Scribd
Upload
23 views2 pages

Shopflo- POC Checklist and Best Practices

Uploaded by

ssatwikanmol
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
23 views2 pages

Shopflo- POC Checklist and Best Practices

Uploaded by

ssatwikanmol
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

Fingerprint POC Guide

This document serves as a guide for completing a successful POC with Fingerprint

Setup:
1. Sign-up for a free Fingerprint trial and for access to the dashboard
https://dashboard.fingerprint.com/signup or login if you have already registered for an
account
2. Make sure the correct region is selected during account setup
https://dev.fingerprint.com/docs/regions
3. Click on “App Settings” -> “API keys” to get your keys.
a. Use the “Public” key for visitorID generation in the client side web app or mobile
app.
b. Use the “Secret” key for server api to fetch details and additional signals for each
visitorID.
c. You can use the same key or create multiple keys for each brand/domain
4. Plan your integration points within the user journey:
a. Hosted merchant Checkout / payment page - to include the identification API
request with every payment/checkout to identify repeat fraudsters

Latency related optimizations:


i. https://dev.fingerprint.com/docs/api-preconnect
ii. https://dev.fingerprint.com/docs/js-agent-preloading

5. [Mandatory for Web] Custom Subdomain / Proxy Integration - Prevent ad blockers from
blocking calls and give api first party access
a. Option 1 - Proxy Integrations
b. Option 2 - Custom sub-domain:

i. Increases accuracy by allowing Fingerprint to use first-party cookies and


protects from identification requests and JavaScript agent from being
blocked by browsers or ad blockers
ii. Cookies are now recognized as “first-party.” This means they can live longer
in the browser and extend the lifetime of visitor information.
6. [Mandatory] LinkedId and/or Tags - In order to make the linking between
accounts/transactions and devices possible, provide the account / user identifier or
payment transactionId with every fingerprinting request using the ‘LinkedID’ field. This
information will allow us to help with the data analysis post POC.
https://dev.fingerprint.com/docs/tagging-information
Integration:
1. JS Agent - https://dev.fingerprint.com/docs/js-agent
Front End SDKs - https://dev.fingerprint.com/docs/frontend-libraries

2. Provide the session/account ID or payment transactionID as ‘linkedId’ with every


identification request. This is very important for us to help with the post POC data analysis.
If you’d like to anonymize it before sending it to Fingerprint, we recommend hashing:
https://dev.fingerprint.com/docs/tagging-information#hashing-linked-or-tagged-informatio
n

3. [Optional] Provide other metadata which may help with the analysis using key key pairs in
the ‘tags’ field - this could be the existing cookie based ID, checkout transaction ID where
applicable in the agreed user journeys.

4. Make sure to use the subdomain/proxy url instead of the default one if using
subdomains/proxy

5. For Smart signals response, use the server side events api. Best practice here is to collect
the ‘requestId’ on the client side response and then send to your backend to make the
Fingerprint Server Event API call - https://dev.fingerprint.com/reference/getevent
You can then use the Zero-trust mode post POC in production.

You can also use sealed client results for web which saves the extra server side call
detailed above. The full identification response is sent back as an encrypted payload in the
response which you can then send to your server side to decrypt.

6. Verify API calls by checking the “Visit History” tab in the dashboard

7. Webhooks - If you are not storing the identification response from the server-side call
(step5) then you can use Webhooks to receive the identification data directly to an
endpoint on your side when an identification request occurs.
https://dev.fingerprint.com/docs/webhooks

You might also like