🤖 Bot Detection guide
What is Fingerprint Pro Bot Detection?
Fingerprint Pro Bot Detection is a product that detects automated activity on your website. It analyses a variety of browser attributes and gives you a bot detection signal with one of three values:
Good bot - usually a bot that belongs to a well-known search engine (Google, Amazon, Bing). It crawls websites to create a searchable content index. Good bots can also be monitoring or uptime-checking tools.
Bad bot - usually an automation tool like Selenium, Puppeteer, Playwright, or anything that pretends to be a good search bot. It can take over accounts, submit spam, steal passwords, scrape data, waste resources, etc.
Bot not detected - the visitor is likely a human using a regular browser.
You can use the provided bot detection signal to implement protective measures against malicious bots on your site.
How to enable Fingerprint Pro Bot Detection?
If you want to use Fingerprint Pro Bot Detection, reach out to support at [email protected].
Integrating Bot Detection
Typical integration into a project consists of 3 steps:
- Get the
- Call GET /events endpoint from your server-side environment to retrieve the Bot Detection result. Use the information about possible bots in your business logic.
requestId is important for further server-side request processing. Other information is specific to the Identification product and is useful if this product is activated for your application.
Bot Detection works only with JS agent version 3.7.0 or newer. Check your version and update it if needed.
Bot Detection results on the client side
Since the data from the client browser might be spoofed by fraudulent parties, we strongly recommend server verification using the Server API.
Bad actors can replace the
requestId with a fake value or completely delete this field. Check the request timestamp returned by the Server API – it shouldn't be older than several seconds or minutes depending on the implemented scenario. If the
requestId doesn't pass the verification, you need to ask your users for additional verification (Captcha, 2FA) or deny access to the requested resource.
Additionally, the most secure way of using the Fingerprint Pro platform is Zero Trust Mode which makes only
requestId available to your frontend application.
Bot Detection webhook
Adding Bot Detection results into the Webhook feature is a work in progress. You can use the Server API (GET /events) to get the results on your server in the meantime.
Native mobile libraries
Bot Detection doesn't have native mobile libraries, but it’s on our long-term feature roadmap.
Fingerprint Pro's SDKs and libraries
Bot Detection product is supported by all provided client and server-side libraries.
Identification and Bot Detection
Fingerprint Pro Identification and Bot Detection produce best results when used together. Bot Detection will try to detect if current activity is done by a bot and then run the identification if it's not a bot.
requestId used by two products under the hood, and one server-to-server request to retrieve the results of both products.
If you use two products, Bot Detection will add additional protection for the Identification. In case a request is made by a good or bad bot,
visitorId won't be generated and we won't charge you for Identification for this particular request. It also means that you won't get the identification field in the GET /events response if Bot Detection found a bot.
Updated 17 days ago