and session entropy to build a behavioral profile for each user.
These behavioral patterns are unique to each individual and are extremely difficult for fraudsters to replicate. When a user's behavior deviates significantly from their established patterns, Keverd flags this as a potential risk indicator. This technology is particularly effective at detecting account takeover attempts, where a fraudster may have obtained login credentials but cannot replicate the legitimate user's typing and interaction patterns.
4. Geographic Analysis
Our platform analyzes geographic patterns to detect suspicious location changes. We track IP addresses, timezones, and geographic coordinates to identify impossible travel scenarios, VPN usage, and location-based anomalies. For example, if a user logs in from New York and then attempts to log in from London 30 minutes later, this would be flagged as a geographic anomaly.
Geographic analysis is enhanced by MaxMind GeoLite2 database integration, providing accurate location data for risk assessment. We also detect VPN and proxy usage, which can be legitimate (privacy-conscious users) or suspicious (fraudsters attempting to hide their location).
5. SIM Swap Detection (Mobile Only)
For Android applications, Keverd provides advanced SIM swap detection capabilities. SIM swapping is a common attack vector where fraudsters convince a mobile carrier to transfer a victim's phone number to a new SIM card, allowing them to intercept SMS-based two-factor authentication codes.
Our SIM swap detection engine monitors SIM card changes, device changes, behavioral anomalies, timing patterns, and velocity anomalies to identify potential SIM swap attacks. When a SIM swap is detected, the risk score is automatically elevated, and you can implement additional security measures such as requiring alternative authentication methods.
6. Privacy-First Architecture
Privacy is at the core of Keverd's design. All device identifiers are hashed client-side before transmission, ensuring that no raw PII is ever sent to our servers. We comply with major privacy regulations including GDPR, CCPA, and the Kenya Data Protection Act, and provide tools for data deletion and user consent management.
Our platform is designed to provide effective fraud detection while respecting user privacy. We don't track users across different websites, we don't create advertising profiles, and we don't sell user data. Everything we collect is used solely for fraud detection and prevention purposes.
How We Offer It
Keverd is delivered through a combination of client-side SDKs and a cloud-based API. The SDKs run in your application (web browser or mobile app) and collect device and behavioral data, then send this data to our API endpoint for risk assessment. The entire process is designed to be fast, secure, and non-intrusive.
Client-Side SDKs: Our SDKs are lightweight, easy to integrate, and designed to have minimal impact on your application's performance. They handle all the complexity of data collection, hashing, and API communication, so you can focus on building your application. SDKs are available for multiple platforms and programming languages, ensuring you can integrate Keverd regardless of your technology stack.
Cloud-Based API: Our API endpoint (https://api.keverd.com/fingerprint/score) receives fingerprint data from your SDKs and returns risk assessments in real-time. The API is built for scale, with sub-100ms response times (p99) and the ability to handle millions of requests per day. All API communication is encrypted using HTTPS, and we provide comprehensive rate limiting and monitoring.
Dashboard and Analytics: In addition to the SDKs and API, Keverd provides a comprehensive dashboard where you can view analytics, manage API keys, monitor usage, and configure settings. The dashboard gives you insights into fraud patterns, risk score distributions, and the effectiveness of your fraud prevention measures.
Documentation and Support: We provide extensive documentation, code examples, and integration guides for all our SDKs. Our documentation includes detailed API references, troubleshooting guides, and best practices. If you need additional help, our support team is available to assist with integration and answer any questions.
Available SDKs
Keverd provides official SDKs for multiple platforms and programming languages. Each SDK is designed to integrate seamlessly with its target platform, following platform-specific best practices and conventions. All SDKs provide the same core functionality: device fingerprinting, behavioral data collection, and risk assessment, but they're packaged in ways that feel natural to developers working in each ecosystem.
Android SDK
KotlinOur Android SDK is built with Kotlin and provides comprehensive fraud detection capabilities for Android applications. It includes device fingerprinting, behavioral analytics, and SIM swap detection, which is unique to mobile platforms. The SDK is distributed via Maven Central and can be integrated into your Android project with just a few lines of code.
The Android SDK collects device information such as manufacturer, model, OS version, screen dimensions, and hardware specifications. It also tracks behavioral patterns including typing patterns, swipe velocities, and session entropy. For SIM swap detection, it monitors SIM card information and detects changes that may indicate account takeover attempts.
The SDK is designed to be privacy-compliant, with user consent management built-in. All data collection can be configured to require explicit user consent, and the SDK provides callbacks for consent management. Performance is optimized for mobile devices, with data collection taking less than 50ms and total API call time under 100ms.
View Android DocumentationVanilla JavaScript SDK
UniversalThe Vanilla JavaScript SDK is our most versatile SDK, designed to work in any browser environment. It's framework-agnostic, meaning you can use it with any JavaScript framework or in plain HTML/JavaScript applications. The SDK is lightweight (under 50KB minified) and has zero dependencies, making it easy to integrate and deploy.
This SDK provides comprehensive device fingerprinting capabilities including canvas fingerprinting, WebGL fingerprinting, screen characteristics, timezone detection, and more. It also collects behavioral data such as typing patterns, mouse movements, and session entropy. The SDK is designed to work seamlessly with modern build tools and can be installed via npm, yarn, or included directly via CDN.
The JavaScript SDK is perfect for web applications that need fraud detection but don't want to be tied to a specific framework. It provides a simple, promise-based API that's easy to use and understand. The SDK automatically handles data collection, hashing, and API communication, so you just need to initialize it with your API key and call a single method to get risk assessments.
import { Keverd } from '@keverdjs/fraud-sdk';
// Initialize with your API key
Keverd.init('your-api-key-here');
// Get visitor data and risk assessment
const result = await Keverd.getVisitorData();
console.log('Risk Score:', result.risk_score);
console.log('Action:', result.action);
console.log('Session ID:', result.session_id);React SDK
React HooksThe React SDK is designed specifically for React applications and provides a seamless integration using React hooks and context. It follows React best practices and integrates naturally with React's component lifecycle. The SDK provides a KeverdProvider component for global configuration and a useKeverdVisitorData hook for accessing visitor data and risk assessments.
The React SDK is perfect for Next.js applications, Create React App projects, and any other React-based web application. It provides TypeScript support out of the box, with comprehensive type definitions for all data structures and API responses. The SDK handles all the complexity of data collection and API communication, so you can focus on building your React components.
One of the key advantages of the React SDK is its reactive nature. When visitor data is updated, React components automatically re-render with the new data. The SDK also provides loading and error states, making it easy to handle different states in your UI. The hook-based API makes it simple to access visitor data from any component in your application tree.
import { KeverdProvider, useKeverdVisitorData } from '@keverdjs/fraud-sdk-react';
function App() {
return (
<KeverdProvider loadOptions={{ apiKey: 'your-api-key' }}>
<HomePage />
</KeverdProvider>
);
}
function HomePage() {
const { data, loading, error } = useKeverdVisitorData({
immediate: true
});
if (loading) return <div>Loading...</div>;
if (error) return <div>Error: {error.message}</div>;
return (
<div>
<p>Risk Score: {data?.riskScore}</p>
<p>Action: {data?.action}</p>
</div>
);
}Vue.js SDK
Vue 3The Vue.js SDK is built for Vue 3 applications and leverages Vue's Composition API to provide a modern, reactive integration. It provides composables (similar to React hooks) for accessing visitor data and a plugin system for global SDK configuration. The SDK is designed to work seamlessly with Vue 3's reactivity system, ensuring that your components automatically update when visitor data changes.
The Vue SDK provides a useKeverdProvider composable for SDK initialization and a useKeverdVisitorData composable for accessing visitor data. It also includes a Vue plugin that can be installed globally, making it easy to access the SDK from any component in your application.
The SDK is perfect for Vue 3 applications built with Vite, Nuxt 3, or any other Vue 3 setup. It provides full TypeScript support and follows Vue 3 best practices. The composable-based API makes it easy to use the SDK in both Options API and Composition API components.
View Vue.js DocumentationAngular SDK
AngularThe Angular SDK is built specifically for Angular applications and follows Angular's dependency injection and service-based architecture. It provides an KeverdService that can be injected into any Angular component or service, and a KeverdModule for easy module-based integration.
The Angular SDK uses RxJS observables for reactive data access, making it easy to integrate with Angular's change detection system. The service-based API provides a clean, testable interface that follows Angular best practices. The SDK is designed to work seamlessly with Angular's dependency injection system and can be easily mocked for testing.
The SDK is perfect for Angular applications built with Angular CLI or any other Angular setup. It provides full TypeScript support and follows Angular style guide recommendations. The observable-based API makes it easy to use with Angular's async pipe and other reactive patterns.
View Angular DocumentationQuick Start Guide
Get Your API Key
Learn moreThe first step to using Keverd is to obtain an API key. API keys are used to authenticate your application with the Keverd API and are required for all API requests. To get your API key, you'll need to sign up for a Keverd account at dashboard.keverd.com.
Once you've created an account, navigate to the API Keys section in the dashboard. You can create multiple API keys for different environments (development, staging, production) or different applications. Each API key has its own usage limits and can be enabled or disabled independently. For detailed instructions on obtaining and managing API keys, see our API Keys documentation.
Important: Keep your API keys secure and never commit them to version control. Use environment variables or secure configuration management to store your API keys. API keys should be treated as sensitive credentials, similar to passwords or database connection strings.
Choose Your Platform
View all SDKsNext, choose the SDK that matches your application's platform. Keverd provides SDKs for Android (Kotlin) and multiple web frameworks (Vanilla JavaScript, React, Vue.js, and Angular). Each SDK is designed to integrate seamlessly with its target platform.
Web SDK Installation
Choose your framework and install the corresponding package:
Vanilla JavaScript:
npm install @keverdjs/fraud-sdkReact:
npm install @keverdjs/fraud-sdk-reactVue.js:
npm install @keverdjs/fraud-sdk-vueAngular:
npm install @keverdjs/fraud-sdk-angularInitialize the SDK
Vanilla JavaScript:
import { Keverd } from '@keverdjs/fraud-sdk';
Keverd.init({
apiKey: 'YOUR_API_KEY',
endpoint: 'https://api.keverd.com'
});
// Get visitor data
const visitorData = await Keverd.getVisitorData();
console.log('Risk Score:', visitorData.riskScore);React:
import { KeverdProvider } from '@keverdjs/fraud-sdk-react';
function App() {
return (
<KeverdProvider
loadOptions={{
apiKey: 'YOUR_API_KEY'
}}
>
<YourApp />
</KeverdProvider>
);
}
// Use in components
import { useKeverdVisitorData } from '@keverdjs/fraud-sdk-react';
function MyComponent() {
const { data, isLoading, error } = useKeverdVisitorData({
immediate: true
});
return <div>Risk Score: {data?.riskScore}</div>;
}Start Using
Once initialized, the SDK automatically collects device and behavioral data, sends it to the Keverd API, and returns risk assessments. You'll receive a response containing the risk score (0-100), recommended action (allow, soft_challenge, hard_challenge, or block), and additional metadata.
For detailed code examples and API references for each SDK, see the specific SDK documentation pages. Each SDK's documentation includes complete examples showing initialization, data retrieval, error handling, and best practices.
What You'll Get
Real-time Risk Scores
Get instant risk assessments (0-100) for every user interaction. Risk scores are calculated in under 100ms (p99 latency) and include actionable recommendations (allow, soft_challenge, hard_challenge, or block) that you can use to implement graduated security measures.
Device Fingerprinting
Unique device identification without storing PII. Our SHA-256 hashed fingerprints work across sessions, browsers, and even after clearing cookies, providing persistent device identification while maintaining full privacy compliance.
Behavioral Analytics
Track user behavior patterns including typing patterns, mouse movements, touch gestures, and session entropy to detect anomalies. Behavioral biometrics are unique to each individual and extremely difficult for fraudsters to replicate.
SIM Swap Detection
Detect SIM card changes that may indicate account takeover attempts. Available for Android applications, SIM swap detection monitors SIM card information, device changes, behavioral anomalies, and timing patterns to identify potential attacks.
Geographic Analysis
Detect suspicious location changes, impossible travel scenarios, and VPN usage. Our geographic analysis uses IP addresses, timezones, and MaxMind GeoLite2 data to identify location-based anomalies.
Privacy-First Design
All device identifiers are hashed client-side before transmission. We comply with GDPR, CCPA, and the Kenya Data Protection Act, and provide tools for data deletion and user consent management.
Ready to Get Started?
Get your API key and start protecting your application from fraud in minutes.