DocsFAQ

Frequently Asked Questions

Common questions and answers about Dfence.

Getting Started

How do I get started with Dfence?

  1. Contact our team: Visit our contact page to request an account
  2. Receive your credentials: You'll get your project token and access to the Dfence Console
  3. Install the SDK: Add the Dfence snippet to your website (see Getting Started for details)

Do I need to install anything via npm?

No. Dfence provides a CDN-served SDK that you simply include in your HTML. No package manager installation required.

What do I need to get started?

You need:

  • A project token (provided by Dfence)
  • A userId (unique identifier for each logged-in user in your application)

Is the SDK compatible with older browsers?

Yes. The Dfence SDK is ES5-compatible and works on all modern browsers, including Internet Explorer 11+. It includes polyfills for older browsers to ensure compatibility.

Configuration

What is the userId and why is it required?

The userId is a unique identifier for the currently logged-in user in your application. Dfence uses it to track sessions across different devices and browsers. You can use any unique string that identifies your user (e.g., user database ID, email address, username).

Important: Set this value dynamically when a user logs in and keep it consistent for the same user across sessions.

What's the difference between concurrence and device-limit modes?

  • concurrence (default): Detects when the same account is accessed from multiple devices simultaneously. Ideal for enforcing strict single-device policies.
  • device-limit: Enforces a maximum number of devices that can be active for a user simultaneously. Perfect for subscription tiers with device-based restrictions.

See Detection Modes for detailed information about each mode.

Can I change the configuration after the SDK loads?

Yes. You can call dfence.load() again with updated configuration. However, some changes may require reloading the page to take full effect.

Can I disable Dfence for certain users or environments?

Yes. Set enable: false in your configuration:

dfence.load('YOUR_TOKEN', {
  userId: 'USER_ID',
  enable: false  // SDK won't start monitoring
});

This is useful for feature flags, A/B testing, or disabling in development environments.

What happens if I don't provide custom onBlock and onUnblock handlers?

Dfence automatically uses its built-in pop-in UI to handle blocking. The default pop-in includes automatic translation (English and French) and an FAQ section.

Technical Details

How is the device ID generated?

Device IDs are automatically generated using the format: df + 13 random alphanumeric characters (e.g., dfabc123def456). They're stored in secure cookies with a 365-day expiration.

Integration

Can I use Dfence with React/Vue/Angular/Next.js?

Yes! Dfence works with any JavaScript framework. The SDK is framework-agnostic and can be integrated into any web application.

Example with React:

import { useEffect } from 'react';

function App() {
  useEffect(() => {
    // Load SDK when component mounts
    dfence.load('YOUR_TOKEN', {
      userId: getCurrentUserId() // Your function to get user ID
    });
    
    return () => {
      // Cleanup: pause when component unmounts
      dfence.pause();
    };
  }, []);
  
  return <YourApp />;
}

Do I need to modify my backend?

No. Dfence works entirely client-side with the JavaScript SDK. No backend modifications required.

Can I use Dfence with server-side rendering (SSR)?

Yes, but you need to load the SDK on the client side only. The SDK should only run in the browser, not during server-side rendering.

Example with Next.js:

import { useEffect } from 'react';

export default function Page() {
  useEffect(() => {
    // Only runs on client side
    dfence.load('YOUR_TOKEN', {
      userId: getCurrentUserId()
    });
  }, []);
  
  return <YourContent />;
}

How do I handle user login/logout?

On login:

function handleLogin(user) {
  dfence.load('YOUR_TOKEN', {
    userId: user.id
  });
}

On logout:

function handleLogout() {
  dfence.pause(); // Stop monitoring
  // Optionally reload with empty userId
  dfence.load('YOUR_TOKEN', {
    userId: '',
    enable: false
  });
}

Can I customize the blocking UI?

Yes! You can provide custom onBlock and onUnblock handlers to implement your own blocking UI:

dfence.onBlock(function() {
  // Your custom blocking UI
  showCustomModal('Account already in use');
});

dfence.onUnblock(function() {
  // Clean up your custom UI
  hideCustomModal();
});

See Customizing the Blocking Experience for detailed examples and best practices.

Can I use my own domain for the SDK?

Yes. You can use a custom domain endpoint:

dfence.load('YOUR_TOKEN', {
  userId: 'USER_ID',
  url: 'https://detect.yourcompany.com'
});

Note: Contact the Dfence team to set up a CNAME record pointing your custom subdomain to the Dfence infrastructure before using this configuration.

Security & Privacy

Is Dfence secure?

Yes. Dfence implements several security measures:

  • Uses encrypted device IDs stored in secure cookies
  • Validates all requests with brand tokens
  • Supports CORS for secure cross-origin requests
  • Doesn't store sensitive user data
  • Uses HTTPS for all API communications

What data does Dfence collect?

Dfence collects:

  • Device IDs (stored in cookies)
  • User IDs (provided by you)
  • Session timestamps
  • Event data (if you use dfence.event())

Dfence does not collect:

  • Passwords or authentication credentials
  • Personal identifiable information (unless you include it in userId)
  • Browsing history
  • Form data

Does Dfence comply with GDPR/privacy regulations?

Dfence is designed to be privacy-friendly:

  • Minimal data collection
  • No sensitive user data stored
  • Device IDs are anonymized
  • You control what data is sent (via userId)

For specific compliance questions, contact support or your legal team.