Skip to main content

What are Defense Actions?

Defense Actions are customized protection profiles for different endpoints on your site. Each Action is tailored to the specific risks and requirements of that endpoint type. Think of Defense Actions as security policies - you might want different protection levels for a login page versus a contact form.

Why use different Defense Actions?

Different endpoints have different risk profiles:
  • Login pages need to detect credential stuffing and account takeover attempts
  • Registration forms should check for fake emails and bulk account creation
  • Payment pages require the highest security against fraud
  • Contact forms need basic spam protection
  • API endpoints may need different rate limiting and validation

Common Defense Action Types

Login Protection

  • Detects credential stuffing attacks
  • Identifies suspicious login patterns
  • Protects against account takeover

Registration Protection

  • Validates email providers and domains
  • Detects bulk account creation
  • Checks for disposable email addresses
  • Identifies automated signups

Payment Protection

  • Maximum security for financial transactions
  • Advanced fraud detection
  • Enhanced device fingerprinting
  • Stricter IP reputation checks

API Protection

  • Rate limiting and abuse prevention
  • Bot traffic identification
  • Automated request detection

Setting up a Defense Action

1. Create in Dashboard

  1. Log into your Deflect dashboard
  2. Navigate to “Defense Actions”
  3. Click “Create New Action”
  4. Select the appropriate type for your endpoint
  5. Configure protection settings
  6. Save and copy the Action ID

2. Use in your code

// Configure the SDK with your Action ID
Deflect.configure({
  actionId: "YOUR_ACTION_ID", // The ID from your dashboard
});

// Get token when needed
const token = await Deflect.getToken();

3. Verify on backend

// Send token to your backend for verification
const verification = await fetch("https://api.deflect.bot/verify", {
  method: "POST",
  body: JSON.stringify({
    api_key: "YOUR_API_KEY",
    action_id: "YOUR_ACTION_ID", // Same Action ID
    token: token,
  }),
});

Multiple Defense Actions

You can create multiple Defense Actions for different parts of your site: 
// Login page
Deflect.configure({ actionId: "login_action_id" });

// Registration page
Deflect.configure({ actionId: "register_action_id" });

// Payment page
Deflect.configure({ actionId: "payment_action_id" });

Testing Defense Actions

When developing and testing your integration locally, you can use special test action IDs that return predictable results without consuming API credits or triggering real challenges.

Test Action IDs

Two special test action IDs are available:

✅ Success Test ID

t/FFFFFFFFFFFFF/111111111
  • Always returns can_pass: true
  • Returns mock device, IP, location, and session data
  • Perfect for testing successful verification flows

❌ Failure Test ID

t/FFFFFFFFFFFFF/000000000
  • Always returns can_pass: false
  • Returns mock device, IP, location, and session data
  • Perfect for testing failure/rejection flows

Using Test Action IDs

// In your development environment
Deflect.configure({
  actionId: "t/FFFFFFFFFFFFF/111111111" // Success test ID
});

const token = await Deflect.getToken();

// Verify on backend - always returns can_pass: true
const response = await fetch("https://api.deflect.bot/verify", {
  method: "POST",
  body: JSON.stringify({
    api_key: "YOUR_API_KEY",
    action_id: "t/FFFFFFFFFFFFF/111111111",
    token: token
  })
});

Key Features

  • Valid API Key Required: You still need to provide a valid API key
  • No Usage Tracking: Test requests don’t count toward your API usage limits
  • Instant Response: Bypasses all session validation and returns immediately
  • Mock Data: Returns consistent test data for development
  • ⚠️ Development Only: Do not use test action IDs in production

Example Response

Test action IDs return mock data: 
{
  "success": true,
  "verdict": { "can_pass": true },
  "device": {
    "fingerprint": "FP-TEST",
    "user_agent": "UA-TEST",
    "timezone": "America/New_York"
  },
  "ip": {
    "address": "127.0.0.1",
    "is_datacenter": false,
    "is_proxy": false,
    "is_vpn": false,
    "is_tor": false,
    "is_threat": false
  },
  "location": {
    "city": "Test City",
    "country": "US"
  }
}
This allows you to test your integration end-to-end without spamming real challenges or consuming API credits during development.

Best Practices

  • Use specific Action types - Don’t use a generic action for specialized endpoints
  • Test before deploying - Verify your Defense Action works in staging first
  • Monitor performance - Check your dashboard for detection rates and false positives
  • Update configurations - Adjust settings based on your traffic patterns

Next Steps