Get Started with Dtect

Security Features

The dtect Security API helps you gather valuable insights about your visitors, enhancing the quality of your survey data. Whether you're using the Security Token approach or requesting a Security Result directly, you'll leverage its insights to improve your data quality.

Security Result

Here is a detailed explanation of how each security check works in the dtect Security API:

dtect Score

dtect Score classifies visitors based on the data we collected about them. It provides one of three possible values:

  • good: Visitors who passed all security checks. These visitors are considered qualified to take any survey.
  • suspicious: Visitors flagged with unusual behavioral signals that are not typical of qualified survey takers, but don't warrant being flagged as bad. Examples include: VPN Detection, Privacy Focused Browser, Tampering Detection, etc.
  • bad: Visitors who are considered fraudulent based on collected data. Examples include: Automation Detection, IP Blocklist, Untrusted Browser/OS. When a visitor is flagged as bad at least one of the security checks are returned as true.

Location Validation

Verifies the visitor's location by cross-referencing their IP address, device, and browser details. This helps detect if they are trying to mask their location.

Location Lock

Using the list of allowed countries (countriesAllowed) you provided, we perform multiple checks to ensure the visitor is located in an approved location.

Device Deduplication

Identifies whether the visitor's device has already been captured in your project (projectId).

IP Deduplication

Identifies whether the visitor's IP address has already been captured in your project (projectId).

Duplicate ID

Identifies whether the visitorId has already been captured in your project (projectId).

Automation Detection

Indicates whether automation or bot-like behavior was detected.

Untrusted Browser Or OS

Flags browsers or operating systems commonly used for fraudulent behavior.

IP Blocklist

Flags if the visitor's IP address is found in our threat intelligence blocklist.

VPN Usage

Flags visitors whose connection is routed through a VPN provider.

Device Tampering

Detects evidence of device or browser tampering (e.g., spoofed user-agent).

Virtual Machine

Indicates the session is running inside a virtual machine environment.

Dev Tools

Flags visitors with browser developer tools open.

Privacy-Focused Settings

Detects hardened or privacy-focused settings/extensions that blocks us from capturing browser details.

Tor Exit Node

Flags traffic coming from Tor exit nodes.

High-Activity Device

Detects devices generating an unusually high volume of activity in a short time window.

Incognito Mode

Detects private/incognito browsing mode in the visitor's browser.

Integration

GET: https://api.qmapi.com/api/v1/dtect/verify/:account_id

Query Parameters

  • Params: account_id (in the URL path)
  • project_id – Unique identifier to recognize your user
  • visitor_id – Additional context for the visitor
  • callback_url – URL to redirect after verification

How it Works

The integration partner will redirect their user to the above link. We will then redirect the user to the provided callback_url and append the following query parameters to it:

  • dtect Score
  • project_id
  • visitor_id

It is then up to the integration partner to handle the logic as needed on their end.

Example

Request URL:

https://api.qmapi.com/api/v1/dtect/verify/12345?project_id=abc-project-789&visitor_id=visitor-456&callback_url=https://example.com/verify-result

Redirection After Verification:

https://example.com/verify-result?dtect_score=good&project_id=abc-project-789&visitor_id=visitor-456

On receiving the above callback, you can extract the values of dtect_score, project_id, and visitor_id to proceed with your application-specific logic.

Contact

Encountered an error? Please email us at dtectsupport@acutusai.com