Zero Trust Mode

The Fingerprint Pro API supports Zero Trust Mode to make it very difficult to send malicious identification requests that impersonate other visitors.
Zero Trust Mode is implemented internally by identification result hiding and strict origin checking features.

Identification Result Hiding

Zero Trust Mode requires this feature to avoid sending the identification results to end-user browsers.

When enabled, these fields will not be sent to the end-user browser: visitorId, visitorFound, and confidenceScore. The requestId field will still be returned, because you need it to get the full results later using our Server API.
Importantly, when Zero Trust Mode is enabled, you will still get full results through the webhook.

In addition to the requestId, the JavaScript agent response will include a new field called zeroTrust that will list all the fields that were hidden:

{
  "requestId": "...",
  "zeroTrust": {
    "hiddenFields": ["visitorId", "visitorFound", "confidence"],
    "comment": "The result was hidden because of the subscription configuration."
  }
}

Strict Origin Checking

In all modern browsers the Origin header is automatically included in all cross-origin requests.
Websites cannot spoof this header. However some signals collected by the JavaScript agent can be spoofed.

When Zero Trust Mode is enabled, the strict origin checking feature detects inconsistencies between the data collected by the JavaScript agent and the request headers that cannot be spoofed by the browser. These headers are the Origin and the Referer. Identification requests with the inconsistencies are rejected by the server. This ensures that the url and clientReferrer values can’t be spoofed. That is important because url and clientReferrer are exposed in our Server API and webhook responses.

You can use Zero Trust Mode with the request filtering feature for additional security.

This mode is only available for the Enterprise subscription tier.
It can be enabled on a per-subscription level.

πŸ“˜

If you would like to try this mode or learn more, please contact our support at [email protected].


Did this page help you?