SentraID JavaScript SDK – Integration Guide

1. Overview

The SentraID JavaScript SDK captures and sends fraud detection signals to your system in real-time.

Key Features

2. Server-side: Fetch Token

Your server must call the authentication endpoint using your x-api-key and x-merchant-id. Do not expose these values in client-side code. 

POST https://beta-api.sentraid.com/api/v1/authentication/token
Content-Type: application/json

{
  "x-api-key": "eXncMymxwH0d6GczFVHHeLO98",
  "x-merchant-id": "5842369b-5159-433e-a01e-eefb8494df2b"
}

Response:

{
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}

Example: C# (ASP.NET Core Backend)

using System.Net.Http;
using System.Text;
using System.Text.Json;

public class TokenService
{
    private readonly HttpClient _http;

    public TokenService(HttpClient http) => _http = http;

    public async Task<string> GetTokenAsync()
    {
        var payload = new {
            ["x-api-key"] = "YOUR_API_KEY",
            ["x-merchant-id"] = "YOUR_MERCHANT_ID"
        };

        var response = await _http.PostAsync(
            "https://beta-api.sentraid.com/api/v1/authentication/token",
            new StringContent(JsonSerializer.Serialize(payload), Encoding.UTF8, "application/json")
        );

        var json = await response.Content.ReadAsStringAsync();
        using var doc = JsonDocument.Parse(json);
        return doc.RootElement.GetProperty("token").GetString();
    }
}
✅ Your backend should return only the token to the client. Never pass x-api-key or x-merchant-id to the frontend.

3. Client-side: Initialize SDK

Using <script> tag 
<script src="https://cdn.sentraid.com/sentraid-1.0.0.min.js"></script>
<script>
  async function initSDK() {
    // Fetch token securely from your backend
    const res = await fetch("https://contoso-ltd.com/api/get-sentra-token");
    const { token } = await res.json();

    const client = new SentraID({
      token: token,
      baseURL: "https://beta-api.sentraid.com/api/v1",
      onTokenExpired: () => {
        console.warn("Token expired. Refresh it from backend.");
      }
    });

    window.sentraClient = client;
  }

  initSDK();
</script>

4. Basic Usage

Generate a Session ID

const sessionId = SentraIDUtils.generateSessionId();

Submit an Event

(async () => {
  try {
    const response = await sentraClient.submitEvent({
      userId: "user_123",
      eventType: "login_attempt",
      sessionId: sessionId
    });

    console.log("Event submitted:", response);
  } catch (err) {
    console.error("Failed to submit event:", err.message);
  }
})();

5. Security Notes