Identifying users in hybrid app frameworks

User identification in Capacitor, Cordova, PhoneGap and other hybrid app frameworks

Fingerprint Pro was designed for fraud detection in the browser, but Pro can also accurately identify users in apps built with Adobe PhoneGap, Ionic Capacitor, Apache Cordova, and other hybrid app development frameworks.

How to Install Fingerprint on a Hybrid App

1 - Sign up for a free trial, or log in to your Fingerprint account if you have one.
2 - Follow the directions on our quick start guide to install our Javascript agent using the NPM package method but NOT the CDN method. The agent needs to be added to your JavaScript, not to an HTML page.
3 - Copy/paste this terminal command to add our NPM package to your project:

npm install @fingerprintjs/fingerprintjs-pro

If you use Yarn it will look like this:

yarn add @fingerprintjs/fingerprintjs-pro

4 - Add the JavaScript agent code to your JavaScript codebase. It will pull identification signals from your app’s webview interface:

import FingerprintJS from '@fingerprintjs/fingerprintjs-pro'

const fpPromise = FingerprintJS.load({ apiKey: '<<browserToken>>' })

// When you need the visitor identifier:
  .then(fp => fp.get())
  .then(result => console.log(result.visitorId))
const FingerprintJS = require('@fingerprintjs/fingerprintjs-pro')

const fpPromise = FingerprintJS.load({ apiKey: '<<browserToken>>' })

// When you need the visitor identifier:
  .then(fp => fp.get())
  .then(result => console.log(result.visitorId))

Note that you should replace ‘your-public-api-key’ with the alphanumeric “Public API key” code from your customer dashboard (it's automatically replaced if you're logged in into the documentation portal):


Screenshot of where to find your Public API keys

5 - Continue the quick start guide instructions for the Custom subdomain, webhooks, server API queries, and tagging requests. There are no special considerations for enabling these features in hybrid apps.

Pro features that are compatible with hybrid apps

Apps that work through hybrid environments use webviews, which are similar to browsers in that they use HTML, CSS, and JavaScript to show content and controls to the user. The Fingerprint Pro JavaScript agent can collect enough attributes through webviews for us to create a visitorID. Most Fingerprint Pro functions, like webhooks and geolocation, work as expected in this environment.

Other considerations

  • If one of your API keys is stolen, request filtering cannot stop a thief from using that API key on their own app. This is because our filtering system checks requests against a blacklist of suspect origins or a limited whitelist of acceptable origins, and the default origin in many hybrid app webviews is "localhost." So from our perspective all requests look like they’re coming from the same origin. We also filter HTTP headers using specified rules, but like origins, the headers of different webviews look the same, so the rules aren’t effective. A developer can change the webview origin or header, but then the thief can do the same. If you suspect your API key was stolen, reach out to [email protected].
  • Fingerprint Pro needs an internet connection to create and match visitorIDs. We cannot store information while the device is offline and send it to our server when the device turns the Internet back on.
  • The app’s webview and the device’s browser are separate environments. In cases where the webview and browser share many attributes, our system can assign a single visitorID to both environments, but we cannot guarantee a consistent match.

Compliance and support

Fingerprint Pro is fully compliant with GDPR and CCPA when used to detect and prevent fraud.

For specific questions about how Fingerprint Pro could work for your hybrid app, reach out to [email protected].