Credolab SDK for Web (credoWeb) is a JavaScript library that tracks and captures user behaviors and digital footprints on the web page. This information is uploaded to the credolab web service for future use as scorecards and fragments.


Flutter Web

The SDK can track events that occur on the UI. However, due to the Flutter web rendering process, SDK is unable to recognize the elements where these particular events take place. As a result, the DOM area doesn't contain the actual list of elements with which the user interacts.


Dependency NameVersion


Common Library

The list below shows the data collected by the common library.

BehavioralDataMetadata related to the user's behavior on the website. 
We collect 3 event type categories: keyboard, input, and pointer event. 
An event type matching each user's action is recorded along with its time, event details (key type, mouse coordination), input details (if any), and DOM element information.
BrowserInfoMetadata related to the user's browser/device information, such as operating system, browser type, and screen details.
DOMMetadata related to Document Object Model. This information describes all available objects on the webpage (input fields, buttons, etc).
GeneralInfoMetadata related to the SDK and other miscellaneous details such as data collection time and SDK version.
TracingInfoMetadata related to the user's behavior while touching the screen with a finger or stylus. Represents every finger used during one event

Common Library with TruValidate (formerly known as iovation)

TruValidate (formerly known as iovation) is a part of the credolab's SDK, which runs analyses of the digital footprint based on fraud prevention rules. If the device and/or account are already known, it checks for any confirmed fraud and abuse history. Based on this risk assessment, the functionality returns a recommendation to allow, review, or deny the transaction.

Credolab SDK with the TruValidate feature fulfils a multi-domain recognition that employs scripts from both your domain (the First-party domain) and TruValidate's domain (the Third-party domain). Including scripts from both of these domains allows TruValidate to:

  • Third-Party JavaScript
    Share fraud history for devices and accounts across the network of TruValidate’s subscribers
  • First-Party JavaScript
    Collect device information for users whose browsers are configured to disable third-party JavaScript or to block the TruValidate domain.

Credolab will provide a script for you to include on your website. This script will load the appropriate resources from both sets of domains. The components loaded by the script are dynamically generated and, therefore, not included within the script provided, nor should they be directly included on your page.

The dynamic first-party script can be retrieved by setting up a reverse proxy to get the files from the TruValidate-hosted server.