# A complete integration

## Introduction

Safe-e lets you visualize your customers' journeys during the entire interaction phase with your online product, so you can identify the most sophisticated types of fraud that otherwise go unnoticed.

Using the Safe-e API, you can send user activity (which we call *events*) from both your  backend, and it will assess the risk associated with each action.

The following guide explains all the events supported by Safe-e, with recommendations on which ones to integrate. At a high level, the steps to a successful integration:

1. **Send *****server-side***** activities** such as registration, login, profile updates, and transactions, as well as any business-critical custom events. Server-side events can also be used for real-time blocking of activity, and they will return a set of data such as risk score, risk signals and policy settings.
2. **Configure inline blocking** to make use of the inline risk assessment capabilities of the Risk and Filter APIs and take action against suspicious users in real-time.

## Step One. Send server-side activities

The login activity is sent to Safe-e whenever a user authenticates on your platform, and provides important information for detecting login related fraud, such as credential stuffing attacks or account takeovers. The inline response from the Risk endpoint can be used at any point in your application to determine when to step up verification.

How to add the Login activities:

1. The user submits a form with credentials, e.g. email and password;
2. The email and password are checked against the user database;
3. If the credentials are correct, send `$login` with `$succeeded` status.

<figure><img src="/files/JNAuEH7ggUAD8p0KtBUF" alt=""><figcaption><p>Overview of where in the login flow to send with $succeeded status</p></figcaption></figure>

### Taking action

The response from the API call to Risk can then be used to take different actions, typically:

* Upon `deny`, block the request and redirect the user back to the login form, with a message that the credentials were incorrect';
* Upon `challenge`, prompt the user for additional verification, e.g. via email or 2FA, if applicable.

Use the Risk API to send information about the user at the point where the credentials are validated. It doesn't necessarily mean that you have created a session yet (despite the name of the event being "login succeeded"). You should send this event *before* any additional multi-factor authentication is triggered by your app.

{% tabs %}
{% tab title="Python" %}
{% code overflow="wrap" %}

```python
# Install via pip
pip install httpx


# Import httpx library
import httpx

# Define example data
example_data = {
	"type": "$login",
	"status": "$succeeded",
	"user_headers": {
		"user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.1 Safari/605.1.15",
		"host": "site.customer.com",
		"accept_language": "en-US",
		"accept_encoding": "gzip, deflate, br",
		"accept": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"
	},
	"product": "Safee-Login",
	"user": {
		"user_id": "098080381",
		"user_email": "user@customer.com",
		"user_ip": "156.146.48.12"
	}
}

# Define Headers
headers = {'Content-Type': 'application/json', 'Authorization-API': 'xxx.xxx.xxx.xxx'}

# Make sample request
req = httpx.post('https://api.safe-e.com/api/v1/risk/login', headers=headers, json=example_data)

# IMPLEMENT: Deny attempt
if req.json()['risk'] > 30.0:
	# Deny attempt. Likely a bad actor bypassing fingerprinting
```

{% endcode %}
{% endtab %}
{% endtabs %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.safe-e.com/a-complete-integration.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.