Capturing the customer's IP address
You can capture the IP address of the customer who placed the order. Digital River uses this IP address to identify and prevent fraudulent activities.
Capturing a customer's IP address is essential for assessing and preventing fraud in online transactions. Including the IP address in API requests allows merchants to use robust fraud prevention tools, enhancing the security of the online shopping experience.
Updating the customer's IP address in the cart
Updating the customer's IP address in their cart is crucial in enhancing online transaction security. By accurately recording the IP address, merchants can better use fraud prevention tools to safeguard against unauthorized activities. This guide walks you through the steps to capture and use a customer's IP address within the Commerce API, ensuring a more secure and reliable shopping experience.
To capture a customer's IP address:
Ensure you obtain your access token during cart creation. For instructions on generating the access token, refer to Creating a cart.
Issue a
POST /v1/shoppers/me/carts/active
request . Substitute{Your_API_Key}
with your API key and add the{ipAddress}
field to the payload. The API will check the IP address format and employ it for fraud detection. If not included, the API will proceed with the request. The Commerce API supports both IPv4 and IPv6 address formats. When anipAddress
is captured in a request, Digital River will use it for fraud screening when the order is submitted.
IPv4 example
The following example shows how to issue a POST /v1/shoppers/me/carts/active
request using the cURL command-line tool to add a customer's IP address in IPv4 address format to the active cart. This action tracks the customer's activity, aiding in fraud prevention efforts.
You will get a 200 Successful
response.
IPv6 example
In this example, we show how to issue a POST /v1/shoppers/me/carts/active
request using the cURL command-line tool to add a customer's IP address in IPv6 address format to the active cart. This step is essential for tracking customer activities and preventing fraudulent transactions.
You will get a 200 Successful
response.
Collecting the IP address through a connector
When using a connector (WordPress Plugin, Magento Extension, Salesforce B2B Commerce App, etc.), the connector gathers all required cart data, including the customer's IP address, before calling the Cart resource. In these cases, the IP address should be sent in the POST /v1/shoppers/me/carts/active/submit-cart
request.
IPv4 example
The following example shows how to issue a POST /v1/shoppers/me/carts/active/submit-cart
request to add the customer's n IPv4 address in the request payload to submit the cart successfully.
You will get a 200 Successful
response.
IPv6 example
The following example shows how to issue a POST /v1/shoppers/me/carts/active/submit-cart
request to add the customer's IPv6 address in the request payload to submit the cart successfully.
You will get a 200 Successful
response.
Validating the Customer's IP address
Validating the customer's IP address is essential to ensure the security and accuracy of your transactions. This process helps confirm that the IP address captured during the shopping session accurately corresponds to the customer's details. Follow the steps outlined below to validate the customer's IP address effectively.
To validate the customer's IP address, follow these steps:
Issue a
GET v1/shoppers/me
request to retrieve shopper details.In the response, locate the
ipAddress
field to confirm the captured IP address.If the
ipAddress
field is null, no IP address needs verification.If the
ipAddress
field is not null, verify that the IP address, city, and state match the customer's address in the Global Commerce order.Ensure the IP address is the customer's IP address, not your server's.
You should receive a 200 Successful
response if the validation is correct.
You will get a 200 Successful
response.
Validation errors
If the IP address format is incorrect (that is, not in a valid IPv4 and IPv6 format), the API response will send a 409 Conflict
error:
Last updated