Billing and account limits explained

A guide to understanding our API request-based billing and related concepts

Fingerprint Platform Billing

Customers are billed monthly based on the number of identification API requests made over the billing period. The Fingerprint Platform has two plans: Pro Plus and Enterprise.

Check out our Pricing to learn which plan is best for your needs.

Custom pricing options are available for businesses that require 6,000,000 annual API requests or more. Please reach out to our Sales team.

Identification API request as a billing unit

A billable API request happens when you successfully use the Fingerprint client agent to identify a browser or mobile device. Identification requests successfully processed by Fingerprint generate a requestId that is returned in the response.

  • All identification requests with an assigned request ID are billable.
  • Requests that do not generate a request ID are not billed.

The following requests are billable:

The following requests are not billable:

  • Downloading the client agent (calling the load() function) is not billable.
  • Requests to Server API are not billable.
  • Requests blocked by ad blockers or application firewalls are generally not billed.
  • Failed requests that result in an error without generating a request ID are not billed.
  • Throttled identification requests are not billed.
  • Requests filtered by Request Filtering are not billed.

If you encounter any billing issues or believe the billing is not working correctly, please reach out to our support team to resolve your issue.

How many API calls will I need?

If you're unsure how many API calls you'll need, try these two options:

  1. Start with an unlimited 14-day free trial to test all Fingerprint products. By the end, you'll know how many API calls you need.
  2. If a trial isn’t possible, estimate the number of important actions where you'll use Fingerprint, like logins, account creation, payments, refunds, or return requests.

Caching

When your application code retrieves visitor data from the application cache, it is not billed. Only requests that hit the Fingerprint backend are billed. Our frontend libraries for specific web frameworks provide various caching strategies.

The number of billed requests will depend on your selected caching strategy. See Caching visitor information for more details.

Smart signals

Smart signals (for example, Bot Detection, VPN Detection, and more) are available to users on the Pro Plus or Enterprise plans.

Billing changes

We reserve the right to change the billing model for our current or future products. In the event of an upcoming billing change, we'll send a notification to all our customers with a notification at least 30 days before the billing change event.

Other Fingerprint platform features

Other Fingerprint platform features, such as Server API requests, Webhooks, Custom subdomains, Request filtering, Proxy integrations, libraries, and SDKs are free of charge with certain limitations per account. See below for more details.

Account limits

All Fingerprint accounts are limited to one unlimited 14-day free trial. After you sign up, you are automatically enrolled in the free trial and can try the Fingerprint API without limitations. After the trial period ends, you must upgrade to a paid plan to continue using Fingerprint.

All Fingerprint applications have the following default limits:

ResourceDefault LimitNotes
SSL certificates50Trials are limited to 5 certificates.
API Keys10The number of API keys that an application can have. Includes public, secret, and proxy keys.
Monthly API requestsunlimitedOnly Identification API requests count towards your monthly plan or are billed. Server API requests are free.
API Rate Limit5 requests per second (*bursts)The maximum number of API requests per second for the public keys used for Identification and Smart Signals calculations, as well as the secret keys for accessing the Server API endpoints (/visitors and /events). It is possible to increase the limit on Enterprise plan by emailing support.
Webhook endpoints5Webhooks.
Request filtering rules15Request filtering rules that an application can have in total. Includes allowed/forbidden origins and forbidden HTTP headers.
Visit history30 daysFor plans, visit history is available through the Server API for the past 30 days. For Enterprise plans, the data is kept for 90 days or longer depending on the enterprise contract.

📘

Increasing Limits

If you are an Enterprise plan customer and want to increase a limit, please reach out to our support team.

Rate Limiting - Burst Protection

Short unexpected traffic spikes could normally cause request throttling if the API key exceeded the API Rate Limit. Burst protection prevents that by allowing peak traffic to be higher than usual for a short period of time. The allowed burst size (bucket) is always API Rate Limit * 3 (15 RPS in the default configuration). The burst bucket automatically regenerates every second by API Rate Limit - RPS when the current RPS is lower than the API Rate Limit.

Examples

Real world examples of burst bucket depletion with different RPS values (considering the default API Rate Limit value above):

  • Burst bucket never depletes when RPS is 5
  • Burst bucket depletes in 15 seconds on 6 RPS
  • Burst bucket depletes in 3 seconds on 10 RPS
  • Burst bucket depletes in 1 second on 20 RPS

Whenever the bucket depletes, the service starts dropping requests above API Rate Limit.

How am I protected from overpaying?

Fingerprint offers two types of surge protection for all customer accounts. First is DDoS protection, so you won't be charged for API calls during an attack. Second is a web application firewall (WAF) that blocks harmful or abusive bot requests.

Each request also goes through a customizable request filtering layer. This lets you block requests from unknown sources, limit API calls to certain web apps, or ignore requests based on HTTP headers.

In the rare case a malicious surge gets through, we can waive the API call charges.