{"__v":0,"_id":"5719767ec863120e0012a05e","category":{"__v":0,"_id":"5719767ec863120e0012a044","project":"56008ba98c0c9d0d00dcaeb0","version":"5719767ec863120e0012a042","sync":{"url":"","isSync":false},"reference":false,"createdAt":"2016-03-03T22:29:05.165Z","from_sync":false,"order":1,"slug":"guides","title":"Guide"},"parentDoc":null,"project":"56008ba98c0c9d0d00dcaeb0","user":"56008b651503430d007cc929","version":{"__v":4,"_id":"5719767ec863120e0012a042","hasDoc":true,"hasReference":true,"project":"56008ba98c0c9d0d00dcaeb0","createdAt":"2016-04-22T00:55:26.295Z","releaseDate":"2016-04-22T00:55:26.295Z","categories":["5719767ec863120e0012a043","5719767ec863120e0012a044","5719767ec863120e0012a045","5719767ec863120e0012a046","5719767ec863120e0012a047","5719767ec863120e0012a048","5719767ec863120e0012a049","57f45a18da14e71700d12e4a","582b71b15403840f008c0410","58c060cf3eee111b00a8b210"],"is_deprecated":false,"is_hidden":false,"is_beta":true,"is_stable":true,"codename":"","version_clean":"2.0.0","version":"2.0"},"updates":[],"next":{"pages":[],"description":""},"createdAt":"2016-03-03T23:33:40.624Z","link_external":false,"link_url":"","githubsync":"","sync_unique":"","hidden":false,"api":{"results":{"codes":[]},"settings":"","auth":"required","params":[],"url":""},"isReference":false,"order":2,"body":"In the previous guide, [2. Trigger Your First Alert](doc:triggering-your-first-alert), we pretended to be Eve, and sent some events that looked suspicious. It created an Alert we could see in the ThisData app, but Eve did not get notified.\n\nOne of the primary benefits of ThisData’s Login Intelligence is that we can send notifications to your app’s users when unusual activity is detected on your account. They look like this:\n[block:image]\n{\n  \"images\": [\n    {\n      \"image\": [\n        \"https://files.readme.io/hphZaPxbRrU4u69HSagQ_Send%20your%20first%20email.png\",\n        \"Send your first email.png\",\n        \"1500\",\n        \"1248\",\n        \"#45789a\",\n        \"\"\n      ],\n      \"sizing\": \"full\"\n    }\n  ]\n}\n[/block]\nHere's how to set it up:\n[block:api-header]\n{\n  \"type\": \"basic\",\n  \"title\": \"Step 1. Open the Login Intelligence API Settings\"\n}\n[/block]\nGo to [ThisData.com](https://thisdata.com), click on [+ Add Integration] in the top navigation, then click **Login Intelligence API**.\n\nThis will bring you to the [API Settings Page (learn more)](doc:api-settings-page).\n[block:api-header]\n{\n  \"type\": \"basic\",\n  \"title\": \"Step 2. Tell ThisData to send notifications\"\n}\n[/block]\nClick the “Yes, send notifications” radio button. ThisData won’t send notifications without this being enabled.\n[block:api-header]\n{\n  \"type\": \"basic\",\n  \"title\": \"Step 3. Add your company logo\"\n}\n[/block]\nCustomize the way our “Was This You?” email looks by providing a logo URL. This will be constrained to the dimensions of X by Y.\n[block:api-header]\n{\n  \"type\": \"basic\",\n  \"title\": \"Step 4. Send events to trigger an Alert\"\n}\n[/block]\nJust like you did in [2. Trigger Your First Alert](doc:triggering-your-first-alert), we’re going to do something similar again. This time, use your own email address, so that you see the email.\n\nOne:\n\n```json\ncurl -XPOST 'https://api.thisdata.com/v1/events.json?api_key=API_KEY' -d '{\n  \"ip\" : \"1.2.3.4\",\n  \"verb\" : \"log-in\",\n  \"user_agent\" : \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_3)...\",\n  \"user\" : {\n    \"id\" : \"445566\",\n    \"name\" : \"YOUR NAME\",\n    \"email\" : \"YOUR_EMAIL:::at:::YOUR_DOMAIN.COM\"\n   }\n}'\n```\n\nTwo:\n\n```json\ncurl -XPOST 'https://api.thisdata.com/v1/events.json?api_key=API_KEY' -d '{\n  \"ip\" : \"4.5.6.7\",\n  \"verb\" : \"log-in\",\n  \"user_agent\" : \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_3)...\",\n  \"user\" : {\n    \"id\" : \"445566\",\n    \"name\" : \"YOUR NAME\",\n    \"email\" : \"YOUR_EMAIL@YOUR_DOMAIN.COM\"\n   }\n}'\n```\n\nOnce you have turned notifications turned on in ThisData’s settings, provided an email address and/or a mobile number along with an event that looks suspicious, then we will send a notification.\n\nIn the code snippet above, you provided your own email address, and triggered two events which looked like an account being hacked.\n[block:api-header]\n{\n  \"type\": \"basic\",\n  \"title\": \"Step 5. Check out the email!\"\n}\n[/block]\nOpen your favourite email client, and you should see a “Was This You?\" email from ThisData. Congratulations!\n\nIf the logo looks odd, or there’s something else amiss in the email, you can probably solve it by tweaking your Login API settings. Then send some more suspicious looking events to keep on testing.\n[block:callout]\n{\n  \"type\": \"info\",\n  \"title\": \"When and where do we send \\\"Was This You?\\\" notifications?\",\n  \"body\": \"Great question! We've [written a guide describing when we will send your users any notifications](doc:was-this-you-notifications-when-and-where).\"\n}\n[/block]\n### Extra for experts\n\nYou’ll have noticed those big juicy buttons in the 'Was This You?' notification.\n\nPut yourself in one of your users’ shoes, and click on “Yes” or “No”. You’ll see some basic, helpful information on re-securing your account. Ideally, you’ll have [set up webhooks](doc:webhooks) so that when a user clicks “No”, you automatically begin securing their account for them. [Learn how to create a security workflow using webhooks]().\n\nWhen a user responds we escalate or de-escalate the severity of the alert within the ThisData app and Alerts tab. We send notifications to you or your ops team (e.g. in Slack). And as mentioned, you can also tell us to [send you a Webhook](doc:webhooks) when your users respond.\n\nSettings for all of these are described in detail on our [API Settings Page documentation](doc:api-settings-page).","excerpt":"One of the primary benefits of ThisData’s Login Intelligence is that we send notifications to your app’s users when unusual activity is detected on an account.","slug":"send-your-first-was-this-you-email","type":"basic","title":"3. Send your first \"Was This You?\" email"}

3. Send your first "Was This You?" email

One of the primary benefits of ThisData’s Login Intelligence is that we send notifications to your app’s users when unusual activity is detected on an account.

In the previous guide, [2. Trigger Your First Alert](doc:triggering-your-first-alert), we pretended to be Eve, and sent some events that looked suspicious. It created an Alert we could see in the ThisData app, but Eve did not get notified. One of the primary benefits of ThisData’s Login Intelligence is that we can send notifications to your app’s users when unusual activity is detected on your account. They look like this: [block:image] { "images": [ { "image": [ "https://files.readme.io/hphZaPxbRrU4u69HSagQ_Send%20your%20first%20email.png", "Send your first email.png", "1500", "1248", "#45789a", "" ], "sizing": "full" } ] } [/block] Here's how to set it up: [block:api-header] { "type": "basic", "title": "Step 1. Open the Login Intelligence API Settings" } [/block] Go to [ThisData.com](https://thisdata.com), click on [+ Add Integration] in the top navigation, then click **Login Intelligence API**. This will bring you to the [API Settings Page (learn more)](doc:api-settings-page). [block:api-header] { "type": "basic", "title": "Step 2. Tell ThisData to send notifications" } [/block] Click the “Yes, send notifications” radio button. ThisData won’t send notifications without this being enabled. [block:api-header] { "type": "basic", "title": "Step 3. Add your company logo" } [/block] Customize the way our “Was This You?” email looks by providing a logo URL. This will be constrained to the dimensions of X by Y. [block:api-header] { "type": "basic", "title": "Step 4. Send events to trigger an Alert" } [/block] Just like you did in [2. Trigger Your First Alert](doc:triggering-your-first-alert), we’re going to do something similar again. This time, use your own email address, so that you see the email. One: ```json curl -XPOST 'https://api.thisdata.com/v1/events.json?api_key=API_KEY' -d '{ "ip" : "1.2.3.4", "verb" : "log-in", "user_agent" : "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_3)...", "user" : { "id" : "445566", "name" : "YOUR NAME", "email" : "YOUR_EMAIL@YOUR_DOMAIN.COM" } }' ``` Two: ```json curl -XPOST 'https://api.thisdata.com/v1/events.json?api_key=API_KEY' -d '{ "ip" : "4.5.6.7", "verb" : "log-in", "user_agent" : "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_3)...", "user" : { "id" : "445566", "name" : "YOUR NAME", "email" : "YOUR_EMAIL@YOUR_DOMAIN.COM" } }' ``` Once you have turned notifications turned on in ThisData’s settings, provided an email address and/or a mobile number along with an event that looks suspicious, then we will send a notification. In the code snippet above, you provided your own email address, and triggered two events which looked like an account being hacked. [block:api-header] { "type": "basic", "title": "Step 5. Check out the email!" } [/block] Open your favourite email client, and you should see a “Was This You?" email from ThisData. Congratulations! If the logo looks odd, or there’s something else amiss in the email, you can probably solve it by tweaking your Login API settings. Then send some more suspicious looking events to keep on testing. [block:callout] { "type": "info", "title": "When and where do we send \"Was This You?\" notifications?", "body": "Great question! We've [written a guide describing when we will send your users any notifications](doc:was-this-you-notifications-when-and-where)." } [/block] ### Extra for experts You’ll have noticed those big juicy buttons in the 'Was This You?' notification. Put yourself in one of your users’ shoes, and click on “Yes” or “No”. You’ll see some basic, helpful information on re-securing your account. Ideally, you’ll have [set up webhooks](doc:webhooks) so that when a user clicks “No”, you automatically begin securing their account for them. [Learn how to create a security workflow using webhooks](). When a user responds we escalate or de-escalate the severity of the alert within the ThisData app and Alerts tab. We send notifications to you or your ops team (e.g. in Slack). And as mentioned, you can also tell us to [send you a Webhook](doc:webhooks) when your users respond. Settings for all of these are described in detail on our [API Settings Page documentation](doc:api-settings-page).