Add the Fingerprint Pro JavaScript agent to your frontend by installing the @fingerprintjs/fingerprintjs-pro npm package or loading it via the CDN snippet; initialize it with your public API key (YOUR_PUBLIC_KEY).
Call FingerprintJS.load().then(fp => fp.get()) on page load or at the point of a risk-sensitive action (login, payment, registration); this returns a visitorId and a requestId.
Send the visitorId and requestId from the client to your server as part of the form submission or API call you want to protect.
On the server, call the Fingerprint Server API (GET /visitors/{visitorId} or the Events endpoint with the requestId) using your secret API key (YOUR_SECRET_KEY) to retrieve the server-side verified visit data including ip, incognito mode, bot detection signals, and linked history.
Apply your fraud rules: flag or block requests where the same visitorId has been associated with multiple failed logins, multiple account creations, or other abuse patterns within a lookback window.
Do not use visitorId as the sole identity factor; use it as a risk signal layered with other signals (email, IP reputation, behavior) in your fraud decision engine.
Known gotchas
The visitorId is a probabilistic identifier and can change if a user clears storage or switches browsers; build your fraud logic to tolerate identifier churn rather than treating a new visitorId as proof of a new person.
Always validate fingerprint results server-side via the Server API; client-side visitorId values can be spoofed or replayed without server-side verification.
Fingerprint Pro's data retention and GDPR compliance obligations require you to configure data retention settings in the dashboard and disclose fingerprinting in your privacy policy.
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp