Skip to content

securenative/securenative-php

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

148 Commits
.github/workflows
.github/workflows
 
 
build/logs
build/logs
 
 
src
src
 
 
tests
tests
 
 
.gitignore
.gitignore
 
 
.prettierrc
.prettierrc
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
composer.json
composer.json
 
 
phpunit.xml
phpunit.xml
 
 

Repository files navigation

SecureNative Logo

A Cloud-Native Security Monitoring and Protection for Modern Applications

Github Actions npm version

Documentation | Quick Start | Blog | Chat with us on Slack!

SecureNative performs user monitoring by analyzing user interactions with your application and various factors such as network, devices, locations and access patterns to stop and prevent account takeover attacks.

Install the SDK

When using Composer run the following command:

$ composer require securenative/securenative-php

Add required imports

require_once __DIR__ . '/vendor/autoload.php';

use SecureNative\sdk\SecureNative;
use SecureNative\sdk\SecureNativeOptions;
use SecureNative\sdk\EventTypes;
use SecureNative\sdk\SecureNativeContext;

Initialize the SDK

To get your API KEY, login to your SecureNative account and go to project settings page:

Option 1: Initialize via API_KEY and SecureNativeOptions

$options = new SecureNativeOptions();
$options->setTimeout(100)
    ->setApiUrl("API URL")
    ->setDisable(false)
    ->setInterval(100)
    ->setAutoSend(true)
    ->setMaxEvents(10)
    ->setLogLevel('fatal');

// Passing `$options` is optional, will use default params
SecureNative::init("[API_KEY]", $options);

Option 2: Initialize via configuration file

Attach securenative.json file to your root folder:

{
  "SECURENATIVE_API_KEY": "YOUR_API_KEY",
  "SECURENATIVE_APP_NAME": "APP_NAME",
  "SECURENATIVE_API_URL": "API_URL",
  "SECURENATIVE_INTERVAL": 1000,
  "SECURENATIVE_MAX_EVENTS": 100,
  "SECURENATIVE_TIMEOUT": 1500,
  "SECURENATIVE_AUTO_SEND": true,
  "SECURENATIVE_DISABLE": false,
  "SECURENATIVE_LOG_LEVEL": "fatal"
}

Then, call SDK's init function without props (sending props will override JSON configurations).

SecureNative::init();

Option 3: Initialize via environment variables

Pass desired environment variables (for example):

SECURENATIVE_API_KEY=TEST_KEY
SECURENATIVE_API_URL=http://url
SECURENATIVE_INTERVAL=100
SECURENATIVE_MAX_EVENTS=30
SECURENATIVE_TIMEOUT=1500
SECURENATIVE_AUTO_SEND=true
SECURENATIVE_DISABLE=false
SECURENATIVE_LOG_LEVEL=fatal

Then, call SDK's init function without props (sending props will override JSON configurations).

SecureNative::init();

Tracking events

Once the SDK has been initialized, tracking requests sent through the SDK instance.

$clientToken = "[SECURED_CLIENT_TOKEN]";
$headers = (object)["user-agent" => "Mozilla/5.0 (iPad; U; CPU OS 3_2_1 like Mac OS X; en-us"];
$ip = "79.179.88.157";
$remoteIp = null;
$url = null;
$method = null;
$body = null;

$ctx = new SecureNativeContext($clientToken, $ip, $remoteIp, $headers, $url, $method, $body);

SecureNative::track(array(
    'event' => EventTypes::LOG_IN,
    'context' => $ctx,
    'userId' => '1234',
    'userTraits' => (object)[
        'name' => 'Your Name',
        'email' => 'name@gmail.com'
    ],
    // Custom properties
    'properties' => (object)[
        "custom_param1" => "CUSTOM_PARAM_VALUE",
        "custom_param2" => true,
        "custom_param3" => 3
    ]
));

You can also create request context from request:

SecureNative::track(array(
   'event' => EventTypes::LOG_IN,
   'context' => SecureNative::contextFromContext(),
   'userId' => '1234',
   'userTraits' => (object)[
       'name' => 'Your Name',
       'email' => 'name@gmail.com'
   ],
   // Custom properties
   'properties' => (object)[
       "custom_param1" => "CUSTOM_PARAM_VALUE",
       "custom_param2" => true,
       "custom_param3" => 3
   ]
));

Verify events

Example

$options = new SecureNativeOptions();

$ver = SecureNative::verify(array(
    'event' => EventTypes::VERIFY,
    'userId' => '1234',
    'context' => SecureNative::fromRequest(),
    'userTraits' => (object)[
        'name' => 'Your Name',
        'email' => 'name@gmail.com'
    ]
));

print_r($ver->riskLevel);   // (Low, Medium, High)
print_r($ver->score);       // (0 - Very Low, 1 - Very High)
print_r($ver->triggers);    // (Example: ["TOR", "New IP", "New City"])

Webhook signature verification

Apply our filter to verify the request is from us, for example:

$verified = SecureNative::getMiddleware()->verifySignature();

if ($verified) {
    // Request is trusted (coming from SecureNative) 
}

Extract proxy headers from cloud providers

You can specify custom header keys to allow extraction of client ip from different providers. This example demonstrates the usage of proxy headers for ip extraction from Cloudflare.

Option 1: Using config file

{
    "SECURENATIVE_API_KEY": "YOUR_API_KEY",
    "SECURENATIVE_PROXY_HEADERS": ["CF-Connecting-IP"]
}

Initialize sdk as shown above.

Options 2: Using ConfigurationBuilder

$options = new SecureNativeOptions();
$options->setProxyHeaders(["CF-Connecting-IP"]);

SecureNative::init();

Remove PII Data From Headers

By default, SecureNative SDK remove any known pii headers from the received request. We also support using custom pii headers and regex matching via configuration, for example:

Option 1: Using config file

{
    "SECURENATIVE_API_KEY": "YOUR_API_KEY",
    "SECURENATIVE_PII_HEADERS": ["apiKey"]
}

Initialize sdk as shown above.

Options 2: Using ConfigurationBuilder

$options = new SecureNativeOptions();
$options->setPiiRegexPattern("/http_auth_/i");

SecureNative::init();

About

SecureNative SDK for PHP

securenative.com

Topics

php sdk securenative security-platform

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

4 watching

Forks

0 forks
Report repository

Releases 6

v1.0.20 Latest
Nov 30, 2020
+ 5 releases

Packages

No packages published

Contributors 5

Languages