Go SDK for user monitoring

Sqreen protects your application users against major threats, such as account takeover, password bruteforce, suspicious activities coming from TOR or an unusual VPN.

The Go agent does not automatically detect your web framework and you have to install the middleware functions for the web framework you use to use the SDK methods described below.

You can find a Go documentation reference of the SDK at https://godoc.org/github.com/sqreen/go-agent/sdk.

User monitoring SDK

The Sqreen SDK integration relies on methods such as TrackSignup() and TrackAuth() allowing you to track security-related events of a given user.

Here is a full example:

uid := sdk.EventUserIdentifiersMap{"uid": "my-uid"}
sqUser := sdk.FromContext(ctx).ForUser(uid)

User scope

User-monitoring SDK methods are provided by ForUser():

uid := sdk.EventUserIdentifiersMap{"uid": "my-uid"}
sqreen := sdk.FromContext(ctx)
sqUser := sqreen.ForUser(uid)

The user identifiers given to ForUser() should uniquely identify the user and are used in Sqreen's user interface to help you identify which users are at risk, or which are attacking your application. The hash keys and values should only be strings.

Tracking a user authentication

TrackAuth(), TrackAuthSuccess() and TrackAuthFailure() allows to track successful or failed users sign-ins.

uid := sdk.EventUserIdentifiersMap{"uid": "my-uid"}
sqUser := sdk.FromContext(ctx).ForUser(uid)

Sqreen integration at signup and login

You should not call TrachAuth() or success/failure alternatives each time you check a user session in your application, but rather each time a user logs into your app.

Tracking a user sign-up

TrackSignup() allows to track users sign-ups.

uid := sdk.EventUserIdentifiersMap{"uid": "my-uid"}
sqUser := sdk.FromContext(ctx).ForUser(uid)

Associating a user to the current request

Identify() allows to associates the user to current request so that Sqreen can apply security rules targeting specific users when necessary. A call to this method does not create an event.

uid := sdk.EventUserIdentifiersMap{"uid": "my-uid"}
sqUser := sdk.FromContext(ctx).ForUser(uid)

Note that every TrackEvent() calls will be thus automatically associated to this user, unless WithUserIdentifiers() is explicitly used to enforce a specific user for the event.

User identification

User monitoring and PII

If you are concerned about sending sensitive data to us and not leaking any Personally Identifying Information (PII), visit this blogpost to learn some best practices around user tracking.

If your users are identified with a composite primary key (multiple values), all of them should be sent in order to identify them accurately on Sqreen's user interface.

For example, if you are are operating a whitelabel platform and your users are identified by their email and the shop ID, you can send these identifiers like this:

uid := sdk.EventUserIdentifiersMap{
    "email": user.email,
    "platform_id": user.platform_id,
sqUser := sdk.FromContext(ctx).ForUser(uid)

Sqreen SDK only accepts user identifiers

Do not send any other information (like the auth failure reason). Sqreen will consider them as part of the user identifier, and will not be able to merge successful and failed authentications.

Primary key

Sqreen tries to determine a primary key amongst the keys you provided. The following keywords are used to determine the user primary identification key: email, mail, e-mail, username, login.

If none of those keys are found, Sqreen uses the first in alphabetic order.

If multiple keys are found, Sqreen uses the first in the sequence mentioned above.