Overview

This SDK integrates solutions from Checkout and Forter, two leading risk management providers, to collect user device information on merchant websites and submit risk data via OpenAPI during order creation.

It helps build a multi-layered intelligent defense system for your business. Checkout acts like a “device fingerprint detective,” identifying device-level risks (e.g., virtual machines, cheating tools) and preventing automated or repeated attacks. Forter acts like a “behavior analyst,” analyzing user behavior patterns in real-time using a global identity graph to accurately distinguish legitimate users from fraudsters.

By combining both, the SDK can significantly reduce fraud (such as carding or reward abuse) while minimizing false positives for genuine users, improving approval rates, and maximizing transaction revenue without compromising security.

Core functions

Device fingerprint collection – Generates a unique device identifier (deviceSessionId) via Checkout.
Risk behavior analysis – Generates a risk analysis token (forterToken) via Forter.
Retrieve or generate a persistent device identifier (deviceId) and store it in localStorage. It supports custom storage key names and expiration times.

Integration example

<!-- sandbox -->
<script src="https://ramptest.osl-pay.com/js/op-risk.min.js"></script>
<!-- production -->
<script src="https://ramp.osl-pay.com/js/op-risk.min.js"></script>

<script>
  // initialization pay deviceSessionId
  async function getDeviceSessionId() { 
    try {
      await OSLPayRisk.initDeviceSession();
      const sessionId = OSLPayRisk.getDeviceSessionId();
      console.log(sessionId);
    } catch (error) {
      console.log(error);
    }
  }
  getDeviceSessionId();

  // initialization forter token
  async function initForterToken() { 
    try {
      await OSLPayRisk.initForterToken();
      const forterToken = OSLPayRisk.getForterToken();
      console.log(forterToken);
    } catch (error) {
      console.log(error);
    }
  }
  initForterToken();
  
  async function getDeviceId() { 
    try {
      const deviceId = await OSLPayRisk.getDeviceId({ 
          deviceKeyName?: string,  
          expireTime?: number      
      })
      console.log(deviceId);
    } catch (error) {
      console.log(error);
    }
  }
  getDeviceId();
</script>

If your website enforces a Content Security Policy (CSP) header, please allow the following directives:

connect-src https://*.osl-pay.com https://*checkout.com wss://*.checkout.com https://*.forter.com
frame-src https://*.osl-pay.com https://*checkout.com wss://*.checkout.com https://*.forter.com
script-src https://*.osl-pay.com https://*checkout.com wss://*.checkout.com https://*.forter.com

SDK methods

Method	Description	Return value
`initDeviceSession()`	`Initializes and obtains the` deviceSessionId`	`Promise<void>`
`getDeviceSessionId()`	Retrieves the `deviceSessionId`	`string\| null`
`initForterToken()`	Initializes and obtains the `forterToken`	`Promise<void>`
`getForterToken()`	Retrieves the `forterToken`	`string\| null`
`getDeviceId({ deviceKeyName?: string, expireTime?: number })`	`Retrieves the deviceId` `deviceKeyName: Custom key name, default value is oslPayMerchantDeviceId` `expireTime: Expiration time in milliseconds, default is 86400000 (24 hours)`	`string \| null`

The deviceSessionId is valid for 20 minutes (while forterToken and deviceId have no expiration). The best practice is to execute the init method as soon as you enter the confirmation payment page, and then retrieve the parameters via the get method after the user clicks the confirm button.