Skip to main content

Overview

The Stytch verdict provides actionable context with each fingerprint: action, warning flags (verdict reasons), and other metadata.

Action

The verdict action is Stytch’s recommendation for what action to take. If you are protecting a privileged action, you can use the recommended action directly or combine it into your own decisioning.
  • ALLOW indicates this device does not raise warning flags or it matches known-good device configurations. You can allow the privileged action.
  • BLOCK indicates this device has automation or spoofing that is undesirable. You should block the privileged action.
  • CHALLENGE indicates unusual configuration that is often associated with attacks, but also has legitimate use cases. You can add friction like 2FA or other verification before allowing the privileged action to proceed.

Warning flags (verdict reasons)

The verdict reasons, also known as warning flags, provide context about why a particular action was recommended. Examples:
  • A BLOCK verdict action with [HEADLESS_BROWSER_AUTOMATION] reasons indicates that Stytch detected signs of headless browser automation like Puppeteer.
  • A CHALLENGE verdict action with [VIRTUAL_MACHINE, SMART_RATE_LIMIT_WARNING] reasons indicates that Stytch detected the request came from a virtual machine and that the request also triggered Intelligent Rate Limiting. While suspicious, it may still have legitimate uses.
If multiple reasons are present, the action will always be the strictest: BLOCK > CHALLENGE > ALLOW.
For a full list of possible reasons, see Reference guides.

Other metadata

Stytch also provides other metadata about the request in the verdict:
is_authentic_device
Stytch’s proprietary assessment of device authenticity. It will be false if browser deception is detected.
detected_device_type
Stytch’s classification of the device operating system and architecture.
rule_match_type | rule_match_identifier | verdict_reason_overrides
Provides context about Rules or Verdict reason overrides that affected the verdict action.

Examples

This verdict indicates an authentic Apple device: 
{
	// ...other fields omitted
	"verdict": {
		"action": "ALLOW",
		"detected_device_type": "APPLE_CHROME",
		"is_authentic_device": true,
		"reasons": []
	}
}
This verdict indicates a request that was blocked based on an IP geolocation-based rule: 
{
	// ...other fields omitted
	"verdict": {
		"action": "BLOCK",
		"detected_device_type": "APPLE_CHROME",
		"is_authentic_device": true,
		"reasons": ["RULE_MATCH"],
        "rule_match_type": "COUNTRY_CODE",
        "rule_match_identifier": "SY",
	}
}