Getting Started

This guide will walk you through the fundamentals and help you integrate Dfence in just a few minutes.

Whether you're building a simple proof of concept or preparing a full-scale rollout, this page contains everything needed to get up and running quickly.

Step 1: Create an account

To get started with Dfence, you'll need to create an account and obtain your credentials. Currently, account creation is handled through direct contact with our team.

How to get started:

1. Contact our team: Visit our contact page to reach out and request an account
2. Receive your credentials: Once your account is set up, we'll provide you with:
   • Your project token (required for authentication)
   • Access to the Dfence Console (for monitoring and configuration)
   • Any custom domain setup instructions (if applicable)
3. Ready to integrate: With your credentials in hand, you can proceed to install Dfence on your application

Step 2: Install Dfence on your site

You don’t need to install anything via npm. Dfence provides a CDN-served SDK that you simply include in your frontend.

Add the script tag inside your HTML:

Copy
<script type="text/javascript">
  (function(){var a="dfence",e=window[a]=window[a]||[];if(!e.initialized){if(e.invoked){window.console&&console.error&&console.error("Dfence snippet included twice.");return}e.invoked=!0,e.methods=["pause","resume","event","onBlock","onUnblock"],e.factory=function(n){return function(){if(e.initialized)return e[n].apply(e,arguments);var r=Array.prototype.slice.call(arguments);return r.unshift(n),e.push(r),e}};for(var i=0;i<e.methods.length;i++){var c=e.methods[i];e[c]=e.factory(c)}e.load=function(n,r){if(!n){console.error("Dfence token is required");return}r=r||{},r.token=n,e.config=e.config||{};for(var s in r)Object.prototype.hasOwnProperty.call(r,s)&&(e.config[s]=r[s]);if(!(e.loading||e.initialized)){var o=e.config&&e.config.url?e.config.url+"/sdk.js":"https://detection.dfence.app/sdk.js";!o.startsWith("http://")&&!o.startsWith("https://")&&(o="https://"+o),e.loading=!0;var t=document.createElement("script");t.type="text/javascript",t.async=!0,t.src=o;var l=document.getElementsByTagName("script")[0];l.parentNode.insertBefore(t,l),t.onload=function(){e.loading=!1},t.onerror=function(){e.loading=!1,window.console&&console.error&&console.error("Failed to load Dfence SDK from "+t.src)}}}}
  // This can be called here (inside snippet) or separately after the snippet
  dfence.load('YOUR_TOKEN', {
    userId: 'THE_USER_ID'
  });
  })();
</script>

Understanding the load Function

The dfence.load() function is used to initialize and configure the Dfence SDK. It requires two parameters:

1. token (first parameter, required): A token provided by Dfence that authenticates your application and authorizes API requests. This token is unique to your Dfence project and is obtained when you set up your account with the Dfence team.

2. Configuration object (second parameter, required): An object containing SDK configuration options. The userId property is mandatory for Dfence to launch:

   • userId (required): A unique identifier for the currently logged-in user in your application. This is used by Dfence to track sessions across different devices and browsers. You can use any unique string that identifies your user (e.g., user database ID, email address, username). This value should be set dynamically when a user logs in and should remain consistent for the same user across sessions.
   • Additional configuration options can be included in this object (see SDK Configuration for full details).

Custom Domain with CNAME

For enterprise deployments or enhanced security, you can use your own custom (or branded) subdomain to serve the SDK and API endpoints. This allows requests to appear on your own domain for branding, CORS policies, or security requirements.

To use a custom domain, add the url property to the configuration object passed to dfence.load(). The URL should point to your custom subdomain provided by the Dfence team (typically something like https://detect.yourcompany.com).

Example with custom domain:

Copy
<script type="text/javascript">
  (function(){var a="dfence",e=window[a]=window[a]||[];if(!e.initialized){if(e.invoked){window.console&&console.error&&console.error("Dfence snippet included twice.");return}e.invoked=!0,e.methods=["pause","resume","event","onBlock","onUnblock"],e.factory=function(n){return function(){if(e.initialized)return e[n].apply(e,arguments);var r=Array.prototype.slice.call(arguments);return r.unshift(n),e.push(r),e}};for(var i=0;i<e.methods.length;i++){var c=e.methods[i];e[c]=e.factory(c)}e.load=function(n,r){if(!n){console.error("Dfence token is required");return}r=r||{},r.token=n,e.config=e.config||{};for(var s in r)Object.prototype.hasOwnProperty.call(r,s)&&(e.config[s]=r[s]);if(!(e.loading||e.initialized)){var o=e.config&&e.config.url?e.config.url+"/sdk.js":"https://detection.dfence.app/sdk.js";!o.startsWith("http://")&&!o.startsWith("https://")&&(o="https://"+o),e.loading=!0;var t=document.createElement("script");t.type="text/javascript",t.async=!0,t.src=o;var l=document.getElementsByTagName("script")[0];l.parentNode.insertBefore(t,l),t.onload=function(){e.loading=!1},t.onerror=function(){e.loading=!1,window.console&&console.error&&console.error("Failed to load Dfence SDK from "+t.src)}}}}
  // Load SDK with custom domain
  dfence.load('YOUR_TOKEN', {
    userId: 'THE_USER_ID',
    url: 'https://detect.yourcompany.com'  // Custom domain endpoint
  });
  })();
</script>

Note: Contact the Dfence team to set up a CNAME record pointing your custom subdomain to the Dfence infrastructure before using this configuration.

🎉 You’re Ready to Go

Your application is now protected against unauthorized account sharing. Next steps:

• Learn about the two detection strategies → Detection Modes
• Learn how to customise the blocking experience → Customise the blocking
• Deep-dive into SDK integration → JavaScript SDK
• Review common questions → FAQ