Detect & prevent account sharing
This quick start guide will walk you through the steps to integrate Rupt into your app or website using JavaScript.
1. Installation
Using a package manager
yarn add rupt
When using HTML script tags, be sure to wait for the script to be loaded. Rupt will be injected into the window so you can use window.Rupt instead of Rupt.
2. Usage
The main task you need to do is to attach devices to accounts. Ideally, attach on all web pages and on mobile app launch.
By doing this, Rupt associates devices to accounts and detect behaviors that indicate account sharing. For more on this, see: How account sharing prevention works?
Attach a device
First import the script (only if you installed using a package manager)
import Rupt from "rupt";
Call the attach function to link the device to the account. You must pass the client_id and a account.
await Rupt.attach({
client_id: "client_id",
account: "account_id",
email: "user_email", // Optional
phone: "user_phone", // Optional
redirect_urls: {
logout_url: "https://your-logout-url.com",
new_account_url: "https://your-create-new-account-url.com",
},
groups: [
// an array of groups or a single group object
{
id: "group_id",
name: "group name", // Optional
},
],
});
You should call the attach function on every page as soon as you have the account id available. For more on this refer to the advanced section: When and where to call the attach function?
The email and phone are optional but strongly recommended. If you want to ask users to verify accounts before they kick out other people using their account, you should provide the email and/or phone fields.
Rupt will take care of the rest. If Rupt determines there's misbehavior, and challenges are enabled, it will trigger a challenge. For more on this, see: Challenges