Log In Start Free →
COLLECT → ANALYZE → ACT

Three phases.
Under 50 milliseconds.

From the moment a user loads your page to the instant you block a threat — here's exactly what happens inside Prynt, and how to wire it into your stack.

Start Building → Read the Docs
Architecture

The full request lifecycle.

Every identification request flows through five stages — from your user's browser to a clear, actionable verdict delivered to your server.

🌐
Your App
JS agent or mobile SDK collects raw signals from the browser or device
0ms
Prynt Edge
Encrypted payload routed to nearest edge node via your custom subdomain
~8ms
🧠
Intelligence Engine
Fingerprint generated, signals scored, ML models applied, verdict computed
~30ms
⚖️
Rules Engine
Your custom policies evaluated against enriched signals and velocity data
~40ms
Verdict
ALLOW, BLOCK, or CHALLENGE returned to your server via API, webhook, or sealed result
<50ms
01
Phase 1

Collect. Two lines of code.

Add the Prynt agent to your frontend. It silently collects 100+ device, browser, and network signals on every page load — with zero impact on performance.

Install the SDK npm 
// Step 1: Install
// npm install @prynt/sdk

// Step 2: Initialize
import { Prynt } from '@prynt/sdk';

const prynt = new Prynt({
  apiKey: 'pk_live_xxxxxxxxxxxxxxxx',
  region: 'us',       // us | eu | ap
  endpoint: '/prynt'  // custom subdomain proxy
});

// Step 3: Identify — call on page load
const { visitorId, requestId } = await prynt.identify();

// visitorId: "pv_8kX2mNqR3jT7p"
// requestId: "req_1707832921_a7f2c9"
// → Send requestId to your backend
//   to retrieve full signals server-side
Or use the Script tag (no build step) HTML 
<script src="https://cdn.prynt.io/v1/agent.js"></script>
<script>
  const prynt = await Prynt.load({
    apiKey: 'pk_live_xxxxxxxxxxxxxxxx'
  });
  const result = await prynt.identify();
</script>

What the agent collects

The Prynt agent runs in under 4ms and collects signals passively — no popups, no CAPTCHAs, no user interaction needed.

🖥️

Browser & OS Signals

User agent, platform, language, timezone, screen resolution, color depth, installed plugins, Do Not Track settings, and cookie support.

🎨

Canvas, WebGL & Audio

Hardware-accelerated rendering fingerprints from Canvas 2D, WebGL shaders, and AudioContext — unique per device/GPU combination.

🔤

Font Enumeration

Detects installed system fonts via rendering measurement — a high-entropy signal that varies across OS, locale, and installed software.

🌐

Network & Connection

IP address, connection type, RTT estimation, and WebRTC leak detection — collected without requiring any additional permissions.

🔒

Tamper-Proof Payload

All collected signals are encrypted client-side before transmission. The payload cannot be read, replayed, or modified in transit.

02
Phase 2

Analyze. The intelligence pipeline.

In under 50ms, Prynt processes raw signals through six stages — generating a stable device fingerprint, enriching it with network and behavioral intelligence, and scoring risk with ML models.

📥
0ms
Signal Ingestion
Encrypted payload arrives at the nearest Prynt edge node. The agent's tamper-proof envelope is validated, decrypted, and raw signal data is extracted for processing.
TLS 1.3 Payload validation Replay protection Region routing
🔑
~8ms
Fingerprint Generation
Raw signals are processed through our proprietary hashing and fuzzy-matching algorithms. The result is a stable visitor ID that persists across browser upgrades, cookie clearing, and incognito sessions — accurate to 99.5%.
Canvas hash WebGL hash Audio hash Font enumeration Fuzzy matching Historical correlation
"visitorId": "pv_8kX2mNqR3jT7p", "confidence": 0.995, "visitorFound": true, "firstSeenAt": "2025-09-14T08:12:33Z", "lastSeenAt": "2026-02-13T14:22:01Z"
🧠
~18ms
Smart Signal Enrichment
The fingerprint is enriched with 100+ Smart Signals. Each signal is computed independently using specialized detection models — bot behavior analysis, VPN provider matching, incognito mode detection, browser tampering checks, and more.
Bot detection VPN / Proxy Incognito Tampering Emulator IP blocklist Geolocation Email intel
"signals": { "bot": { "detected": false, "type": "none" }, "vpn": { "detected": true, "provider": "NordVPN" }, "incognito": true, "tampered": false, "emulator": false, "blocklisted": false }
📊
~28ms
Behavioral Context
The request is cross-referenced against the visitor's history. Velocity counters are updated, multi-account links are evaluated, and impossible travel is checked — all in real time against your historical data.
Velocity (1h / 24h / 7d) Multi-account links Impossible travel Session history Custom metrics
"behavior": { "velocity": { "events_1h": 47, "events_24h": 312 }, "multiAccount": { "linked": 3, "sharedDevices": 2 }, "impossibleTravel": false }
~36ms
ML Risk Scoring
All signals and behavioral context are fed into Prynt's ML scoring models. Three independent scores are computed — abuse, account takeover, and bot probability — plus a weighted suspect score you can customize.
Abuse score ATO score Bot score Suspect score (weighted)
"scores": { "abuse": 0.82, "ato": 0.15, "bot": 0.03, "suspect": 76 // 0-100, weight-configurable }
<50ms
Rules Evaluation & Verdict
Your custom rules are evaluated against all enriched data. Prynt returns a deterministic verdict — ALLOW, BLOCK, or CHALLENGE — along with the matched policy name and all underlying data, delivered via API response, sealed client result, or webhook.
ALLOW CHALLENGE BLOCK
"verdict": "challenge", "policy": { "name": "VPN + High Abuse Score", "action": "challenge", "id": "pol_9a7f2c4e" }, "riskScore": 76
03
Phase 3

Act. Your rules, your way.

Configure policies in the dashboard or via API. Combine any signal, score, or velocity metric into rules that automatically allow, block, or challenge — no code changes needed.

Rules Engine

Define policies visually or via API. Each rule combines conditions (signals, scores, velocity) with an action. Rules are evaluated top-to-bottom — first match wins.

🔄

Zero Downtime Updates

Change rules in the dashboard and they take effect immediately — no deploys, no code changes, no SDK updates needed.

🧪

Rule Backtesting

Test new rules against 30 days of historical data before enabling them. See exactly how many users would be affected — zero risk to production.

📡

Monitor Mode

Enable rules in observe-only mode first. See what would be blocked without affecting real traffic. Switch to enforcement when you're confident.

Active Policies 3 RULES
Block Bot Registrations
signals.bot is true
and
event.type is "registration"
Block + add device to blocklist
Challenge VPN Logins
signals.vpn is true
and
scores.abuse > 0.5
Challenge + require MFA
Allow Trusted Devices
lists includes "trusted_devices"
and
scores.suspect < 30
Allow + skip MFA
📡

Server API

Use the /v1/events/{requestId} endpoint to retrieve full signals, scores, and verdicts server-side. Ideal for server-rendered apps and backend-driven decisions.

🔒

Sealed Client Results

Receive encrypted, tamper-proof results directly in the client SDK response. Decrypt on your server for instant access — no extra API call needed. Lowest latency option.

🔔

Webhooks

Get real-time POST notifications for every event. Route to Slack, PagerDuty, your SIEM, or custom endpoints. Configure filters to only receive the events you care about.

Integration Patterns

Fits your architecture.

Choose the integration pattern that matches your stack. Start simple, evolve as your needs grow — no migration required.

🚀
Recommended

Client + Server Verification

The most common pattern. Identify on the client, verify and retrieve full signals server-side using the request ID. Best balance of speed and security.

Browser / App Prynt Agent Prynt API Your Server
🔒

Sealed Results (Fastest)

Encrypted results returned directly to the client agent. Your server decrypts locally — no extra API call. Lowest possible latency for real-time decisioning.

Browser / App Prynt Agent Your Server (decrypt)

Custom Subdomain Proxy

Route Prynt API calls through your own domain to bypass ad blockers and content security policies. Full identification coverage, even with aggressive blocking.

Browser metrics.yoursite.com Prynt API Your Server
🔔
Advanced

Webhook-Driven (Async)

Identify on the client, receive enriched results asynchronously via webhook. Ideal for non-blocking workflows like post-registration review or analytics pipelines.

Browser / App Prynt API Webhook Your Server
Security & Privacy

Built for trust.

Prynt is designed to be secure by default and private by design. No PII required, no cross-site tracking, full compliance out of the box.

🔒

End-to-End Encryption

All signal data is encrypted client-side using AES-256 before transmission. Decryption only occurs within Prynt's secure processing environment. TLS 1.3 in transit.

🛡️

No PII Required

Prynt operates on device and browser signals only. No names, emails, or personal data are required — you control what additional context you send.

🌍

Regional Data Residency

Choose where your data lives: US, EU, or Asia-Pacific. Data never leaves your selected region. Meet data sovereignty requirements without extra configuration.

US (Virginia) EU (Frankfurt) AP (Tokyo)
📋

Full Compliance

Prynt is SOC 2 Type II certified, ISO 27001 compliant, and provides GDPR DPA and CCPA addendums. You are the data controller — Prynt acts as processor only.

SOC 2 Type II ISO 27001 GDPR CCPA
🚫

No Cross-Site Tracking

Prynt only identifies visitors within your own properties. We never track users across sites, share data between customers, or build advertising profiles.

🔄

DDoS & Surge Protection

Built-in DDoS detection and billing surge protection. If your site is attacked, Prynt absorbs the traffic without charging you for bot-generated requests.

FAQ

Common questions.

How long does integration take?
Most teams go from zero to live identification in under 5 minutes. Add the SDK (npm install @prynt/sdk), initialize with your API key, and call identify(). For server-side verification, add one API call to your backend. No model training or learning period — results are accurate from the first request.
Does it work with ad blockers?
Yes. Use our custom subdomain proxy feature to route all Prynt API calls through your own domain (e.g., metrics.yoursite.com). This bypasses ad blockers, CSP restrictions, and browser privacy extensions — giving you full coverage without asking users to disable anything.
How does Prynt identify users in incognito mode?
Prynt's fingerprinting uses hardware-level signals (Canvas, WebGL, Audio, fonts, GPU) that don't change between normal and incognito sessions. Combined with our fuzzy-matching algorithms, we can link a returning visitor to their original ID with 99.5% accuracy — even across private browsing sessions.
What happens if my site gets a traffic spike or DDoS attack?
Prynt includes automatic surge protection on all plans. Our infrastructure is designed to handle billions of monthly requests. If we detect a DDoS attack targeting your site, we absorb the traffic and will not bill you for those requests. Your legitimate traffic continues to be processed normally.
Can I use Prynt alongside my existing fraud tools?
Absolutely. Prynt is designed to complement your existing stack. Use our signals as additional inputs to your internal risk engine, SIEM, or third-party fraud platform. The Server API and webhooks make it easy to pipe data wherever you need it — no rip-and-replace required.
Is there a way to test rules before going live?
Yes — two ways. Rule backtesting lets you test against 30 days of historical data to see impact before enabling. Monitor mode lets you run rules in observe-only mode against live traffic, logging what would happen without actually blocking anyone. Switch to enforcement when you're confident.

See it in action. In 5 minutes.

Start your free trial — unlimited API calls for 14 days. No credit card.

Start Free Trial → Talk to an Engineer