Custom Data Enrichment

🚧

Custom Data Enrichment is only available for Premium and Enterprise customer.

Why and when use Custom Data Enrichment?

Your application tracks specific flows and internal signals that can directly assist our detection engine in identifying complex threats. Instead of keeping this context siloed in your backend, passing it to DataDome provides the extra layer of intelligence needed to distinguish legitimate users from advanced bots.

Key scenarios include:

Business Intelligence & JWT Claims Extraction: If your traffic is authenticated via JWT, you can extract specific attributes (claims) directly from the token at the edge—such as tenant_id, user_role, or subscription_tier—and pass them to DataDome. This allows the engine to apply more granular detection logic based on the user's authenticated profile.

Internal Security Flags: If your backend security systems (e.g., WAF, fraud engine) have already flagged a user as "suspicious" or "high_risk," you can pass this verdict to DataDome to enrich our Engine.

You can append up to 6 custom attributes to the DataDome payload. These fields are strictly typed.

📘

Privacy Requirement

Do not inject PII (Personally Identifiable Information) such as plain-text email addresses, names, or phone numbers. All user-specific data must be hashed or anonymized (e.g., UUIDs) before being sent to DataDome

Limitless Possibilities via Custom Logic

Because this feature is implemented directly within your edge code (e.g., CloudFlare Worker or AWS Lambda), the possibilities are virtually limitless.

You define the business logic. If you can extract a value from the request headers, cookies, or compute it using your own algorithms at the edge, you can inject it into the DataDome detection engine.

Integration Support

This feature is available for integrations where the logic allows for payload modification prior to the API call. Currently supported on:

• AWS CloudFront Lambda@Edge (From version 1.24.0)
• CloudFlare (From version 2.2.0)