Client-side integration vs Backend integration

Mosaic enables you to integrate Fraud Prevention into your application using client-side SDK or backend API approach.

Backend integration flow

The flow starts with the user navigating to the webpage or app (1). The SDK gets initialized, obtains a session token, and starts sending telemetry to Mosaic (2). When a user performs an action, for example, clicks a login button (3), your client passes this information to your backend (4) and the backend triggers an action event to Mosaic (5). Having received an action token (6), the application backend uses it to fetch recommendation from Mosaic (7 & 8) and instructs the client to act accordingly (9) in order to complete the login procedure (10). As a last step, your server can report the action result back to Mosaic and set the user (11).

Client-side integration flow

The flow starts with the user navigating to the webpage or app (1). The SDK gets initialized and starts sending telemetry to Mosaic (2). When a user performs an action, for example, clicks a login button (3), the SDK triggers an action event (4) and obtains an action token (5) which then forwards to the backend (6). Having received an action token, the application backend uses it to fetch recommendation from Mosaic (7 & 8) and instructs the client to act accordingly (9) in order to complete the login procedure (10). Upon successful login, the client sets the user (11). As a last optional step, your server can report the action result back to Mosaic (12).

Understand similarities

Any Fraud Prevention integration requires you to install and initialize the relevant Mosaic's SDK (for Web, Android, or iOS, etc.) in order to collect and stream telemetry data to Mosaic.

Understand differences

The major difference comes in triggering events for user actions and processing the recommendations for those actions.

The backend integration relies on the concept of device session token—a unique opaque token that binds interactions to a device. Naturally, the backend integration handles triggering the actions and other tasks through the APIs coming from your server. These calls include:

• Triggering an action event
• Fetching recommendation
• Reporting action result and setting the user

Although in the client-side integration, recommendations are still obtained with the backend API call (Fetching recommendation), the following tasks are performed via SDK:

• Triggering an action event (for example, see Web SDK )
• Setting the user (for example, see Web SDK )
• Clearing the user (for example, see Web SDK )

Choose the right integration

Backend integration: Mosaic recommends implementing an integration leveraging backend APIs for production applications. This approach allows you to build flexible logic server-side logic depending on obtained recommendations. For detailed instructions, see Backend API quick start guide.

• Is more secure — action triggering is controlled by the app backend with no data being exposed to clients.
• Allows for optimizations and has lower latency on the backend — for example, triggering an action event with get_recommendation=true saves the Get recommendation API call.
• Has lower latency for the end-user and less impact on the client
• Streamlines implementation — no need to manage triggering action events across your web and mobile applications, the action event triggering and managing the user identity is centralized on the backend.

Client-side integration: Integrations leveraging mostly client-side SDK calls are lightweight and recommended for POC, MVP, and test applications. For example, refer to Web SDK quick start guide for detailed instructions.

• Are faster to implement and roll out (require only minimal backend).
• Is suitable for monitoring — can be done without any backend which caters to the use cases when the app is only collecting telemetry data while the risk analysis is handled outside Mosaic.
• Has higher accuracy — any additional event from the client enhances the information Mosaic knows about the actor.