GET /v1/events/:requestId

Retrieve full event details including all signals.

Endpoint

text
GET https://api.fingerprintiq.com/v1/events/:requestId

This is a Server API endpoint. It requires a secret API key (fiq_secret_*) and must only be called from your backend, never from client-side code.

Authentication

Include your secret key in the Authorization header:

text
Authorization: Bearer fiq_secret_your_key_here

Path Parameters

requestId string required

The requestId returned from the identify endpoint.

Response

Returns the full event with all client and server signals.

json
{
  "requestId": "req_01hns3k6tez83695a6t7",
  "visitorId": "iq_01hns3k6tez83695a6t714s6n1",
  "confidence": 0.97,
  "botProbability": 0.05,
  "suspectScore": 0,
  "linkedId": "user_123",
  "tag": { "page": "checkout" },
  "suspect": false,
  "ip": "203.0.113.42",
  "url": "https://yoursite.com/checkout",
  "referrer": "https://yoursite.com/",
  "verdicts": {
    "bot": { "result": false, "probability": 0.05 },
    "vpn": { "result": false, "confidence": 0.92 },
    "tor": { "result": false },
    "proxy": { "result": false },
    "incognito": { "result": false },
    "tampering": { "result": false, "anomalyScore": 0 },
    "headless": { "result": false },
    "virtualMachine": { "result": false },
    "devtools": { "result": false },
    "privacyBrowser": { "result": false, "name": null },
    "highActivity": { "result": false },
    "ipBlocklist": { "result": false },
    "velocity": {
      "distinctIp": { "5m": 1, "1h": 1, "24h": 2 },
      "distinctCountry": { "5m": 1, "1h": 1, "24h": 1 },
      "events": { "5m": 1, "1h": 3, "24h": 15 }
    }
  },
  "signals": {
    "client": {
      "canvas": { "hash": "a3f2b1c4...", "isFarbled": false },
      "webgl": { "renderer": "ANGLE (Apple, ANGLE Metal Renderer: Apple M4)", "vendor": "Google Inc. (Apple)" },
      "... all 41 client signals"
    },
    "server": {
      "asn": { "asn": 7922, "org": "Comcast", "category": "RESIDENTIAL_ISP", "isDatacenter": false },
      "geo": { "country": "US", "city": "New York", "rttCoherence": 1.0 },
      "tls": { "cipher": "AEAD-AES256-GCM-SHA384", "version": "TLSv1.3", "ja4": "t13d..." },
      "vpnDetection": { "verdict": "not_detected", "confidence": 0.92 },
      "http": { "fingerprint": "...", "classification": "chrome" },
      "... full server signals"
    }
  },
  "timestamp": 1712000003000,
  "createdAt": "2026-04-11T08:00:03.000Z"
}

json
{
  "error": "Event not found"
}

Response Fields

requestId string

Unique event identifier.

visitorId string

Stable device identifier.

confidence number

Signal confidence score from 0.0 to 1.0. Low values indicate that many signals failed to collect, which may itself indicate a bot or privacy tool.

botProbability number

Bot likelihood score from 0.0 to 1.0. Combines datacenter ASN, headless markers, software renderer, API tampering, and UA/TLS mismatch indicators.

verdicts object

Boolean detection verdicts for bot, VPN, tor, proxy, incognito, tampering, headless, VM, devtools, privacy browser, high activity, IP blocklist, and velocity.

signals object

Full signal data — only available via Server API, never returned client-side.

linkedId string

Customer-provided identifier, if set.

tag object

Customer-provided metadata, if set.

suspect boolean

Whether this event was manually flagged as suspect.

timestamp number

Unix timestamp (milliseconds) when this event occurred.

createdAt string

ISO 8601 timestamp when the event was stored.

Error Responses

StatusMeaning
401Missing or invalid secret API key
404Event not found or belongs to a different customer
Ask a question... ⌘I