Fingerprint Browser Bot Detection is Smart Signal on Pro Plus plan that detects automated activity on your website. It analyses a variety of browser attributes and gives you a bot detection signal with one of three values:
Good bot - usually a bot that belongs to a well-known search engine (Google, Amazon, Bing). It crawls websites to create a searchable content index. Good bots can also be monitoring or uptime-checking tools.
Bad bot - usually an automation tool like Selenium, Puppeteer, Playwright, or anything that pretends to be a good search bot. It can take over accounts, submit spam, steal passwords, scrape data, waste resources, etc.
Bot not detected - the visitor is likely a human using a regular browser.
You can use the provided bot detection signal to implement protective measures against malicious bots on your site.
If you want to use Fingerprint Bot Detection, reach out to our support team or enable the Pro Plus plan in the dashboard.
Typical integration into a project consists of 3 steps:
- Get the
- Call GET /events endpoint from your server-side environment to retrieve the Bot Detection result. Use the information about possible bots in your business logic.
requestId is important for further server-side request processing. Other information is specific to the Identification product and is useful if this product is activated for your application.
Bot Detection works only with JS agent version 3.7.0 or newer. Check your version and update it if needed.
Since the data from the client browser might be spoofed by fraudulent parties, we strongly recommend server verification using the Server API.
Bad actors can replace the
requestId with a fake value or completely delete this field. Check the request timestamp returned by the Server API – it shouldn't be older than several seconds or minutes depending on the implemented scenario. If the
requestId doesn't pass the verification, you need to ask your users for additional verification (Captcha, 2FA) or deny access to the requested resource.
Additionally, the most secure way of using the Fingerprint platform is Zero Trust Mode which makes only
requestId available to your frontend application.
Bot Detection doesn't have native mobile libraries, but it’s on our long-term feature roadmap.
Bot Detection is supported by all provided client and server-side libraries.
Fingerprint Identification and Bot Detection produce the best results when used together. Bot Detection will try to detect if current activity is done by a bot and then run the identification if it's not a bot.
requestId used by two products under the hood, and one server-to-server request to retrieve the results of both products.
Updated about 2 months ago