---
title: Integrating device profiling - Web app (basic)
description: If you have a web application that uses the PingFederate authentication API and can't accommodate HTTP cookies, modify your web application to run the device profiling script.
component: threatmetrix
page_id: threatmetrix:setup:pf_threatmetrix_ik_integrating_device_profiling_web_app_basic
canonical_url: https://docs.pingidentity.com/integrations/threatmetrix/setup/pf_threatmetrix_ik_integrating_device_profiling_web_app_basic.html
revdate: October 30, 2025
section_ids:
  steps: Steps
---

# Integrating device profiling - Web app (basic)

If you have a web application that uses the [PingFederate authentication API](https://docs.pingidentity.com/pingfederate/latest/developers_reference_guide/pf_authentication_api.html) and can't accommodate HTTP cookies, modify your web application to run the device profiling script.

There are two device profiling scripts to choose from, the *SDK* and *Web* scripts. You can find a description of the differences in [Introduction to Profiling](https://portal.threatmetrix.com/kb/index.htm#t=implementation%2Fprofiling%2Fprofiling_introduction.htm\&rhsearch=session%20query%20api\&ux=search) (requires sign-on) in the ThreatMetrix documentation.

## Steps

1. If you want to use the ThreatMetrix SDK script, do the following:

   > **Collapse: Details**
   >
   > 1. Copy the `tmx_sdk_profiling.js` file from the integration `.zip` archive to a location that your web application page can access.
   >
   > 2. Add the following code to the sign-on page.
   >
   >    ```
   >    <script type="text/javascript" src="tmx_sdk_profiling.js"></script>
   >    <script type="text/javascript">pinghelper.run_sid_provided("https://h-api.online-metrix.net", "<orgId>", "<sessionId>");</script>
   >    ```
   >
   >    * Substitute your organization ID and adjust the path to the script file:
   >
   >    * If you requested a custom device profiling domain in [Configuring ThreatMetrix](pf_threatmetrix_ik_configuring_threatmetrix.html), substitute it here.
   >
   >    * For each sign-on event, insert the session ID provided by PingFederate.

2. If you want to use the ThreatMetrix Web script, add the following code to the sign-on page:

   > **Collapse: Details**
   >
   > ```
   > <script type="text/javascript"
   > src="https://h-api.online-metrix.net/fp/tags.js?org_id=<orgId>&session_id=<sessionId>"></script>
   > ```
   >
   > * Substitute your organization ID.
   >
   > * If you requested a custom device profiling domain in [Configuring ThreatMetrix](pf_threatmetrix_ik_configuring_threatmetrix.html), substitute it here.
   >
   > * For each sign-on event, insert the session ID from PingFederate.

3. Configure your application to complete the following actions in sequence:

   1. Get the session ID from PingFederate.

      This is an attribute of the `DEVICE_PROFILE_REQUIRED` state.

   2. Run the device profiling script with the session ID.

   3. POST `continueAuthentication` to the authentication API.

4. When you complete the steps in [Configuring an adapter instance](pf_threatmetrix_ik_configuring_an_adapter_instance.html), set **Device Profiling** to **Create new device profile**.