/
Contact usSee pricingStart building
    Introduction
    Device Fingerprinting
      Fingerprint Lookup
      Fingerprint Lookup (Deprecated)
      Set Rule
      Get Rules
      Set Verdict Reason Override
      Get Verdict Reasons
    Errors
      Overview
      Error object
      400
      401
      403
      404
      408
      499
      500
      503
Get support on SlackVisit our developer forum

Contact us

Fraud and Risk Prevention

/

API reference

/

Device Fingerprinting

/

Fingerprint Lookup

Fingerprint Lookup

POST
https://telemetry.stytch.com/v1/fingerprint/lookup

Lookup the associated fingerprint for the telemetry_id returned from the GetTelemetryID() function. Learn more about the different fingerprint types and verdicts in our DFP guide.

You can make a decision based on the recommended verdict in the response:

  • ALLOW - This is a known valid device grouping or device profile that is part of the default ALLOW listed set of known devices by Stytch. This grouping is made up of verified device profiles that match the characteristics of known/authentic traffic origins.
  • BLOCK - This is a known bad or malicious device profile that is undesirable and should be blocked from completing the privileged action in question.
  • CHALLENGE - This is an unknown or potentially malicious device that should be put through increased friction such as 2FA or other forms of extended user verification before allowing the privileged action to proceed.

If the telemetry_id is expired or not found, this endpoint returns a 404 telemetry_id_not_found error. We recommend treating 404 errors as a BLOCK, since it could be a sign of an attacker trying to bypass DFP protections. See Attacker-controlled telemetry IDs for more information.

Body parameters

telemetry_id* string

The telemetry ID associated with the fingerprint getting looked up.

external_metadata object

External identifiers that you wish to associate with the given telemetry ID. You will be able to search for fingerprint results by these identifiers in the DFP analytics dashboard. External metadata fields may not exceed 65 characters. They may only contain alphanumerics and the characters _ - + . or @.

external_id string

An external ID, such as a user ID, that you wish to associate with the telemetry ID.

organization_id string

The organization ID you wish to associate with the telemetry ID.

user_action string

The user action, such as 'login', that you wish to associate with the telemetry ID.

Response fields

request_id string

Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.

status_code int

The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.

telemetry_id string

The telemetry ID associated with the fingerprint getting looked up.

fingerprints object

A Stytch fingerprint consists of the following identifiers:

visitor_id string

The cookie stored on the user's device that uniquely identifies them.

browser_id string

Combination of VisitorID and NetworkFingerprint to create a clear identifier of a browser.

visitor_fingerprint string

Cookie-less way of identifying a unique user.

browser_fingerprint string

Combination of signals to identify a browser and its specific version.

hardware_fingerprint string

Combinations of signals to identify an operating system and architecture.

network_fingerprint string

Combination of signals associated with a specific network commonly known as TLS fingerprinting.

verdict object

The metadata associated with each fingerprint

action string

The suggested action based on the fingerprint review. The available actions are:

  • ALLOW - This is a known valid device grouping or device profile that is part of the default ALLOW listed set of known devices by Stytch. This grouping is made up of verified device profiles that match the characteristics of known/authentic traffic origins
  • BLOCK - This is a known bad or malicious device profile that is undesirable and should be blocked from completing the privileged action in question
  • CHALLENGE - This is an unknown or potentially malicious device that should be put through increased friction such as 2FA or other forms of extended user verification before allowing the privileged action to proceed
is_authentic_device boolean

The assessment of whether this is an authentic device. It will be false if hardware or browser deception is detected.

detected_device_type string

The operating system and architecture that took the fingerprint.

reasons string[]

A set of contextual clues to inform why a CHALLENGE or BLOCK action was suggested. For a list of possible Reasons, see Warning Flags (Verdict Reasons).

rule_match_type string

The type of rule match that was applied (e.g. VISITOR_ID), if any. This field will only be present if there is a RULE_MATCH reason in the list of verdict reasons.

rule_match_identifier string

The rule that was applied (e.g. a specific visitor ID value), if any. This field will only be present if there is a RULE_MATCH reason in the list of verdict reasons.

verdict_reason_overrides object

A list of verdict reason overrides that were applied, if any.

verdict_reason string

The verdict reason that was overridden.

override_action string

The action that was applied for the given verdict reason.

external_metadata object

External identifiers that you wish to associate with the given telemetry ID. You will be able to search for fingerprint results by these identifiers in the DFP analytics dashboard. External metadata fields may not exceed 65 characters. They may only contain alphanumerics and the characters _ - + . or @.

external_id string

An external ID, such as a user ID, that you wish to associate with the telemetry ID.

organization_id string

The organization ID you wish to associate with the telemetry ID.

user_action string

The user action, such as 'login', that you wish to associate with the telemetry ID.

created_at string

The time when the fingerprint was taken. Values conform to the RFC 3339 standard and are expressed in UTC, e.g. 2021-12-29T12:33:09Z.

expires_at string

The timestamp when the fingerprint expires. Values conform to the RFC 3339 standard and are expressed in UTC, e.g. 2021-12-29T12:33:09Z.

properties object

Additional information about the user's browser and network.

browser_properties object
user_agent string

The user agent of the user's browser.

network_properties object
asn object

Information about the network's ASN (Autonomous System Number).

asn string

The Autonomous System Number of the user's network.

name string

Public name associated with the ASN.

network string

The CIDR block associated with the ASN.

ip_address string

The IP address of the client.

ip_geolocation object

Information about the geolocation of the user's IP address.

city string

The city where the IP is located.

country string

The country where the IP is located.

region string

The region where the IP is located.

is_proxy boolean

Whether the user is using a proxy.

is_vpn boolean

Whether the user is using a VPN.

const stytch = require('stytch');

const client = new stytch.Client({
  project_id: 'PROJECT_ID',
  secret: 'SECRET',
});

const params = {
  telemetry_id: "026ac93b-8cdf-4fcb-bfa6-36a31cfecac1",
};

client.fraud.fingerprint.lookup(params)
  .then(resp => { console.log(resp) })
  .catch(err => { console.log(err) });
RESPONSE 200
200
​
{
	"created_at": "2023-01-01T00:00:00Z",
	"expires_at": "2033-01-01T00:00:00Z",
	"external_metadata": {
	    "external_id": "user-123",
	    "organization_id": "organization-123",
	    "user_action": "LOGIN"
	},
	"properties": {
        "browser_properties": {
            "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36"
        },
        "network_properties": {
            "asn": {
                "asn": "64511",
                "name": "Stytch Network",
                "network": "192.0.2.0/24"
            },
            "ip_address": "192.0.2.0",
            "ip_geolocation": {
                "city": "San Francisco",
                "country": "US",
                "region": "California"
            },
            "is_proxy": false,
            "is_vpn": false
        }
    },
	"fingerprints": {
		"browser_fingerprint": "browser-fingerprint-0b535ab5-ecff-4bc9-b845-48bf90098945",
		"browser_id": "browser-id-99cffb93-6378-48a5-aa90-d680232a7979",
		"hardware_fingerprint": "hardware-fingerprint-4af7a05d-cf77-4ff7-834f-0622452bb092",
		"network_fingerprint": "network-fingerprint-b5060259-40e6-3f29-8215-45ae2da3caa1",
		"visitor_fingerprint": "visitor-fingerprint-6ecf5792-1157-41ad-9ad6-052d31160cee",
		"visitor_id": "visitor-6139cbcc-4dda-4b1f-b1c0-13c08ec64d72"
	},
	"status_code": 200,
	"telemetry_id": "026ac93b-8cdf-4fcb-bfa6-36a31cfecac1",
	"verdict": {
		"action": "ALLOW",
		"detected_device_type": "...",
		"is_authentic_device": true,
		"reasons": [...],
		"rule_match_type": "",
		"rule_match_identifier": ""
	}
}
RESPONSE 401
200
​
{
  "status_code": 401,
  "request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
  "error_type": "unauthorized_credentials",
  "error_message": "Unauthorized credentials.",
  "error_url": "https://stytch.com/docs/api/errors/401"
}
RESPONSE 429
200
​
{
  "status_code": 429,
  "request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
  "error_type": "too_many_requests",
  "error_message": "Too many requests have been made.",
  "error_url": "https://stytch.com/docs/api/errors/429"
}
RESPONSE 500
200
​
{
  "status_code": 500,
  "request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
  "error_type": "internal_server_error",
  "error_message": "Oops, something seems to have gone wrong, please reach out to support@stytch.com to let us know what went wrong.",
  "error_url": "https://stytch.com/docs/api/errors/500"
}