I have just been looking at what is needed to be able to add Support for UK HMRC Making Tax Digital (MTD) in Tryton.
One of their requirements is that you must supply fraud prevention headers when accessing their API.
Which headers are required depends on the type of connection, which in turn will depend on how Tryton is deployed, and which client is in use.
It seems like a lot of this data needs to come directly from the Tryton client, so I was wondering what’s the best way of generating and collecting this data.
Here are some of the headers that are required:
- a persistant device uuid, generated and stored on/by the client
- a list of all the local IP addresses on the device the client is running on
- the IP address and port from which the client make the request
- the width, height, scaling-factor and colour-depth of all the screens that are connected to the device the client is running on
- the size of the window of the client
- the timezone that is in use on the client
- the version of the client and server
Also when using the desktop client:
- a list of all the local MAC addresses on the device the client is running on
- the operating system family and version, and device manufacturer and model, that the client is running on
- the operating system user that is running the client
And also when using the web client:
- Whether the
Do Not Trackoption is enabled in the browser
- A list of the browser plugins reported by the browser