API Reference
Anti-Fraud API
Four endpoints. Device identification, event history, signal inspection, and server-side verification. Everything you need to stop fraud at the device level.
Endpoints
/v1/identifySubmit device signals and receive a visitor ID with confidence score, risk assessment, and bot detection results.
Request
POST /v1/identify HTTP/1.1Host: api.tracio.aiAuthorization: Bearer ak_live_***Content-Type: application/json{ "requestId": "req_abc123", "signals": "<encrypted_payload>", "metadata": { "url": "https://example.com/login", "linkedId": "user_42" }}Response
{ "requestId": "req_abc123", "visitorId": "v_8f2k4nQ7xR", "confidence": 0.994, "visitorFound": true, "firstSeenAt": "2026-02-01T08:11:00Z", "lastSeenAt": "2026-03-16T14:22:01Z", "riskScore": 0.12, "bot": { "detected": false, "probability": 0.02, "type": null }, "ip": "203.0.113.42", "ipLocation": { "city": "Berlin", "country": "DE" }}/v1/eventsRetrieve identification event history for a visitor or request. Supports filtering by date range, linked ID, and pagination.
Request
GET /v1/events?visitor_id=v_8f2k4nQ7xR&limit=10 HTTP/1.1Host: api.tracio.aiAuthorization: Bearer ak_live_***Response
{ "events": [ { "requestId": "req_abc123", "timestamp": "2026-03-16T14:22:01Z", "url": "https://example.com/login", "ip": "203.0.113.42", "linkedId": "user_42", "confidence": 0.994 }, { "requestId": "req_def456", "timestamp": "2026-03-16T10:15:33Z", "url": "https://example.com/checkout", "ip": "203.0.113.42", "linkedId": "user_42", "confidence": 0.991 } ], "paginationKey": "eyJ0IjoiMjAy..."}/v1/signalsRetrieve the raw signal breakdown for a specific request ID. Returns all collected signals with uniqueness and stability scores.
Request
GET /v1/signals?request_id=req_abc123 HTTP/1.1Host: api.tracio.aiAuthorization: Bearer ak_live_***Response
{ "requestId": "req_abc123", "signals": { "canvas": { "hash": "a7f2c8d1...", "uniqueness": 0.92, "tier": 1 }, "webgl": { "hash": "b3e4f5a6...", "uniqueness": 0.88, "tier": 1 }, "audio": { "hash": "c9d0e1f2...", "uniqueness": 0.71, "tier": 1 }, "fonts": { "hash": "d5a6b7c8...", "uniqueness": 0.65, "tier": 2 }, "screen": { "value": "1920x1080", "uniqueness": 0.31, "tier": 3 } }, "totalSignals": 146, "collectionTime": "48ms"}/v1/verifyServer-side verification of a request ID. Confirms the identification was legitimate and returns sealed results for tamper-proof validation.
Request
POST /v1/verify HTTP/1.1Host: api.tracio.aiAuthorization: Bearer ak_live_***Content-Type: application/json{ "requestId": "req_abc123"}Response
{ "requestId": "req_abc123", "verified": true, "visitorId": "v_8f2k4nQ7xR", "confidence": 0.994, "sealedResult": "eyJhbGciOiJFUzI1Ni...", "timestamp": "2026-03-16T14:22:01Z"}Authentication
All API requests require a Bearer token in the Authorization header. API keys are scoped to specific endpoints and can be restricted by IP.
# API Key Formatak_live_*** # Production keyak_test_*** # Test/sandbox key# UsageAuthorization: Bearer ak_live_your_key_here# Key Scoping (set via Dashboard)- identify: Can call /v1/identify- events: Can call /v1/events- signals: Can call /v1/signals- verify: Can call /v1/verify- admin: Can manage keys and workspace settingsRate Limits
Rate limits are per API key. Headers include X-RateLimit-Limit, X-RateLimit-Remaining, and Retry-After.
| Plan | /identify | /events | /signals | /verify |
|---|---|---|---|---|
| Free | 100/day | 100/day | 50/day | 100/day |
| Pro | 1,000/min | 1,000/min | 500/min | 1,000/min |
| Enterprise | 10,000/min | 10,000/min | 5,000/min | 10,000/min |
Error Codes
All errors return a JSON body with code, message, and details fields.
Error Response Format
{ "error": { "code": 429, "message": "Rate limit exceeded", "details": "1000 requests per minute limit reached for this API key", "retryAfter": 12 }}Start Building
Get your API key and make your first identification request in under 5 minutes.