// POST /v1/fingerprint/lookup
const stytch = require('stytch');

const client = new stytch.B2BClient({
  project_id: '${projectId}',
  secret: '${secret}',
});

const params = {
  telemetry_id: "${exampleTelemetryId}",
};

client.Fraud.Fingerprint.Lookup(params)
  .then(resp => { console.log(resp) })
  .catch(err => { console.log(err) });

{
  "request_id": "<string>",
  "telemetry_id": "<string>",
  "fingerprints": {
    "network_fingerprint": "<string>",
    "hardware_fingerprint": "<string>",
    "browser_fingerprint": "<string>",
    "visitor_fingerprint": "<string>",
    "visitor_id": "<string>",
    "browser_id": "<string>"
  },
  "verdict": {
    "action": "ALLOW",
    "reasons": [
      "<string>"
    ],
    "detected_device_type": "<string>",
    "is_authentic_device": true,
    "verdict_reason_overrides": [
      {
        "verdict_reason": "<string>",
        "override_action": "ALLOW"
      }
    ],
    "rule_match_type": "VISITOR_ID",
    "rule_match_identifier": "<string>"
  },
  "external_metadata": {
    "external_id": "<string>",
    "organization_id": "<string>",
    "user_action": "<string>"
  },
  "created_at": "<string>",
  "expires_at": "<string>",
  "status_code": 123,
  "properties": {
    "network_properties": {
      "ip_address": "<string>",
      "asn": {
        "asn": "<string>",
        "name": "<string>",
        "network": "<string>"
      },
      "ip_geolocation": {
        "city": "<string>",
        "region": "<string>",
        "country": "<string>"
      },
      "is_proxy": true,
      "is_vpn": true
    },
    "browser_properties": {
      "user_agent": "<string>"
    }
  },
  "raw_signals": {}
}

Endpoints

Fingerprint Lookup

Lookup the associated fingerprint for the telemetry_id returned from the GetTelemetryID() function. Learn more about the different fingerprint types and verdicts in our DFP guide.

You can make a decision based on the recommended verdict in the response:

ALLOW - This is a known valid device grouping or device profile that is part of the default ALLOW listed set of known devices by Stytch. This grouping is made up of verified device profiles that match the characteristics of known/authentic traffic origins.
BLOCK - This is a known bad or malicious device profile that is undesirable and should be blocked from completing the privileged action in question.
CHALLENGE - This is an unknown or potentially malicious device that should be put through increased friction such as 2FA or other forms of extended user verification before allowing the privileged action to proceed.

If the telemetry_id is expired or not found, this endpoint returns a 404 telemetry_id_not_found error. We recommend treating 404 errors as a BLOCK, since it could be a sign of an attacker trying to bypass DFP protections. See Attacker-controlled telemetry IDs for more information.

POST

fingerprint

lookup

// POST /v1/fingerprint/lookup
const stytch = require('stytch');

const client = new stytch.B2BClient({
  project_id: '${projectId}',
  secret: '${secret}',
});

const params = {
  telemetry_id: "${exampleTelemetryId}",
};

client.Fraud.Fingerprint.Lookup(params)
  .then(resp => { console.log(resp) })
  .catch(err => { console.log(err) });

{
  "request_id": "<string>",
  "telemetry_id": "<string>",
  "fingerprints": {
    "network_fingerprint": "<string>",
    "hardware_fingerprint": "<string>",
    "browser_fingerprint": "<string>",
    "visitor_fingerprint": "<string>",
    "visitor_id": "<string>",
    "browser_id": "<string>"
  },
  "verdict": {
    "action": "ALLOW",
    "reasons": [
      "<string>"
    ],
    "detected_device_type": "<string>",
    "is_authentic_device": true,
    "verdict_reason_overrides": [
      {
        "verdict_reason": "<string>",
        "override_action": "ALLOW"
      }
    ],
    "rule_match_type": "VISITOR_ID",
    "rule_match_identifier": "<string>"
  },
  "external_metadata": {
    "external_id": "<string>",
    "organization_id": "<string>",
    "user_action": "<string>"
  },
  "created_at": "<string>",
  "expires_at": "<string>",
  "status_code": 123,
  "properties": {
    "network_properties": {
      "ip_address": "<string>",
      "asn": {
        "asn": "<string>",
        "name": "<string>",
        "network": "<string>"
      },
      "ip_geolocation": {
        "city": "<string>",
        "region": "<string>",
        "country": "<string>"
      },
      "is_proxy": true,
      "is_vpn": true
    },
    "browser_properties": {
      "user_agent": "<string>"
    }
  },
  "raw_signals": {}
}

Authorizations

Authorization

string

header

required

Basic authentication header of the form Basic <encoded-value>, where <encoded-value> is the base64-encoded string username:password.

Body

application/json

Request type

telemetry_id

string

required

The telemetry ID associated with the fingerprint getting looked up.

external_metadata

object

External identifiers that you wish to associate with the given telemetry ID. You will be able to search for fingerprint results by these identifiers in the DFP analytics dashboard. External metadata fields may not exceed 65 characters. They may only contain alphanumerics and the characters _ - + . or @.

Show child attributes

Response

Successful response

request_id

string

required

Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.

telemetry_id

string

required

The telemetry ID associated with the fingerprint getting looked up.

fingerprints

object

required

A Stytch fingerprint consists of the following identifiers:

Show child attributes

verdict

object

required

The metadata associated with each fingerprint

Show child attributes

external_metadata

object

required

Show child attributes

created_at

string

required

The time when the fingerprint was taken. Values conform to the RFC 3339 standard and are expressed in UTC, e.g. 2021-12-29T12:33:09Z.

expires_at

string

required

The timestamp when the fingerprint expires. Values conform to the RFC 3339 standard and are expressed in UTC, e.g. 2021-12-29T12:33:09Z.

status_code

integer<int32>

required

The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.

properties

object

Additional information about the user's browser and network.

Show child attributes

raw_signals

object

The raw device attributes, such as screen size, that were collected by the Device Fingerprinting product to generate the fingerprints and verdict. You must be specifically enabled for the raw signals feature to see this field. You can find documentation for the specific fields in the guides.

⌘I