Getting started

Overview

Veriprint is a device identification service. A small browser SDK collects device signals, sends them to the Veriprint API, and gets back a stable visitor ID with a confidence score, bot verdict, geo data, and visit history in a single round trip.

Unlike a cookie, the visitor ID survives cache clears, incognito sessions, and cookie deletion with useful (not perfect) reliability, because identity is derived from a weighted cluster of device signals rather than a single stored token. Identification is probabilistic: every response carries a confidence score between 0 and 1 so you can decide how much to trust each match.

Two keys, two trust levels

Every workspace has two API keys. The split exists because the browser is an untrusted environment: anything shipped to the client can be read, replayed, or spoofed.

KeyPrefixWhere it livesWhat it can do
Public keyvp_pk_...Browser or mobile app, safe to exposeAuthenticates POST /v1/identify only. Cannot read events or account data.
Secret keyvp_sk_...Your server only, never ship to a clientAuthenticates GET /v1/events/:requestId to verify what the browser reported.
Keep the secret key server-side
Using a public key against /v1/events returns 401 by design. If a secret key ever reaches a browser bundle, rotate it from the dashboard.

The three-step flow

  • 1. Identify in the browser. The SDK collects signals and anchors, then calls POST /v1/identify with your public key. The response includes a visitorId and a one-time requestId.
  • 2. Send the requestId to your backend. Attach it to your login, signup, or checkout request. Never trust the visitorId the client claims for itself.
  • 3. Verify server-side. Your backend calls GET /v1/events/:requestId with the secret key and reads the authoritative identification (visitor ID, bot verdict, confidence) straight from Veriprint.
browser.ts
import { Veriprint } from '@veriprint/sdk';

const vp = new Veriprint({ apiKey: 'vp_pk_demo_public_key' });
const visitor = await vp.identify();

// Forward the requestId with your form submit / API call.
await fetch('/api/login', {
  method: 'POST',
  headers: { 'content-type': 'application/json' },
  body: JSON.stringify({ email, password, veriprintRequestId: visitor.requestId }),
});

What comes back

A single identify call returns the visitor ID plus everything you would otherwise stitch together from three or four services:

  • visitorId, confidence (0–1), confidenceLevel, visitCount, firstSeenAt / lastSeenAt
  • bot: detection result, score, and the reasons behind the verdict
  • geo: country through city, plus ASN, datacenter and Tor flags
  • incognito and vpnLikely booleans
  • matchedVia: how this visitor was recognized: cookie, localStorage, cache, fingerprint, or new