A device fingerprint uniquely identifies the device a customer is using at checkout. Anti-fraud connections use this to determine whether this device or user has been flagged for fraudulent behavior in the past, allowing it to reject the transaction and protecting you from fraud.
Each anti-fraud service will have a different way of collecting the device fingerprint,
and therefore we’ve introduced our own
f.js library that wraps around each of
these, allowing you to focus on using your preferred anti-fraud service.
If you are using Embed or one of our e-commerce plugins, then you will not need to perform any of the steps below. Embed will automatically load the right library for you and ensure the device fingerprint is collected.
Usage without Embed
To create a device fingerprint, load the
f.js library into your checkout page. This
can be the page on which you render your checkout using Secure Fields, or any other integration.
In a sandbox environment make sure you use
This will automatically load the fingerprinting library for your configured anti-fraud service and
attach the fingerprint value to
fingerprint can then be sent
anti_fraud_fingerprint property when creating a transaction.
curl -i -X POST "https://api.example.gr4vy.app/transactions" \
-H "Authorization: Bearer [JWT_TOKEN]" \
-H "Content-Type: application/json" \
Embed, E-commerce, and custom
When you are using Embed, or one of the e-commerce plugins like Magento, then the device fingerprint is automatically created for you and sent along when creating a transaction. You can override this behavior by sending in a custom fingerprint to Embed.
For example, if you know what anti-fraud service is in use,
and you’ve already loaded that service’s fingerprint script, then you can pass in the fingerprint created by that service directly
to Embed or our API. When the
antiFraudFingerprint value is set we will not load any of the device fingerprint libraries and, instead,
we will pass along the fingerprint provided as-is when creating a transaction.
For most anti-fraud services the
fingerprint represents either the session
ID or device fingerprint ID defined by that service’s anti-fraud library.
Please refer to the documentation of your anti-fraud service for more details.
In an environment with multiple merchant accounts it’s important to add the
merchant_account_id as a query
parameter to the fingerprint script. This will ensure the script is loaded for the configured anti-fraud service for
that specific merchant account.
Please note that when using an Integration API key with Embed or one of our ecommerce platforms, then the
merchantAccountId needs to be set
explicitly for Embed to load the anti-fraud scripts for that merchant account.