Getting Started
This guide will help you integrate Noxtica fingerprinting into your web application in just a few minutes.
Prerequisites
- A Noxtica account (request access via contact)
- Your Site Key (provided after account setup)
Quick Integration
Once your account is set up and you have your Site Key, add our collector to your HTML:
Automatic Collection (Recommended)
The simplest way to integrate Noxtica is with auto-initialization using run-once mode:
<script
src="https://collect.noxtica.com/collector/noxtica-collector.js"
data-site-key="pk_prod_your_site_key_here"
data-auto-init
data-auto-check-once
async
></script>
This will:
- Collect and submit a fingerprint on the first visit
- Reuse the cached result for subsequent visits within the TTL (default: 7 days)
- Automatically record lightweight visits without re-collecting
- Use cross-tab locking to prevent duplicate submissions
Results are available via:
// Listen for results
document.addEventListener('noxtica:collected', function (e) {
console.log('Fingerprint collected:', e.detail);
console.log('Risk score:', e.detail.score);
console.log('Risk level:', e.detail.risk_level);
});
// Or access directly after collection
console.log(window.noxticaResult);
Manual Collection
For more control, use the JavaScript API:
<script src="https://collect.noxtica.com/collector/noxtica-collector.js"></script>
<script>
// Create a client with your Site Key
const client = NoxticaCollector.createClient({
siteKey: 'pk_prod_your_site_key_here',
});
// Collect and submit in one call
client.collectAndSubmit().then((result) => {
console.log('Risk score:', result.score);
console.log('Risk level:', result.risk_level);
console.log('Flags:', result.flags);
});
</script>
Smart Collection with checkOnce()
For optimal performance, use checkOnce() which respects the server-configured collection interval:
const client = NoxticaCollector.createClient({
siteKey: 'pk_prod_your_site_key_here',
});
// Only collects if outside the check interval window (default: 7 days)
// Otherwise records a visit and returns cached result
const result = await client.checkOnce();
if (result.fromCache) {
console.log('Using cached result, next collection in:', result.nextSubmitIn, 'days');
} else {
console.log('Fresh collection submitted');
}
console.log('Risk level:', result.risk_level);
Site Keys
Your Site Key (pk_...) is a public identifier that authenticates requests from your domain. Each domain you add in the Backoffice gets a unique Site Key.
Important notes:
- Site Keys are public and can safely be embedded in your HTML
- Each Site Key is tied to a specific origin (e.g.,
https://example.com) - The API will reject requests where the origin doesn’t match the Site Key’s registered domain
Configuration Options
const client = NoxticaCollector.createClient({
// Your Site Key (required)
siteKey: 'pk_prod_your_site_key_here',
// API endpoint (defaults to production)
apiUrl: 'https://collect.noxtica.com',
// Collection mode: 'max' (default), 'standard', or 'minimal'
// Omit to use max mode (recommended)
// mode: 'standard', // Uncomment to opt out of max-only signals
});
Collection Modes
| Mode | Signals | Best For |
|---|---|---|
minimal | Canvas, WebGL, basic browser info | Fast collection, low entropy needs |
standard | All signals except WebRTC | Sites that need to avoid WebRTC/speech/keyboard |
max | All signals including WebRTC, speech, keyboard | Maximum accuracy (default) |
Response Format
After collecting and submitting, you receive:
{
"success": true,
"fingerprintId": "abc123...",
"score": 15,
"risk_level": "minimal",
"confidence": 0.5,
"flags": [],
"details": {
"summary": "Detected 0 risk indicator(s)."
}
}
Risk Levels
| Score | Level | Meaning |
|---|---|---|
| 0-19 | minimal | Very low risk, likely legitimate |
| 20-39 | low | Low risk, minor anomalies |
| 40-59 | medium | Moderate risk, some flags |
| 60-79 | high | High risk, likely automation |
| 80-100 | critical | Very high risk, confirmed bot |
Token Lifecycle
Behind the scenes, the SDK:
- Requests a short-lived token from
/client/tokenusing your Site Key - Tokens are valid for 5 minutes after issuance
- The SDK caches tokens and automatically refreshes when needed
- Submissions include the token for authentication
You don’t need to manage tokens manually - the SDK handles this automatically.
Onboarding Process
- Request access: Contact us to request a demo or get started
- Account setup: We create your tenant account in the platform
- Add domains: Log into Backoffice, go to Domains, and add your origins
- Copy Site Key: Each domain gets a unique Site Key
- Integrate: Add the script with your Site Key to your pages
- Monitor: View fingerprints and analytics in the Backoffice dashboard
Managing Multiple Domains
Noxtica supports multiple domains per account:
- Production:
https://www.yoursite.com - Staging:
https://staging.yoursite.com - Mobile:
https://m.yoursite.com
Each domain has its own Site Key. You can:
- Enable/disable domains without regenerating keys
- Rotate Site Keys if compromised
- View analytics filtered by domain
SDK Version
Current SDK version: 3.2.0 (Schema: 2026-01-10)
Next Steps
- Try the live demo to see fingerprinting in action
- Read the Backend Integration guide for server-side lookups
- Access the dashboard to explore collected data