Skip to main content

SDK Events

The ShieldLabs snippet emits browser-side events via the callback parameter. Use them to track check lifecycle, correlate with your backend, or trigger UI logic.

The callback

Every check* method accepts an optional callback: 
mod.checkAuthenticatedUser(userId, (ip, requestId) => {
  // fired once the fingerprint has been submitted
  console.log('Shield check submitted');
  console.log('Client IP:', ip);
  console.log('RequestID:', requestId);
});
The callback fires after the fingerprint has been sent to the ShieldLabs REST endpoint — not after the webhook is delivered to your server.

Using requestId

The requestId returned in the callback is the same RequestID that appears in the webhook payload: 
// Browser
mod.checkAuthenticatedUser(userId, (ip, requestId) => {
  // Send requestId to your server so you can match it with the incoming webhook
  fetch('/api/session', {
    method: 'POST',
    headers: { 'Content-Type': 'application/json' },
    body: JSON.stringify({ requestId, userId }),
  });
});

// Server — store the mapping
app.post('/api/session', (req, res) => {
  const { requestId, userId } = req.body;
  pendingSessions.set(requestId, userId);
  res.json({ ok: true });
});

// Server — webhook handler
app.post('/shieldlabs/webhook', (req, res) => {
  const { Data } = req.body;
  const userId = pendingSessions.get(Data.RequestID);
  if (userId) {
    applyScoreToUser(userId, Data.Score);
    pendingSessions.delete(Data.RequestID);
  }
  res.status(200).end();
});

Timing

EventWhen
Callback fires~100–300ms after page load (fingerprint collection + HTTP send)
Webhook arrives~500–1500ms after callback (pipeline processing + delivery)
Use the requestId to bridge the gap between when the browser reports back and when your server receives the score.