Integrate using Google Tag Manager

This guide describes how to use Google Tag Manager (GTM) to integrate Detection and Response services into your web app. For more information about GTM, refer to Google's documentation. See:

Note

This guide describes integrating using the new Platform SDK. If you've already integrated using the older Detection and Response SDK, you can find that guide here.

Prerequisites

Your web application must be integrated with Google Tag Manager (see Quick-start for Web), and send it the user identifier (for authenticated users) and the user actions you want to evaluate with Transmit.

The examples in this guide use the data layer to send information to Google tags.

Step 1: Get client credentials

Client credentials are used to identify your app and generate access tokens for authorizing Transmit requests. To obtain them, you'll need to create an application in the Admin Portal (if you don’t have one yet).

  1. From Applications , click Add application .
  2. Add the friendly application name to display in the Admin Portal.
  3. Add a client display name, and your website URL as a redirect URI (e.g., https://your-domain.com ).
    Note

    These fields are required for all Transmit apps, but won’t be used for Detection and Response.

  4. Click Add to create your application. This will automatically generate your client credentials.

Step 2: Create GTM variables

To send the user identifier and action to Transmit, you'll need GTM variables that store these values. Create a variable for the user identifier and another one for the user action you want to report.

For example, create a new User-Defined Variable, set its title (e.g., Transmit user ID) and configuration to Data Layer Variable, and then provide the name of the variable that your web app sends to GTM (e.g., userID).

Note

The user ID must not include personal identifiers, such as email. In addition, the user action must resolve to one action type. For the complete list of action types, see our recommendations page.

Step 3: Load SDK via GTM

Create a new custom tag with the HTML script that loads and initializes the Platform SDK. This tag should be triggered for all pages.

In the snippet below, the SDK is initialized with the user ID (for users that are fully authenticated, including, for example, any required 2FA that was done).

Copy
Copied
 // Loads the latest SDK within the major version 1
 // See changelog for details and update version if necessary
 <script src="https://platform-websdk.transmitsecurity.io/platform-websdk/1.x/ts-platform-websdk.js" id="ts-platform-script" defer="true" ></script>
    <script>
      console.log("Start event listener for tsPlatform script");
      document.getElementById("ts-platform-script").addEventListener("load", function() {
          window.tsPlatform.initialize({
            clientId: "[CLIENT_ID]", // Client ID found in the app settings
            drs: { userId: "[USER_ID]" }, // GTM variable; if user ID exists
          });
      });
    </script>

Step 4: Report actions via GTM

To obtain risk recommendations for sensitive actions, your application should report these actions using the Platform SDK. To do this with GTM, you need to create a custom tag to send the action to Transmit. The tag should be triggered every time a user performs a sensitive action.

For example, create a custom tag (e.g., Transmit action) with the following code where [transmit_action] is the GTM variable you created for storing user actions in step 2. This tag should be triggered when a sensitive action is requested in your application.

Supported actions

These actions are currently supported: login, register, transaction, password_reset, logout, checkout, account_details_change, account_auth_change, withdraw, or credits_change.

Copy
Copied
    <script>
      function saveActionTokenToDataLayer(actionResponse) {
            dataLayer.push({"transmit_action":actionResponse.actionToken}); // transmit_action - GTM variable that stores user actions
      }
      window.tsPlatform.drs.triggerActionEvent("[transmit_action]").then(saveActionTokenToDataLayer);
    </script>
Note:

Make sure to pass the received actionToken to your backend along with the actual action invocation to ensure you can leverage the recommendation in the next step.

Step 5: Fetch recommendation

You can fetch recommendations for the reported action using the Recommendation API.

Copy
Copied
  const { access_token } = await fetch(
    `https://api.transmitsecurity.io/oidc/token`,
    {
      method: 'POST',
      headers: {
        'Content-Type': 'application/x-www-form-urlencoded'
      }
      body: new URLSearchParams({
        grant_type: client_credentials,
        client_id: [CLIENT_ID], // Client ID found in the app settings
        client_secret: [CLIENT_SECRET], // Client secret found in the app settings
        resource: 'https://risk.identity.security' //DRS resource
      })
    }
  );

From your backend, invoke the Recommendation API by sending a request like the one below:

Copy
Copied
const query = new URLSearchParams({
  action_token: '[ACTION_TOKEN]', // 'actionToken' received from the SDK
}).toString();

const resp = await fetch(
  `https://api.transmitsecurity.io/risk/v1/recommendation?${query}`,
  {
    method: 'GET',
    headers: {
      Authorization: 'Bearer [ACCESS_TOKEN]', // Authorization token you obtained using your client credentials
    },
  }
);

Step 6: Clear user

After the user logs out or the user session expires, you should clear the set user so they are not associated with future actions. To clear the user with GTM, you need to create a custom tag to send the clearUser() event to Transmit.

For example, create a new custom tag (e.g., Transmit clear user) that invokes the sample code and is triggered when the user logs out (i.e., clicking the Logout button is specified in the trigger configuration).

Copy
Copied
<script>
  document.getElementById("ts-platform-script").addEventListener("load", function() {
    window.tsPlatform.drs.clearUser();
    console.log("Transmit user cleared");
  });
</script>