NodeJS client for the ThisData API
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.
lib added support for rules May 26, 2017
test added support for rules May 26, 2017
.gitignore Initial commit May 6, 2016
.travis.yml remove node 0.8, 0.6 testing May 27, 2016
LICENSE licensed it May 26, 2016 added support for rules May 26, 2017
index.js make it work with npm May 27, 2016
package.json version bump May 26, 2017

thisdata-node Build Status

thisdata-node is a nodejs client for the ThisData Login Intelligence API (


Install the latest thisdata-node package from npm

npm install thisdata --save

Create a ThisData client

var ThisData = require('thisdata');
var thisdata = ThisData("YOUR API KEY FROM THISDATA");

Track Events

Use this method to asynchronously track events that happen in your app.

thisdata.track(request, options);

To track login related events, find the point in your code just after a login success, failure or password reset and use the track method to send data to the ThisData API.

thisdata.track(req, {
  verb: thisdata.verbs.LOG_IN,
  user: {
    id: 'john123455',
    name: 'John Titor',
    email: ''


ip and user_agent are extracted from req but you can override these value and supply additional fields using options.

  verb: 'transfer',
  ip: '',
  userAgent: 'Firefox, Windows 98',
  user: {
    id: 'john123455',
    name: 'John Titor',
    email: ''
  session: {
    id: 'Optional'
    cookieExpected: true
  device: {
    id: 'mobile-device-id'
  • - string The full name of the user
  • - string - An email address for sending unusual activity alerts to
  • - E.164 format - An mobile number for sending unusual activity SMS alerts to. e.g. +15555555555
  • - string - Typically a browser session id but it's up to you
  • session.cookieExpected - boolean - Used in combination with ThisData Javascript. Set true if the script is installed
  • - string - A unique device identifier. Typically used for tracking mobile devices.

Event Types

We recommend using verb constants thisdata.verbs.LOG_IN but you can use any verb that represents the type of event that you want to track.

For a full list of verbs see

Verify Identity

Use the Verify method to enable contextual authentication in your app. It accepts the same parameters as the Track event with the exception of the event type/verb.

thisdata.verify(request, options, callback);

Verify will return a risk score between 0->1 which indicates our level confidence that the user is who they say they are.

{ score: 0, risk_level: 'green', triggers: [], messages: [] }

0.0 - low risk/high confidence it's the real user

1.0 - high risk/low confidence it's the real user

thisdata.verify(req, {
  user: {
    id: 'john123455',
    name: 'John Titor',
    email: ''
}, function(err, body){

  if(body.score > 0.9){
    // Step up authentication


Get a list of Events

You can get a list of events enriched with their risk score and location data for use in custom audit logs. See the docs for possible query filters and paging params.

thisdata.getEvents(options, callback);

Get last successful log-in time and location for a user.

  user_id: 'john123455',
  limit: 1,
  verbs: ['log-in']
}, function(err, body){

  // last login was from
  var loginCity = body.results[0].location.address.city_name;


Managing custom Rules

You can get, create, update and delete custom rules.

Create a rule

// returns a rule

  name: "Blacklist all ipv4 addresses",
  description: "Blocks every possible ipv4 address",
  type: "blacklist",
  target: "location.ip",
  filters: [""]
}, function(err, rule){ });

List all rules

thisdata.rules.list(function(err, rules){ });

Find a single rule

thisdata.rules.get("123456", function(err, rule){

Update a rule

// id is reqired. Other params are optional

  id: "123456",
  filters: ["",""]
}, function(err, rule){ });

Delete a rule

// returns deleted as bool
thisdata.rules.delete("123456", function(err, deleted){ })


You should validate incoming webhooks to make sure they're from ThisData. To do this you will enter a secret string in the settings area of your ThisData account and then use that same secret to validate the webhook signature that we send in the X-Signature header.

var valid = thisdata.validateWebhook('your shared secret', 'X-Signature value', 'request body');

For more information about types of webhooks you can receive see

API Documentation

API Documentation is available at


Run the unit tests

npm test


Bug reports and pull requests are welcome on GitHub at