Client attestation identifies legitimate clients through endpoint security mechanisms, while verifying requests carrying identification info to detect abnormal sources, thereby defending against malicious crawlers and automation tool attacks. After enabling Client attestation, EdgeOne requires clients to complete additional verification (such as graphic Captcha) to obtain valid credentials. Clients carry these credentials in requests to certify they originate from trustworthy real users. This mechanism effectively distinguishes legitimate users from malicious automated processes, protecting backend service API security.
Note:
Client attestation is currently only available to some enterprise users and only supports access outside the Chinese mainland. If you want to test the feature, contact Tencent Cloud customer support.
Why Use Client Attestation
Unlike the crawler identification method based on traffic volume feature extraction, Client attestation has the following features:
1. Perform risk control recognition on the client: The client can extract more environment information for more accurate recognition judgment of client features, enabling more effective Bot detection.
2. Edge Proximity Risk Control Handling: EdgeOne integrates Client attestation capability at the edge, enabling nearby request handling to reduce service backend workload consumption for processing crawler traffic to the maximum extent.
3. Multiple attestation options: Support various risk control options. Once integrated, you can flexibly select and adjust risk control strategies online.
Supported Client Types
Client attestation offers cross-platform SDKs for integrating attestation capability in various client environments. Currently supports the following client formats:
Browser and Webview Clients: Modern mainstream browser environments, including Mobile WebView. Supports web applications (Single Page Application) implemented based on AJAX framework. The browser must support Promise, Fetch, and Crypto API for the SDK to run properly. The earliest supported versions are as follows:
Chrome ≥ 90
Firefox ≥ 90
Safari ≥ 11
Edge ≥ 90
Mobile WebView (iOS ≥ 11, Android WebView ≥ 67)
Opera ≥ 76
Native iOS and Android Applications: Provides native SDKs for iOS and Android platforms (supports Objective-C, Swift, and native Android applications). These mobile SDKs enable seamless integration of Client attestation functionality within apps. The earliest supported versions are as follows:
If you need to use Tencent Cloud Captcha or Tencent Cloud RCE for Client attestation, create client risk control configuration items in the product console in advance and prepare the information required for the associated instance:
Tencent Cloud Captcha: Prepare the AppID and SecretKey for the verification code configuration for integration configuration.
Tencent Cloud Risk Control Engine: Prepare the Channel ID for the risk identification instance configuration for integration configuration.
