Skip to main content
A device fingerprint uniquely identifies the device a customer is using at checkout. Anti-fraud connections use this to determine whether this device or user has been flagged for fraudulent behavior in the past, allowing it to reject the transaction and protecting you from fraud. Each anti-fraud service has a different way of collecting the device fingerprint, and therefore the f.js library wraps around each of these, allowing focus on the preferred anti-fraud service.
If using Embed or one of the e-commerce plugins, then none of the steps below are necessary. Embed automatically loads the right library and ensures the device fingerprint is collected.

Usage without Embed

To create a device fingerprint, load the f.js library into your checkout page. This can be the page on which you render your checkout using Secure Fields, or any other integration. 
<script src="https://api.{instance_id}.gr4vy.app/f.js"></script>
In a sandbox environment make sure you use api.sandbox.{instance_id} .gr4vy.app/f.js.
This automatically loads the fingerprinting library for your Primary anti-fraud service and attaches the fingerprint value to window.gr4vyAntiFraud.f. This fingerprint can then be sent as the anti_fraud_fingerprint property when creating a transaction.

Embed, e-commerce, and custom

When using Embed, or one of the e-commerce plugins like Magento, then the device fingerprint is automatically created and sent along when creating a transaction. This behavior can be overridden by sending in a custom fingerprint to Embed. For example, if the anti-fraud service in use is known, and that service’s fingerprint script has already been loaded, then the fingerprint created by that service can be passed directly to Embed or the API. When the antiFraudFingerprint value is set, the device fingerprint libraries are not loaded and, instead, the fingerprint provided is passed along as-is when creating a transaction. 
<Embed
    gr4vyId='example'
    antiFraudFingerprint="my-fingerprint-id"
    ...
/>

For most anti-fraud services the fingerprint represents either the session ID or device fingerprint ID defined by that service’s anti-fraud library. Please refer to the documentation of your anti-fraud service for more details.

Custom & native fingerprints

In the event the automated solution cannot be used to generate the device fingerprint, use the anti-fraud fingerprint libraries directly and then pass the fingerprint by using the anti_fraud_fingerprint when creating a new transaction.
When accepting PayPal the device fingerprint is sent to both PayPal and the Anti-Fraud service. To ensure the same fingerprint works for both services, creating a PayPal fingerprint first is recommended, and then passing the ID generated by their library to the anti fraud fingerprint library to seed the value.

Merchant accounts

In an environment with multiple merchant accounts it’s important to add the merchant_account_id as a query parameter to the fingerprint script. This ensures the script is loaded for the Primary anti-fraud service for that specific merchant account. 
<script
  src="https://api.{instance_id}.gr4vy.app/f.js?merchant_account_id=example"
  type="text/javascript"
></script>
Please note that when using an Integration API key with Embed or one of the e-commerce platforms, then the merchantAccountId needs to be set explicitly for Embed to load the anti-fraud scripts for that merchant account. 
<Embed
    gr4vyId='example'
    merchantAccountId="my-merchant-id"
    ...
/>