Persistent origin ID
A stable originId (device/browser handle, not a unique-human ID) that persists across repeat visits when confidence thresholds are met — gate sensitive actions on confidence plus account, not ID alone.
Product
Visitor intelligence, end to end
DigitalFingerprint combines slim in-browser signal collection with server-side matching, enrichment, and risk scoring — authoritative fraud fields via Events, not the SDK.
Capabilities
Built for production fraud and growth workflows
Every capability is designed around a simple contract: raw signals in, enriched identity out.
Smart Signals
Server-computed bot, VPN, proxy, tampering, incognito, velocity, and IP enrichment on every identify — never exposed as client-side verdicts.
High-recall matching
Layered fingerprints and recall hashes improve match rates for returning visitors without sacrificing explainability.
Suspect score & reasons
Structured risk level, numeric suspect score, and human-readable reasons for your limiter and review queues.
Account linking
Pass linkedId and tags on identify for visit metadata; POST /api/account-link scores duplicate email ↔ visitor registrations.
Fingerprint-compatible export
Opt into Fingerprint-shaped JSON via Accept header or format query for migration and side-by-side evaluation.
Merge policy & bootstrap
Per-key balanced or conservative merge policy; bootstrapToken seeds first-party clientToken for fraud signup and shared-device safety.
Smart Signals
Enrichment that stays on your server
Fraud logic belongs server-side. DigitalFingerprint computes smart signals after geo and visit history are known.
Bot detectionHeadless and automation heuristics
VPN / proxyTimezone mismatch, relay, datacenter flags
TamperingBrowser integrity and anti-detect signals
VelocityVisit frequency and IP diversity
IncognitoPrivate browsing awareness
IP intelligenceGeo, ASN, ISP, blocklist hooks
Full signal reference in documentation.
Architecture
Client collection → server intelligence
The SDK stays thin. Matching, velocity, VPN corroboration, and scoring run where your data lives.
Browser
collectSignals()
100+ raw fields
API
POST /api/identify
match + enrich
Events
GET /api/events/:id
smartSignals + score
Identification honesty
originId is a browser handle, not a person
Confidence scores express merge false-positive risk (0–100), not population uniqueness. Use conservative merge policy and bootstrap tokens for fraud signup; fetch authoritative smart signals via Events API.
See the integration guide for merge policy, bootstrap tokens, confidence v2, and production trust (slim SDK + request signing).
Evaluate DigitalFingerprint on your stack
Start with the live demo, then point the SDK at your identify endpoint.