# @microsoft/fraud-protection

[![Version](https://img.shields.io/npm/v/@microsoft/fraud-protection.svg)](https://www.npmjs.com/package/@microsoft/fraud-protection)

## Getting started

1. Install library

    from `npm`
    ```bash
    npm install @microsoft/fraud-protection --save
    ```
    
    from `yarn`
    ```bash
    yarn add @microsoft/fraud-protection
    ```

2. Link native code

    With autolinking (react-native 0.60+)

    ```bash
    cd ios && pod install
    ```

    Pre 0.60

    ```bash
    react-native link @microsoft/fraud-protection
    ```

## Usage

1. You can initiate the SDK by following so it can start to collect device attributes.

    ```javascript
    import RNFraudProtection from '@microsoft/fraud-protection';

    RNFraudProtection.start($tenantId);
    ```

    In this code, **tenantId** is the globally unique identifier (GUID) or universally unique identifier (UUID) that is provided by Microsoft.

2. Send collected device attributes to Microsoft by calling **send()**. You can call **send()** in anywhere before or on the page that has the operation that you need a risk assessment for. For a sign-in/sign-up scenario, you can call **send()** immediately after **start()** call.

    ```javascript
    import RNFraudProtection from '@microsoft/fraud-protection';

    RNFraudProtection.send($pageId); // Or RNFraudProtection.send()
    ```

    In this code, **pageId** is optional and can be set in the following way, depending on the scenario:

    - **SI** – Sign In
    - **SU** – Sign Up
    - **P** – Purchase
    - **tst** – Test

3. Call **getSessionId()** to obtain the **SessionId** value that is required when the risk assessment APIs are called.

    ```javascript
    import RNFraudProtection from '@microsoft/fraud-protection';

    RNFraudProtection.getSessionId((sessionId) => {
        console.log(sessionId)
    });
    ```

## Runtime permissions

The React Native SDK relies on the following native runtime permissions to collect various device data. The SDK doesn't ask for any runtime permissions. The app should obtain these runtime permissions from the user.

- **Android**
    - android.permission.ACCESS\_COARSE\_LOCATION
    - android.permission.READ\_PHONE\_STATE
    - android.permission.BLUETOOTH\_CONNECT

- **iOS**
    - The iOS SDK uses CLLocationManager, and checks for **CLAuthorizationStatus.authorizedAlways** or **CLAuthorizationStatus.authorizedWhenInUse** before it requests location data. The app should obtain **CLLocationManager.requestWhenInUseAuthorization** Or **CLLocationManager.requestAlwaysAuthorization** permission from the user.
    - The iOS SDK uses AppTrackingTransparency and checks for **ATTrackingManager.AuthorizationStatus.authorized** before it collects **AdvertisingId**. The app should obtain **ATTrackingManager.requestTrackingAuthorization** permission from the user.

## Support

To log a support ticket, go to <https://dfp.microsoft.com>. (Global admin permissions are required.)