Skip to main content

Overview

Device Fingerprinting is more useful with the full context of your application. To provide context, you can attach additional metadata to your fingerprints and verdicts. Without external metadata, it can be difficult to interpret your data. For example, you might see a large volume of lookups for the same fingerprints. Is it because one user is very active and taking many actions on their own account? Or is it because an attacker is creating many different accounts using the same device? Using the Stytch Dashboard and external metadata, you can understand user behavior and fraud patterns with full context.
You should consider your company’s privacy and compliance policy when using external metadata.Device Fingerprinting stores the external_metadata and does not use it for decisioning or enforcement.

External metadata fields

The Fingerprint Lookup API has an optional parameter for external_metadata: 
"external_metadata": {
    "external_id": "user-123",
    "organization_id": "organization-123",
    "user_action": "LOGIN"
}
Each field is optional and you can provide any string data in these fields:
external_id
string
Represents a specific user identifier, like an email address or user ID.
organization_id
string
Represents a group identifier, like an organization or other group.
user_action
string
Represents the action that was fingerprinted.

How Protected Auth uses external metadata

Stytch authentication methods are protected using Device Fingerprinting. Each protected method adds external metadata to provide context:
external_id
string
Stores different identifiers depending on the action: email address, biometric registration ID, User ID or Member ID..
organization_id
string
Stores the member’s organization when using multi-tenant authentication.
user_action
string
Stores the associate API action (SDK method), like OTPsSMSSend or SDKB2BDiscoveryPasswordReset.

In the Stytch Dashboard

After you start sending external metadata in your Fingerprint Lookup API requests, you will be able to view and query them in the Dashboard. Here are some examples of questions you can ask:
  • In a recent spike of signups (user_action), what were the fingerprints? Is there a common pattern in their email addresses or domains (external_id)?
  • A specific user recently reported unauthorized activity on their account. Are there different fingerprints associated with their external_id that might indicate an account takeover?
  • Recently you’ve seen more account takeover attempts against one particular business customers (organization_id). Is there a pattern in their fingerprints?
The Dashboard is a convenient way to perform ad-hoc queries against your recent Device Fingerprinting data. You can also store the Fingerprint Lookup responses yourself and correlate it with your other logs.