Docs
  • What We Do
  • Supported Countries, Payment Methods, and Cryptocurrencies
  • Getting Started
  • Integration Guides
    • API
      • Required Headers
      • Create a User
      • Assign a Deposit Address
      • KYC
      • Link and Verify a Bank Account
        • Re-link Bank Account
        • Update Bank Account
        • Delete Bank Account
      • Transaction Limits
      • Buy Crypto (ACH)
      • Transaction Monitoring
      • Transaction History
    • React Native
      • Installation
      • Session Token and Wallet Signing
      • Preset Order Details
      • Example
      • Reference
      • Release History
      • User experience
        • Sign up
        • Sign in
        • Buy crypto
        • Settings & activity
    • React JS (Beta)
      • Installation
      • Session Token and Wallet Signing
      • Preset Orders
      • Callbacks
      • Theming
      • Example
      • Reference
      • Release History
  • API Reference
    • Endpoints
      • Auth
        • Crypto Wallet
        • Email OTP
        • SMS OTP
      • Activity
      • Bank
      • Client
      • Config
      • Crypto
      • Users
      • Wallets
      • Webhook Registrations
    • Custom Headers
    • Error Codes
    • Types Glossary
    • Postman
    • Open API Specification
    • Webhooks
  • Design Reference
    • UI/UX Starter kit
    • UI Requirements
  • Guides
    • Sandbox Testing
    • User Authentication
    • Link a new Signing Wallet to an Existing User
    • Plaid Bank Linking
      • Plaid OAuth Support
    • Client Dashboard (Alpha)
  • User Support Reference
    • User Account Flags
      • KYC Review
      • Transaction Processing
      • NSFs and Returned Payments
      • Fraud
    • Transactional Emails
Powered by GitBook
On this page

Was this helpful?

  1. API Reference

Custom Headers

ratio-device-fingerprint

As part of our fraud prevention program, we require that you include a ratio-device-fingerprint header in your API calls. This header allows us to perform a user device risk assessment based on various attributes of the device that is making the request.

The ratio-device-fingerprint header must be a base64 encoding of a stringified JSON object that contains the following fields:

  • ip: IP address of the request

  • Browser-based implementations:

    • userAgent: The user agent of the browser that is interacting with your website.

  • Mobile-based implementations:

    • os: The operating system on which application is running. (e.g. iOS, Android)

    • osVersion: The operating system version on which application is running. (e.g. 10.3.1, 7.1.1)

    • deviceManufacturer: The manufacturer of the device on which application is running. (e.g. Samsung, Apple, LG)

    • deviceModel: The model of the device on which application is running. (e.g. SM-G920x, iPhone8,1)

    • deviceUniqueId: The unique ID of the device on which application is running. For iOS, send the IFV identifier. For Android, send the Android ID.

For example, a browser-based request from a Windows 10 machine using Chrome would have a header like this:

ratio-device-fingerprint: eyJpcCI6IjE5Mi4xNjguMC4xIiwidXNlckFnZW50IjoiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzk0LjAuNDYwNi4xMjEgU2FmYXJpLzUzNy4zNiJ9The stringified JSON object before encoding is:"{\"ip\":\"192.168.0.1\",\"userAgent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.121 Safari/537.36\"}"

A device-based request from an Android phone using Samsung Galaxy S21 would have a header like this:

ratio-device-fingerprint: eyJpcCI6IjE5Mi4xNjguMC4yIiwib3MiOiJBbmRyb2lkIiwib3NWZXJzaW9uIjoiMTEiLCJkZXZpY2VNYW51ZmFjdHVyZXIiOiJTYW1zdW5nIiwiZGV2aWNlTW9kZWwiOiJHYWxheHkgUzIxIiwiZGV2aWNlVW5pcXVlSWQiOiJhYmNkMTIzNC1lZmdoLTU2NzgtaWprbC03ODkwIn0=The stringified JSON object before encoding is:"{\"ip\":\"192.168.0.2\",\"os\":\"Android\",\"osVersion\":\"11\",\"deviceManufacturer\":\"Samsung\",\"deviceModel\":\"Galaxy S21\",\"deviceUniqueId\":\"abcd1234-efgh-5678-ijkl-7890\"}"Please note that the stringified JSON object must be valid and well-formed.

PreviousWebhook RegistrationsNextError Codes

Last updated 1 year ago

Was this helpful?