Every device has a signature.
We read it in 40ms.
Veriprint returns one stable visitor ID and a risk signal for every browser that hits your app, even through cookie clears, browser updates, and incognito. One API call.
This is your browser fingerprint, right now
No sign-up needed. The panel below ran the real Veriprint agent against the live API and identified this browser. Watch it read each signal, then settle on one visitor ID.
import { Veriprint } from '@veriprint/sdk';
const vp = new Veriprint({
apiKey: 'vp_pk_demo_public_key',
});
// One call. Runs in the browser, ~40ms.
const visitor = await vp.identify();
console.log(visitor.visitorId); // "vp_8f3kzq..."
console.log(visitor.confidence); // 0.98
console.log(visitor.bot.result); // "notDetected"This is running for real against the Veriprint API right now, and the ID above is your browser's. Clear your cookies and hit re-run. The fuzzy persistence engine re-links you to the same ID from the signals that survive.
Trusted by fraud and growth teams
Your riskiest users look exactly like your best ones
Cookies get cleared. IP addresses rotate behind VPNs. A fraud ring signs up 400 times from one laptop and every account reads as brand new. Rules engines and CAPTCHAs punish real users while the bots walk through.
Fake signups
One device farming referral credits, free trials, and promo codes across hundreds of accounts that all look new.
Account takeover
A login from a device that has never touched this account before. If you only check the password, you never see it.
Payment fraud
Stolen cards tested from datacenter IPs and headless browsers that pass every cookie-based check you have.
Bot abuse
Scrapers and credential-stuffing scripts that rotate IP addresses faster than you can block them.
Device fingerprinting signals that hold up when everything drifts
Six things Veriprint does. Each one is a specific mechanism you can read about in the docs, not a slogan.
Fuzzy identity persistence
One stable ID that survives browser updates and cleared cookies.
Signals are weighted by stability (timezone ×5, canvas ×1) and re-linked above a 0.82 similarity threshold. An EMA decay follows the device as it drifts.
Incognito & storage-independent
Recognize a returning device even in a private window.
Three durable anchors (cookie, localStorage, Cache API) plus a probabilistic fingerprint. Losing any one anchor re-links on the others.
Server-verified results
The browser can never spoof its own verdict.
GET /v1/events/:requestId returns the result WE computed, gated by your secret key. Public key in the browser, secret key on your server.
Bot & automation detection
Separate headless Chrome and Selenium from real users.
Weighted scoring over navigator.webdriver, plugin/permission anomalies, and UA/platform mismatch. Search engines are classified separately from evasive bots.
IP intelligence
Flag datacenter, VPN, and TOR traffic.
Geo + ASN resolution with a datacenter/hosting-range check; vpnLikely is true for cloud egress or a known TOR exit.
~40ms p95, one call
Fast enough for the login path.
A single POST /v1/identify returns id, confidence, geo, bot, and VPN signals. Rate-limited per key, Redis-backed, horizontally scalable.
Agent collects. API identifies. You decide.
Three steps and one round trip. Scroll to move through each stage.
Clear tiers, and the free one is actually free
You get 20,000 identifications a month, free forever. The gotchas are written here, not saved for a sales call.
Free
For side projects and evaluation.
- ✓Full browser + server signals
- ✓Fuzzy persistence engine
- ✓Bot & VPN detection
- ✓7-day visit history
- ✓Community support
Pro
For products in production.
- ✓Everything in Free
- ✓90-day visit history
- ✓Server-side events API
- ✓Webhooks on new-visitor / bot
- ✓99.9% uptime SLA
- ✓Email support, 1-day response
Scale
For high-volume fraud teams.
- ✓Everything in Pro
- ✓Unlimited history retention
- ✓Self-hosting option (your VPC)
- ✓Custom signal weighting
- ✓SSO + audit logs
- ✓Dedicated support & Slack channel
What developers ask before they sign up
A visitorId derived from device signals is personal data under GDPR, so you need a lawful basis (usually legitimate interest for fraud prevention) and a mention in your privacy policy. Veriprint is first-party by design, stores no PII, never shares signals across customers, and offers self-hosting so raw signals never leave your infrastructure. We are a processor; you are the controller.
Fingerprinting is probabilistic, so we do not claim 100 percent. Confidence is a similarity score returned on every response, not a hard-coded value. Identification stays strong over weeks and good over a few months, then degrades gracefully. Multi-year persistence only holds for devices that keep at least one anchor and do not change hardware. We would rather give you a number than a slogan.
Yes, with a caveat. Private windows partition storage, so anchors are weaker, but the probabilistic fingerprint still identifies the device from its signals. You also get an incognito:true flag on the response so you can treat those visits differently.
A single identification is ~40ms p95 server-side. The browser agent collects signals in parallel (the audio fingerprint is the slowest at ~30ms). It is fast enough to run inline on a login or signup without a spinner.
Yes. The whole stack is a monorepo that boots with docker compose up, which starts the API, web app, Postgres, and Redis. On the Scale tier you run it in your own VPC so raw signals never leave your network. You bring your own Postgres and Redis.
Get a visitor ID for your app in five minutes
Free key, no credit card. Copy ten lines, ship the agent, and start seeing IDs.