Monocle (BETA) FAQs

Question: Who can use Monocle?

Answer: Monocle is currently in an open BETA testing phase. This means that users can integrate the beta community edition into their website for free. We will be releasing premium features in the future to distinguish between the community tier and enterprise offerings.

Question: How do I start using Monocle (BETA)?

Answer: Sign in to your Spur account and navigate to the monocle management page of our web-application. Follow there you will:

  1. Create a new site deployment which provides you a key to decrypt the monocle threat bundle.
  2. Copy your site-token to insert into your website or web-application. You can also use some of our front-end libraries.
  3. Follow the decryption guide based on one of our reference implementations to decrypt and parse the Monocle (BETA) data.

Question: Where are additional technical resources?

Answer: Our documentation portal has complete examples of using Monocle (BETA) along with reference implementations and descriptions.

Question: Why should I use Monocle over a popular Captcha service?

Answer: Monocle (BETA) takes a different approach to assessing user risk. While captchas can be good at preventing some basic automated scripts, motivated attackers can easily fake or circumvent their bot detection strategies. Monocle makes its determinations on things that cannot be faked: how a device communicates on a network. Some of our clients like to use a combination of tools to help mitigate threats from both attack vectors.

Question: What is a Monocle site deployment?

Answer: A site deployment is way to organize a single unique private key and n number of corresponding site-tokens. Your secret private key can be used to decrypt any threat bundle (a.k.a assessment) generated from it’s corresponding site tokens. You may want to consider using different site deployments between development and production environments, for example. This way you can properly protect your production secret key.

Question: What is a Monocle site-token?

Answer: A site-token is a public token generated for a site deployment. This token is placed in a specific area of your website or user application. A site-token can be assigned a name that will be passed inside the encrypted threat-bundle back to your server. A new site deployment will automatically create a site-token named “default”. You can use one site-token across your entire website or application, or create new ones with identifiers such as “sign-up” and “sign-in” so you can get additional context as to how a site-token is being used.

Question: What languages does monocle support?

Answer: The monocle client – which conducts an assessment to generate a threat bundle for your server is only available in JavaScript. We have reference implementations for decrypting the threat bundle in JavaScript, Golang, Python, and PHP.

Question: What about enterprise usage?

Answer: Feel free to prototype using our community version of the utility. We do reserve the right to rate-limit the number of assessments you conduct. Get in touch with our sales team if you are interested in a specific SLA, volume, or would like some of our premium features, such as service level attribution.

Question: How can I view my usage?

Answer: We are working on revamping the entire Monocle (BETA) interface for our website. Hang tight and we should be able to show you some details about how your site-tokens and deployments are being used in the future.