/
Contact usSee pricingStart building

    About Stytch Fraud and Risk

    Introduction
    Use cases
    Device Fingerprinting
      Overview
      Fingerprints

    • Verdicts

        • Verdicts overview
        Allow
        Block
        Challenge
        Not Found
    Getting started
      Device Fingerprinting API
      DFP Protected Auth
    Decisioning
      Decisioning overview
      Setting rules with DFP
      Intelligent Rate Limiting
    Enforcement
      Enforcement overview

    • Protected Auth

        • Overview
        Handling challenges

    • Strong CAPTCHA

        • Overview
        Getting started
Get support on SlackVisit our developer forum

Contact us

Fraud and Risk Prevention

/

Guides

/

About Stytch Fraud and Risk

/

Device Fingerprinting

/

Verdicts

/

Verdicts overview

Verdicts and metadata

Recommendations and actions

Stytch Device Fingerprinting provides a set of customizable tools for your business to accurately identify users by device and take an ensuing action based on that information.

In addition to granular identifiers, each fingerprint has associated metadata:

  • Action: The suggested action based on the fingerprint review. The available actions are:
    • ALLOW - This is a known valid device grouping or device profile that is part of the default ALLOW listed set of known devices by Stytch. This grouping is made up of verified device profiles that match the characteristics of known/authentic traffic origins.
    • BLOCK - This is a known bad or malicious device profile that is undesirable and should be blocked from completing the privileged action.
    • CHALLENGE - This is an unknown or potentially malicious device that should be put through increased friction such as 2FA or other forms of extended user verification before allowing the privileged action to proceed.
  • Detected device type: The device's operating system and architecture.
  • Is an authentic device: Stytch's proprietary assessment of device authenticity. It will be false if hardware or browser deception is detected.
  • Reasons: A set of contextual clues to inform why a CHALLENGE or BLOCK action was suggested. For a list of possible Reasons, see Warning Flags (Verdict Reasons)

Together, these fingerprints and associated metadata provide a set of customizable tools for your business to accurately identify users by device and take an ensuing action based on that information.

Here's an example JSON response from our Device Fingerprinting API:

{
	"created_at": "2023-01-01T00:00:00Z",
	"expires_at": "2033-01-01T00:00:00Z",
	"fingerprints": {
		"browser_fingerprint": "browser-fingerprint-0b535ab5-ecff-4bc9-b845-48bf90098945",
		"browser_id": "browser-id-99cffb93-6378-48a5-aa90-d680232a7979",
		"hardware_fingerprint": "hardware-fingerprint-4af7a05d-cf77-4ff7-834f-0622452bb092",
		"network_fingerprint": "network-fingerprint-b5060259-40e6-3f29-8215-45ae2da3caa1",
		"visitor_fingerprint": "visitor-fingerprint-6ecf5792-1157-41ad-9ad6-052d31160cee",
		"visitor_id": "visitor-6139cbcc-4dda-4b1f-b1c0-13c08ec64d72"
	},
	"status_code": 200,
	"telemetry_id": "026ac93b-8cdf-4fcb-bfa6-36a31cfecac1",
	"verdict": {
		"action": "ALLOW",
		"detected_device_type": "...",
		"is_authentic_device": true,
		"reasons": [...]
	}
}