**Last updated**: 16 July 2026 | [**Change log**](/products/payments/changelog/)

# Web device data

When combined with order and transaction details, device data (IP address, Device Id, geolocation information, etc.) can be a strong indicator for fraud.

Utilizing device data with our FraudSight API is a two-step process. Step one is to collect the device data. Step two is to submit an assessment ([FraudSight API](/products/fraudsight/assessment)) or payment ([Payments API](/products/payments/)) that will use the device data for evaluation.

Described below is step one for Web (JS).

## Ravelin SDK

Ravelin JS library for web sites. For now, we recommend only adding the core library as per the instructions below.

You can see additional details on the Ravelin integration docs.

### Public keys

You must use these exact keys on the corresponding environment when initializing the SDK.

| Environment | Public key |
|  --- | --- |
| Try/Test | 
```
publishable_key_test_Vr7SqPVrpkvlGBPojzhsckmOriasTUBPQ1UdMw
```
 |
| Live | 
```
publishable_key_live_Vr7SqPeyQpg6qS5NeD7bCvA2P3f6gfFb5kAui4
```
 |


### Steps

JavaScript
Get the latest `core.min.js` library from the Ravelin [GitHub releases page](https://www.github.com/unravelin/ravelinjs/releases). `track` and `encrypt` features are not currently used.

```html
<script src="ravelin-core.min.js"></script>
<script>var ravelin = new Ravelin({key: 'publishable_key_...'})</script>
```

npm
You can install ravelinjs with npm using `npm i ravelinjs@2` and require or import Ravelin for instantiating:

```js
import Ravelin from 'ravelinjs/core';
/* or */ const Ravelin = require('ravelinjs/core');
var ravelin = new Ravelin({key: 'publishable_key_...'});
```

This will set the `ravelinDeviceId` cookie on your domain, send a page-load event, and then allow you to call:

`ravelin.core.id().then(function(id) { ... })` to get the deviceId, e.g. `rjs-25998f27-ed8d-4b71-a516-d3147f695f20`

Do not attempt to parse or validate the format of the ID as we may change it without warning in the future.

## Example deviceId generation

Here is the Ravelin JS script in action. Select an environment and click generate to receive a deviceId.

Access FraudSight - Ravelin JS
## API base URL

Ravelin JS supports sending events to a user defined API base URL, useful for bypassing ad-blockers that rely on matching the ravelin.click domain.

Speak to your Worldpay Account Manager for help setting up a custom subdomain.

```
var rav = new Ravelin({key: 'publishable_key_...', api: 'https://foo.store.com'})
```

## Linking the device data with the fraud assessment

When sending the [payment request](/products/payments/openapi/payment/payment#payment/payment/t=request&path=instruction&d=0/fraud) include the deviceId in `fraud.deviceData.collectionReference` key:value.

```json
"deviceData": {
  "provider": "ravelin",
  "collectionReference": "rjs-25998f27-ed8d-4b71-a516-example"
}
```