The Web SDK

Feature Snapshot

Summary:
The Web SDK is a lightweight JavaScript snippet integrated into a web page to capture user interactions and generate a unique certificate URL that documents consumer consent and session data.

Refer to our developer docs for more information.

Key Benefits:

• Provides independently verifiable proof of consumer consent by generating a unique certificate URL.
• Captures detailed behavioral data—including keystrokes, mouse movements, and clicks—for full session replay.
• Seamlessly injects hidden fields into web forms so that the certificate URL accompanies lead data automatically.
• Enhances compliance and auditability, offering legal protection for consent and regulatory adherence.
• Loads asynchronously to ensure minimal performance impact on the web page.

Typical Use Cases:

• Implementing on lead generation pages to capture and document consumer consent.
• Ensuring adherence to regulations such as TCPA and CASL by providing independent certification of consent.
• Auditing and verifying session data for quality assurance and fraud prevention.
• Integrating with CRM systems and third-party platforms to transmit certified lead information seamlessly.

How the Web SDK works

When a visitor loads a web page containing the Web SDK, the script establishes a secure connection with the TrustedForm service. It transmits key browser and DOM details and begins monitoring consumer interactions. The SDK generates a unique certificate URL, typically beginning with “https://cert.trustedform.com/”, and dynamically injects hidden fields (like xxTrustedFormCertUrl) into the form. By default, recording starts on page load and stops when the page unloads (commonly after form submission). For Single Page Applications, developers can manually stop recording by invoking the global function trustedFormStopRecording().

Step‑by‑Step Instructions

1. Embed the Web SDK Script:
   Copy the TrustedForm JavaScript snippet from your TrustedForm account and paste it into your webpage’s HTML, ideally just before the closing </body> tag.
2. Configure the Hidden Field:
   (Optional) In your TrustedForm account’s Script Configuration, set the “field” parameter to match the name of the hidden input in your web form (for example, “xxTrustedFormCertUrl” or a platform-specific field such as “input_6”).
3. Verify Hidden Field Injection:
   Open the form page in your browser and use Developer Tools to inspect the DOM. Confirm that the hidden fields (e.g., xxTrustedFormCertUrl, xxTrustedFormToken) are present and populated with a certificate URL starting with “https://cert.trustedform.com/”.
4. Control Recording in Single Page Applications (SPAs):
   If your application does not unload on form submission, call the global function trustedFormStopRecording() at the appropriate time to end recording. Please note: Once the stop recording function is called, the recording cannot be restarted.
5. Test Form Submission:
   Submit the form and verify that the certificate URL is sent along with the other form data, ensuring proper documentation of the consumer session.

Expected Result:
The web form will include hidden fields populated with a valid TrustedForm certificate URL, and user interactions up to the point of submission (or manual stop) will be recorded for session replay and compliance verification.

Validation & Monitoring (optional)

• Test the Setup: Check the web page in a browser with JavaScript enabled, use the Inspect tool to verify that the hidden fields are properly injected and contain a valid certificate URL.
• Where to Monitor?: Monitor issuance and retention of certificates through your TrustedForm account dashboard and review network logs to confirm that the certificate data is transmitted with form submissions.

Best Practices

• Strategic Script Placement: Place the SDK script just before the closing