What the SDK Does (and Doesnβt Do)
@gu1/sdk-web is the browser channel of the Gu1 SDK: it runs inside your web app and captures what your backend cannot see β device signals (canvas, WebGL, navigator properties), environment integrity, and the user journey, including everything before login. It shares the event model with the React Native SDK: the events you already send from your backend stay exactly as they are, they just carry an extra sessionId so the Gu1 engine can join both worlds.
The SDK is fail-open by design: it never blocks the page, never propagates errors (the only exception is invalid configuration at init), and does not access user data.
| |
|---|
| Environments | Modern browsers |
| Builds | ESM, CommonJS, and IIFE (window.Gu1Sdk for <script> injection) |
| Distribution | Private npm (scope @gu1 β request read access from Gu1) |
1. Install
The SDK ships via private npm (scope @gu1, restricted package). The command below returns 404 if your environment lacks read access to the @gu1 scope: contact your Gu1 team for private package access before installing.
npm install @gu1/sdk-web@latest
<script> (IIFE build β exposes window.Gu1Sdk). Serve the bundle from your own origin:
<script src="/assets/gu1-sdk-web.iife.js"></script>
2. Initialize
With a bundler (ESM):
import { createGu1SDK } from '@gu1/sdk-web'
const gu1 = await createGu1SDK({
apiKey: 'gk_xxx', // provided by Gu1 (sandbox and production)
apiUrl: 'https://api.<tenant>.gu1.ai' // your instance URL, provided by Gu1
})
<script> (IIFE), the SDK is available on window.Gu1Sdk:
<script>
window.Gu1Sdk.createGu1SDK({
apiKey: 'gk_xxx',
apiUrl: 'https://api.<tenant>.gu1.ai'
}).then((gu1) => {
// gu1.getSessionId() is now available
})
</script>
sessionId, collects device signals (canvas, WebGL, navigator) and environment integrity, and ships them in the background. Nothing else is required on the page for signal capture.
To link your backend events to the device session, attach the sessionId as a header on the web appβs calls to your own backend:
// In your HTTP client (axios/fetch interceptor):
headers['X-Gu1-Session-Id'] = gu1.getSessionId()
- First authenticated request: send Gu1 an event with the
sessionId + the userβs entityExternalId. Gu1 retroactively binds the whole session, including everything before login.
- Existing events: add the optional camelCase
sessionId field to the events you already send to POST /events/user β events without it keep working unchanged.
POST /events/user
{
"eventType": "LOGIN_SUCCESS",
"entityExternalId": "user_123",
"sessionId": "sess_abc123",
"metadata": { }
}
4. Transactions (1 Line)
On the transactions you send to Gu1, the sessionId travels in metadata:
POST /transactions
{
"amount": 50000,
"metadata": { "sessionId": "sess_abc123" }
}
5. Verify
- Load the page in sandbox β the session appears in your Gu1 dashboard with device signals.
- Log in β the session gets bound to the user (retroactive binding).
- Run a test transaction β the transaction shows session context in its evaluation.
Integration Summary
| Step | Where | Effort |
|---|
| Install + init | Web app | ~15 min |
X-Gu1-Session-Id header | Web app (HTTP client) | 1 line |
sessionId on events + binding | Backend (middleware) | ~1 hour |
sessionId on transactions | Backend | 1 line |
