/
Contact usSee pricingStart building

    About B2B Saas Authentication

    Introduction
    Stytch B2B Basics
    Integration Approaches
      Full-stack overview
      Frontend (pre-built UI)
      Frontend (headless)
      Backend
    Next.js
      Routing
      Authentication
      Sessions
    Migrations
      Overview
      Reconciling data models
      Migrating user data
      Additional migration considerations
      Zero-downtime deployment
      Defining external IDs for members
      Exporting from Stytch
    Custom Domains
      Overview

    Authentication

    Single Sign On

    • Resources

        • Overview
        External SSO Connections
        Standalone SSO

    • Integration Guides

        • Start here
        Backend integration guide
        Headless integration guide
        Pre-built UI integration guide
    OAuth

    • Resources

        • Overview
        Authentication flows
        Identity providers
        Google One Tap
        Provider setup

    • Integration Guides

        • Start here
        Backend integration
        Headless frontend integration
        Pre-built UI frontend integration
    Connected AppsBeta
      Setting up Connected Apps
      About Remote MCP Servers

    • Resources

        • Integrate with AI agents
        Integrate with a remote MCP server
    Sessions

    • Resources

        • Overview
        JWTs vs Session Tokens
        How to use Stytch JWTs
        Custom Claims

    • Integration Guides

        • Start here
        Backend integration
        Frontend integration
    Email OTP
      Overview
    Magic Links

    • Resources

        • Overview
        Email Security Scanner Protections

    • Integration Guides

        • Start here
        Backend integration
        Headless frontend integration
        Pre-built UI frontend integration
    Multi-Factor Authentication

    • Resources

        • Overview

    • Integration Guides

        • Start here
        Backend integration
        Headless frontend integration
        Pre-built UI frontend integration
    Passwords
      Overview
      Strength policies
    UI components
      Overview
      Implement the Discovery flow
      Implement the Organization flow
    DFP Protected Auth
      Overview
      Setting up DFP Protected Auth
      Handling challenges
    M2M Authentication
      Authenticate an M2M Client
      Rotate client secrets
      Import M2M Clients from Auth0

    Authorization & Provisioning

    RBAC

    • Resources

        • Overview
        Stytch Resources & Roles
        Role assignment

    • Integration Guides

        • Start here
        Backend integration
        Headless frontend integration
    SCIM

    • Resources

        • Overview
        Supported actions

    • Integration Guides

        • Using Okta
        Using Microsoft Entra
    Organizations
      Managing org settings
      JIT Provisioning

    Testing

    E2E testing
    Sandbox values
Get support on SlackVisit our developer forum

Contact us

B2B Saas Authentication

/

Guides

/

Authentication

/

DFP Protected Auth

/

Overview

Device Fingerprinting Protected Auth

Device Fingerprinting Protected Auth is a ready-made solution that enables you to focus solely on building auth flows with our frontend SDKs, while harnessing all the protective advantages of DFP.

One of the primary use cases for Stytch’s Device Fingerprinting product is to detect and stop fraud – which often involves the fraudulent traffic attempting to sign up or log in to the application. This often manifests as part of a credential stuffing attack to compromise the accounts of current users or to gain access to protected compute resources. Our Device Fingerprinting product is required to be queried from the customer’s backend to ensure that a bad actor cannot spoof a response.

Meanwhile, Stytch offers frontend SDKs that allow users to build auth without a backend. The SDKs outsource the backend implementation by providing pre-built components to start a login flow and methods that communicate with the Stytch API. These SDKs enable developers to get up and running faster through these pre-built components.

Stytch offers a feature called Device Fingerprinting Protected Auth that seamlessly integrates Device Fingerprinting with our frontend SDKs. When enabled, the SDKs automatically generate a telemetry ID before an API call and include the telemetry ID in the Stytch API request. The Stytch API will verify the fingerprint is a valid user before authenticating the request and handles the backend integration.

In the case of a credential stuffing attack, it would fail because the request doesn’t have a telemetry ID or the Device Fingerprinting product detects illegitimate requests like headless browser automation or a scripting language. The attacker would only see failed authentication attempts with no idea if the request failed due to a failed fingerprint request or an incorrect password.

Configuration

Device Fingerprinting Protected Auth requires no code changes and is enabled from the Dashboard SDK configuration page under the Bot Protection section. Once enabled, there are two different modes for Device Fingerprinting Protected Auth: Observation mode and Decisioning mode.

The following frontend SDK methods are protected, meaning they will collect fingerprints and (when in Decisioning mode) prevent actions when a fingerprint receives a BLOCK verdict.

Consumer Authentication methods protected

  • stytch.biometrics.authenticate()
  • stytch.cryptoWallets.authenticate()
  • stytch.impersonation.authenticate()
  • stytch.magicLinks.email.loginOrCreate()
  • stytch.magicLinks.email.send()
  • stytch.otps.authenticate()
  • stytch.otps.email.loginOrCreate()
  • stytch.otps.sms.loginOrCreate()
  • stytch.otps.sms.send()
  • stytch.otps.whatsapp.loginOrCreate()
  • stytch.otps.whatsapp.send()
  • stytch.passwords.authenticate()
  • stytch.passwords.create()
  • stytch.passwords.resetByEmail()
  • stytch.passwords.resetByEmailStart()
  • stytch.passwords.resetByExistingPassword()
  • stytch.passwords.resetBySession()
  • stytch.totps.authenticate()
  • stytch.totps.recover()
  • stytch.webauthn.authenticate()

B2B SaaS Authentication methods protected

  • stytch.impersonation.authenticate()
  • stytch.magicLinks.authenticate()
  • stytch.magicLinks.discovery.authenticate()
  • stytch.magicLinks.email.discovery.send()
  • stytch.oauth.authenticate()
  • stytch.oauth.discovery.authenticate()
  • stytch.otps.email.authenticate()
  • stytch.otps.email.discovery.authenticate()
  • stytch.otps.email.discovery.send()
  • stytch.otps.email.loginOrSignup()
  • stytch.otps.sms.authenticate()
  • stytch.otps.sms.send()
  • stytch.passwords.authenticate()
  • stytch.passwords.discovery.authenticate()
  • stytch.passwords.discovery.resetByEmail()
  • stytch.passwords.discovery.resetByEmailStart()
  • stytch.passwords.resetByEmail()
  • stytch.passwords.resetByEmailStart()
  • stytch.passwords.resetByExistingPassword()
  • stytch.passwords.resetBySession()
  • stytch.recoveryCodes.recover()
  • stytch.recoveryCodes.rotate()
  • stytch.sso.authenticate()
  • stytch.totp.authenticate()
  • stytch.totp.create()

What's next

Learn how to set up Device Fingerprinting Protected Auth.

Configuration

Consumer Authentication methods protected

B2B SaaS Authentication methods protected

What's next