/
Contact usSee pricingStart building

    About Stytch Fraud and Risk

    Introduction
    Use cases
      Overview
    • Recipes

      • Remembered device flow
        New device notifications
        Block traffic by country
    Device Fingerprinting
      Overview
      Fingerprints
    • Verdicts

      • Verdicts overview
        Allow
        Block
        Challenge
        Not Found
    Getting started
      Device Fingerprinting API
      DFP Protected Auth
    Decisioning
      Decisioning overview
      Setting rules with DFP
      Overriding verdict reasons
      Intelligent Rate Limiting
    Enforcement
      Enforcement overview
    • Protected Auth

      • Overview
        Handling challenges
    Integration steps
      Go-live checklist
      Configure custom domains
      Add external metadata
      Test your integration
      Privacy and compliance considerations
    Reference
      Warning Flags (Verdict Reasons)
Get support on SlackVisit our developer forum

Contact us

Fraud and Risk Prevention

/

Guides

/

About Stytch Fraud and Risk

/

Integration steps

/

Go-live checklist

Go-live checklist

This guide provides a checklist of recommended steps to take before enforcing decisions on your production traffic.

This checklist is also available as a fillable spreadsheet! To get a copy, email support@stytch.com or contact your account team.

There are three main steps:

  1. Document your use case and implementation plan
  2. Ensure you've completed important integration steps
  3. Run in production in observation mode

You don't need to do these in this exact order, but we recommend that you complete these three steps before enforcing decisions on your production traffic.

Document your use case and implementation plan

You'll want to define the problem, plan key decisions about your integration, and define outcomes. Documenting these will help you understand business goals and related design decisions, enabling you to revise them over time if needed.

Defining the problem:

  • What is the fraud or abuse problem we are trying to solve?
  • How does the attacker benefit?

Key integration decisions:

  • Are you using Device Fingerprinting standalone (via the API), or using Protected Auth?
  • If using Protected Auth, how will you handle challenges?
  • If using the standalone API:
    • What actions will you fingerprint?
    • What are the high-level decisioning and enforcement processes?
    • Will you use Rules or Verdict Reason Overrides to customize your decisioning?

Outcomes:

  • What are key metrics and indicators of success?
  • How will you handle users who report issues? How will you ensure a user-reported issue is not a social engineering attack?

Ensure you've completed important integration steps

While you can get started with Device Fingerprinting in under one hour, you'll want to complete the following steps before running in production.

  • Set up custom domains to reduce ad-blocker interference.
  • If using the standalone API:
    • Consider adding external metadata for additional context.
    • Test your integration, including properly handling non-200 responses.
    • If you're using Protected Auth, these are already handled for you.
  • Review privacy and compliance considerations.

Run in production in observation mode

When you're ready, you can collect fingerprints and verdicts in production without taking action. This is valuable because you can observe traffic and predicted actions to ensure they look correct, without disrupting your live users. You can view Fingerprint Lookup results from the last 30 days in the Stytch Dashboard.

  • If you're using Protected Auth, set your Frontend SDK configuration to Observation mode to collect data without blocking any requests.
  • If you're using Device Fingerprinting with the standalone API, call the Lookup API without taking any enforcement action on the result.
    • You can also log results to your preferred observability or analytics platform.

Next steps

Once you've completed the three steps above and confirmed the observation results look reasonable, you can start enforcing your decisions.

  • If you're using Protected Auth, switch to Enforcement mode.
  • If you're using the standalone API, change your code (or feature flag, etc.) to enforce decisions based on your plan.

Now, you're protecting your application and users with Stytch Device Fingerprinting!

Want to try Device Fingerprinting for your project?

Get started with a free trial

Document your use case and implementation plan

Ensure you've completed important integration steps

Run in production in observation mode

Next steps