Documentation

Complete public-safe API and MCP reference for the PlatPhorm Fingerprint Service.

OpenAPI Spec

API Endpoints

Method	Endpoint	Description	Auth
GET	/api/health	Health check endpoint returning service status	Public
GET	/api/docs	OpenAPI 3.1 specification in JSON format	Public
POST	/api/v1/analysis/automation	Analyze caller-provided local summary for automation and bot likelihood signals	Public
POST	/api/v1/components/hash	Canonicalize and hash a component payload without returning raw values	Public
POST	/api/v1/compare	Compare two caller-provided local fingerprints with weighted fuzzy scoring	Public
POST	/api/v1/fingerprint	Explicitly submit a redacted fingerprint summary with consent	Future protected
GET	/api/v1/fingerprint/{id}	Retrieve a specific fingerprint by ID	Future protected
GET	/api/v1/stats/overview	Get public-safe aggregate statistics or degraded state	Public
GET	/api/v1/ja4/summary	Read JA4 digest redaction and JA4M research policy	Public
POST	/api/v1/ja4/correlate	Protected JA4 correlation; returns degraded if backend is unavailable	Future protected
POST	/api/mcp	JSON-RPC 2.0 MCP tools, resources, and prompts	Public
GET	/api/events	Server-Sent Events stream for real-time events	Future protected
POST	/api/webhooks	Receive signed webhook notifications	Future protected

Fingerprint Components

Canvas

HTML5 Canvas rendering analysis

WebGL

GPU and shader information extraction

Audio

AudioContext processing fingerprint

Navigator

Browser and platform properties

Screen

Display characteristics

Fonts

System font detection

Timezone

Timezone and locale analysis

DOMRect

Element measurement precision

Headless

Automated browser detection

Lies

API tampering detection

Resistance

Privacy tool profiling

Quick Start

// Public-safe local analysis. This does not persist data.
const localAnalysis = await fetch('/api/v1/analyze/local', {
  method: 'POST',
  headers: { 'Content-Type': 'application/json' },
  body: JSON.stringify(collectedData)
});

// Future protected redacted submission. Requires explicit consent.
const response = await fetch('/api/v1/fingerprint', {
  method: 'POST',
  headers: { 'Content-Type': 'application/json' },
  body: JSON.stringify({
    ...collectedData,
    consentedToSubmit: true
  })
});

const result = await response.json();
console.log('Storage mode:', result.data.storageMode);
console.log('Trace ID:', result.traceId);

Future protected actions use only PLATPHORM_API_KEY via Authorization: Bearer $PLATPHORM_API_KEY or X-PlatPhorm-API-Key: $PLATPHORM_API_KEY. Do not place keys in browser storage or public examples.

platphormctl

platphormctl site inspect fingerprint
platphormctl mcp validate fingerprint
platphormctl policy inspect fingerprint
platphormctl fingerprint analyze --file fingerprint.json
platphormctl fingerprint compare --left a.json --right b.json
platphormctl fingerprint ja4-summary
platphormctl browserops check https://fingerprint.platphormnews.com
platphormctl harness run developer-validation --target https://fingerprint.platphormnews.com --dry-run

PlatPhorm Network

Atlas

JA4 Threat Intelligence

Monitor

Real-time Monitoring

ThreatRelay

Threat Analysis Platform

PlatPhorm News

Network Hub