Identifying users in hybrid app frameworks

User identification in Capacitor, Cordova, PhoneGap and other hybrid app frameworks


FingerprintJS Pro was designed for fraud detection in the browser, but Pro can also accurately identify users in apps built with Adobe PhoneGap, Ionic Capacitor, Apache Cordova, and other hybrid app development frameworks.

How to Install FingerprintJS on a Hybrid App

1 - Sign up for a free subscription, or log in to your FingerprintJS account if you have one.
2 - Follow the directions on our quick start guide to install our Javascript agent using the NPM package method but NOT the CDN method. The agent needs to be added to your JavaScript, not to an HTML page.
3 - Copy/paste this terminal command to add our NPM package to your project:

npm install @fingerprintjs/fingerprintjs-pro

If you use Yarn it will look like this:

yarn add @fingerprintjs/fingerprintjs-pro

4 - Add the JavaScript agent code to your JavaScript codebase. It will pull identification signals from your app’s webview interface:

import FingerprintJS from '@fingerprintjs/fingerprintjs-pro'

const fpPromise = FingerprintJS.load({ token: 'your-browser-token' })

// When you need the visitor identifier:
fpPromise
  .then(fp => fp.get())
  .then(result => console.log(result.visitorId))
const FingerprintJS = require('@fingerprintjs/fingerprintjs-pro')

const fpPromise = FingerprintJS.load({ token: 'your-browser-token' })

// When you need the visitor identifier:
fpPromise
  .then(fp => fp.get())
  .then(result => console.log(result.visitorId))

Note that you should replace ‘your-browser-token’ with the alphanumeric “Browser token” code from your customer dashboard:

Screenshot of where to find your browser tokenScreenshot of where to find your browser token

Screenshot of where to find your browser token

5 - Continue the quick start guide instructions for subdomain integration, webhooks, server API queries, and tagging requests. There are no special considerations for enabling these features in hybrid apps.

Pro features that are compatible with hybrid apps

Apps that work through hybrid environments use webviews, which are similar to browsers in that they use HTML, CSS, and JavaScript to show content and controls to the user. The FingerprintJS Pro JavaScript agent can collect enough attributes through webviews for us to create a visitorID. Most FingerprintJS Pro functions, like webhooks and geolocation, work as expected in this environment.

Other considerations

  • If one of our tokens is stolen, request filtering cannot stop a thief from using that token on their own app. This is because our filtering system checks requests against a blacklist of suspect origins or a limited whitelist of acceptable origins, and the default origin in many hybrid app webviews is "localhost." So from our perspective all requests look like they’re coming from the same origin. We also filter HTTP headers using specified rules, but like origins, the headers of different webviews look the same, so the rules aren’t effective. A developer can change the webview origin or header, but then the thief can do the same. If you suspect your token was stolen, reach out to [email protected].
  • FingerprintJS Pro needs an internet connection to create and match visitorIDs. We cannot store information while the device is offline and send it to our server when the device turns the Internet back on.
  • The app’s webview and the device’s browser are separate environments. In cases where the webview and browser share many attributes, our system can assign a single visitorID to both environments, but we cannot guarantee a consistent match.

Compliance and support

FingerprintJS Pro is fully compliant with GDPR and CCPA when used to detect and prevent fraud.

For specific questions about how FingerprintJS Pro could work for your hybrid app, reach out to [email protected].


Did this page help you?