# Device Fingerprinting

Device Fingerprinting (DFP) is a method of fraud protection and able to identify technical devices in an anonymized way.

Fraudsters learn to exploit the weaknesses of traditional fraud prevention tools over time. We protect businesses
from fraud and loss of revenue with that solution for innovative fraud prevention. By automatically linking
transactions, fraud can be detected in real time. And with our self-learning and adaptive software you will be
prepared to face new and upcoming fraud scenarios.

On this page we describe the procedure of DFP and how to
implement its result in the [PAYMENT_REQUEST / Authorization request](#3-use-token-in-authorization-request).

## Parameters

When implementing the DFP technology, you need to handle 2 parameters:

| Parameter | Variable Name for Script | Value |
|  --- | --- | --- |
| snippetId | `v` | Test environment: `C9rKgOt`  Live environment: Provided by Ratepay , please ask your Ratepay representative |
| token | `t` | Generated by you. See [Generate a Unique Token](#1-generate-a-unique-token) |


## Implementation Options

device fingerprinting workflow
Once the user selects payment with Ratepay, make sure that the script below gets rendered as quick as possible, and also that the request to Ratepay will contain that same token.

## 1. Generate a Unique Token

To generate a DFP you first need to create a unique token within your web shop. Ratepay recommends using a UUID v4.

Please notice: the token itself can be generated in either the backend of your web shop or in the frontend. All that matters is that the frontend uses the same that's sent on the request to Ratepay.

If not using a UUID use these characters only
`A-Z` `a-z` `0-9` `-` `_`

### Examples


```Node.js
import { v4 as uuidv4 } from 'uuid';
const token = uuidv4(); // '1b9d6bcd-bbfd-4b2d-9b5d-ab8dfbbd4bed'
```


```JavaScript
let token = crypto.randomUUID(); // '1b9d6bcd-bbfd-4b2d-9b5d-ab8dfbbd4bed'
```


```PHP
use Ramsey\Uuid\Uuid;
$token = Uuid::uuid4();
```

## 2. Include Script Into Web Page

Output the DFP JavaScript code on payment selection page, when the shopper chooses a Ratepay payment method, but as early as possible to get a sufficient latency, 4-5 seconds, between script call and end of the checkout process.

If the script is executed at the same time as the shopper clicks “Buy now” , it could be possible that Ratepay is not enabled to access the Device fingerprint data fast enough to use them during Ratepay’s risk check.

Please ensure that this script is executed only once per session (per buyer + checkout + device).

Please do not implement this on your own. Use the provided code below.

Replace the token and snippetId placeholder with the respective values.


```JavaScript
<script language="JavaScript">
    var di = document.createElement("script");
    di.setAttribute('language', 'JavaScript');
    di.innerHTML = "var di = {t:{{token}}, v:{{snippetId}}, l:'Checkout'};"
    document.getElementsByTagName("body")[0].appendChild(di);

    var script = document.createElement("script");
    script.type = "text/javascript";
    script.src = "https://d.ratepay.com/{{snippetId}}/di.js";
    document.getElementsByTagName("body")[0].appendChild(script);
</script>
<noscript><link rel="stylesheet" type="text/css" href="https://d.ratepay.com/di.css?t=${{token}}&v=${{snippetId}}&l=Checkout"></noscript>
```


```PHP
<script language="JavaScript">
    var di = {
        t:'<?php echo $token ?>',
        v:'<?php echo $snippetId ?>',
        l:'Checkout'};
</script>
<script type="text/javascript" src="https://d.ratepay.com/<?php echo $snippetId ?>/di.js"></script>
<noscript>
    <link rel="stylesheet" type="text/css" href="https://d.ratepay.com/di.css?t=<?php echo $token ?>&v=<?php echo $snippetId ?>&l=Checkout">
</noscript>
```

## 3. Use Token in Authorization Request

We as Ratepay can only access and link the device data to the corresponding transaction, when we get the generated DFP token within the authorization call/Payment Request.

### Payment API 1.8

Transfer the DFP token in the head within the field [<device-token>](/docs/developer/api_integration/payment_1.8/payment_api_documentation/api_explorer/head/customer-device/device-token) in the PAYMENT_REQUEST to Ratepay.

### Payment API 2.0

Transfer the DFP token within the field
[device.token](/apis/payment/openapi/payment_api/transaction-management/createtransaction#transaction-management/createtransaction/t=request&path=device/token) in the
Authorization request to Ratepay.