Sentinel — Server-side caller classification
Sentinel
Classify every API caller without requiring them to identify themselves. Sentinel inspects TLS fingerprints, header ordering, and request patterns to determine if a caller is a browser, AI agent, CLI tool, or bot.
Install
bashnpm install @fingerprintiq/server
Hono middleware
typescriptimport { Hono } from 'hono'; import { sentinel } from '@fingerprintiq/server/hono'; const app = new Hono(); app.use('/api/*', sentinel({ apiKey: 'fiq_live_...', })); app.get('/api/data', (c) => { const caller = c.get('sentinel'); console.log(caller?.callerType); // "AI_AGENT", "CLI_TOOL", etc. return c.json({ ok: true }); });
Programmatic usage
typescriptimport { createSentinel } from '@fingerprintiq/server'; const client = createSentinel({ apiKey: 'fiq_live_...' }); const result = await client.inspect(request); console.log(result.callerType); // "CLI_TOOL" console.log(result.callerConfidence); // 0.85 console.log(result.classification.library); // "curl"
Caller types
| Type | What it means |
|---|---|
| BROWSER_HUMAN | Real browser, human timing |
| BROWSER_AUTOMATED | Real browser, bot timing (Puppeteer, Playwright) |
| AI_AGENT | Agent framework (LangChain, CrewAI, AutoGen) |
| CLI_TOOL | Command-line tool (curl, httpie, wget) |
| SDK_CLIENT | Server-side SDK (python-requests, node-fetch) |
| BOT_SCRAPER | Web scraper or crawler |
| UNKNOWN | Not enough signals to classify |
Live demo
Try it at sentinel-demo.fingerprintiq.com