Skip to main content

What is Fingerprint Bot Detection?

Fingerprint Bot Detection is a Smart Signal that detects automated activity on your websites. It detects both authorized AI agents and traditional bots. When performing bot detection, Fingerprint analyses hundreds of browser attributes and network signals and gives you back a bot detection result with one of three values:
  • Good bot - includes several categories of bots, such as authorized AI agents, verified search crawler, marketing, monitoring, and SEO optimization tools.
  • Bad bot - includes browser automation tools like Selenium, Puppeteer, Playwright, or anything that impersonates verified tools. Bad bots can take over accounts, submit spam, steal passwords, scrape data, waste resources, etc.
  • Bot not detected - the visitor is likely a human using a regular browser.
You can use the provided bot detection result to better understand your AI and human traffic, implement protective measures against malicious bots and more.

How to enable Fingerprint Bot Detection?

If you want to use Fingerprint Bot Detection, upgrade to the Pro Plus plan. If you have an Enterprise plan, reach out to your Customer Success Manager or our support team.

Integrating Bot Detection

Typical integration into a project consists of 3 steps:
  1. Add the JavaScript agent in the frontend part of your web application.
  2. Get the requestId from the JavaScript agent response and pass it to your server.
  3. Call GET /events endpoint from your server-side environment to retrieve the Bot Detection result. Use the information about possible bots in your business logic.

JavaScript agent

The JavaScript agent is a client-side library that collects browser signals and sends them to the Fingerprint backend. The library returns an object with multiple fields, but for Bot detection only the requestId is needed to get the results on the backend.
Bot Detection and JavaScript agent versionsBot Detection works only with JS agent version 3.7.0 or newer. Check your version and update it if needed.

Bot Detection results on the client side

Since the data from the client browser might be spoofed by fraudulent parties, we strongly recommend server verification using the Server API. Bad actors can replace the requestId with a fake value or completely delete this field. Check the request timestamp returned by the Server API – it shouldn’t be older than several seconds or minutes depending on the implemented scenario. If the requestId doesn’t pass the verification, you need to ask your users for additional verification (Captcha, 2FA) or deny access to the requested resource. However, the most secure way of using the Fingerprint platform is Zero Trust Mode which makes only requestId available on the frontend.

Native mobile libraries

Bot Detection doesn’t currently support native mobile libraries.

Fingerprint’s SDKs and libraries

Bot Detection is supported by all provided client and server-side libraries, but the AI agent detection results are available in server API v4 or later.

Identification and Bot Detection

Fingerprint Identification and Bot Detection produce the best results when used together. A combination of Identification and Bot Detection gives you a powerful tool to prevent online fraud. Using both products doesn’t have any drawbacks. One JavaScript agent running in the browser and one requestId value to get both identification and bot detection results on the backend without additional latency.
  • Bot Directory - list of bots and AI agents Fingerprint can detect