Overview
Veriprint is a device identification service. A small browser SDK collects device signals, sends them to the Veriprint API, and gets back a stable visitor ID with a confidence score, bot verdict, geo data, and visit history in a single round trip.
Unlike a cookie, the visitor ID survives cache clears, incognito sessions, and cookie deletion with useful (not perfect) reliability, because identity is derived from a weighted cluster of device signals rather than a single stored token. Identification is probabilistic: every response carries a confidence score between 0 and 1 so you can decide how much to trust each match.
Two keys, two trust levels
Every workspace has two API keys. The split exists because the browser is an untrusted environment: anything shipped to the client can be read, replayed, or spoofed.
| Key | Prefix | Where it lives | What it can do |
|---|---|---|---|
| Public key | vp_pk_... | Browser or mobile app, safe to expose | Authenticates POST /v1/identify only. Cannot read events or account data. |
| Secret key | vp_sk_... | Your server only, never ship to a client | Authenticates GET /v1/events/:requestId to verify what the browser reported. |
/v1/events returns 401 by design. If a secret key ever reaches a browser bundle, rotate it from the dashboard.The three-step flow
- 1. Identify in the browser. The SDK collects signals and anchors, then calls
POST /v1/identifywith your public key. The response includes avisitorIdand a one-timerequestId. - 2. Send the requestId to your backend. Attach it to your login, signup, or checkout request. Never trust the
visitorIdthe client claims for itself. - 3. Verify server-side. Your backend calls
GET /v1/events/:requestIdwith the secret key and reads the authoritative identification (visitor ID, bot verdict, confidence) straight from Veriprint.
import { Veriprint } from '@veriprint/sdk';
const vp = new Veriprint({ apiKey: 'vp_pk_demo_public_key' });
const visitor = await vp.identify();
// Forward the requestId with your form submit / API call.
await fetch('/api/login', {
method: 'POST',
headers: { 'content-type': 'application/json' },
body: JSON.stringify({ email, password, veriprintRequestId: visitor.requestId }),
});What comes back
A single identify call returns the visitor ID plus everything you would otherwise stitch together from three or four services:
visitorId,confidence(0–1),confidenceLevel,visitCount,firstSeenAt/lastSeenAtbot: detection result, score, and the reasons behind the verdictgeo: country through city, plus ASN, datacenter and Tor flagsincognitoandvpnLikelybooleansmatchedVia: how this visitor was recognized:cookie,localStorage,cache,fingerprint, ornew