Docs
  • What We Do
  • Supported Countries, Payment Methods, and Cryptocurrencies
  • Getting Started
  • Integration Guides
    • API
      • Required Headers
      • Create a User
      • Assign a Deposit Address
      • KYC
      • Link and Verify a Bank Account
        • Re-link Bank Account
        • Update Bank Account
        • Delete Bank Account
      • Transaction Limits
      • Buy Crypto (ACH)
      • Transaction Monitoring
      • Transaction History
    • React Native
      • Installation
      • Session Token and Wallet Signing
      • Preset Order Details
      • Example
      • Reference
      • Release History
      • User experience
        • Sign up
        • Sign in
        • Buy crypto
        • Settings & activity
    • React JS (Beta)
      • Installation
      • Session Token and Wallet Signing
      • Preset Orders
      • Callbacks
      • Theming
      • Example
      • Reference
      • Release History
  • API Reference
    • Endpoints
      • Auth
        • Crypto Wallet
        • Email OTP
        • SMS OTP
      • Activity
      • Bank
      • Client
      • Config
      • Crypto
      • Users
      • Wallets
      • Webhook Registrations
    • Custom Headers
    • Error Codes
    • Types Glossary
    • Postman
    • Open API Specification
    • Webhooks
  • Design Reference
    • UI/UX Starter kit
    • UI Requirements
  • Guides
    • Sandbox Testing
    • User Authentication
    • Link a new Signing Wallet to an Existing User
    • Plaid Bank Linking
      • Plaid OAuth Support
    • Client Dashboard (Alpha)
  • User Support Reference
    • User Account Flags
      • KYC Review
      • Transaction Processing
      • NSFs and Returned Payments
      • Fraud
    • Transactional Emails
Powered by GitBook
On this page

Was this helpful?

  1. Integration Guides
  2. API

Required Headers

Device Intelligence

To enhance the security and fraud prevention of our API, we require that you include a ratio-device-fingerprint header in your API calls. This information helps us to protect user accounts by detecting anomalous behaviour.

The ratio-device-fingerprint header must be a base64 encoding of a stringified JSON object that contains the following fields:

  • ip: IP address of the request

  • Browser-based implementations:

    • userAgent: The user agent of the browser that is interacting with your website.

  • Mobile-based implementations:

    • os: The operating system on which application is running. (e.g. iOS, Android)

    • osVersion: The operating system version on which application is running. (e.g. 10.3.1, 7.1.1)

    • deviceManufacturer: The manufacturer of the device on which application is running. (e.g. Samsung, Apple, LG)

    • deviceModel: The model of the device on which application is running. (e.g. SM-G920x, iPhone8,1)

    • deviceUniqueId: The unique ID of the device on which application is running. For iOS, send the IFV identifier. For Android, send the Android ID.

For example, a browser-based request from a Windows 10 machine using Chrome would have a header like this:

ratio-device-fingerprint: eyJpcCI6IjE5Mi4xNjguMC4xIiwidXNlckFnZW50IjoiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzk0LjAuNDYwNi4xMjEgU2FmYXJpLzUzNy4zNiJ9

The stringified JSON object before encoding is:

"{\"ip\":\"192.168.0.1\",\"userAgent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.121 Safari/537.36\"}"

A device-based request from an Android phone using Samsung Galaxy S21 would have a header like this:

ratio-device-fingerprint: eyJpcCI6IjE5Mi4xNjguMC4yIiwib3MiOiJBbmRyb2lkIiwib3NWZXJzaW9uIjoiMTEiLCJkZXZpY2VNYW51ZmFjdHVyZXIiOiJTYW1zdW5nIiwiZGV2aWNlTW9kZWwiOiJHYWxheHkgUzIxIiwiZGV2aWNlVW5pcXVlSWQiOiJhYmNkMTIzNC1lZmdoLTU2NzgtaWprbC03ODkwIn0=

The stringified JSON object before encoding is:

"{\"ip\":\"192.168.0.2\",\"os\":\"Android\",\"osVersion\":\"11\",\"deviceManufacturer\":\"Samsung\",\"deviceModel\":\"Galaxy S21\",\"deviceUniqueId\":\"abcd1234-efgh-5678-ijkl-7890\"}"

Please note that the stringified JSON object must be valid and well-formed.

PreviousAPINextCreate a User

Last updated 2 years ago

Was this helpful?