FP
FingerPrintThis
Français
How it fits

Activation & validation at a glance

These diagrams show where FingerPrintThis plugs into your licensing stack. Activation runs once per device to bind a license to hardware. Validation runs at runtime, driven by your backend, using the FingerPrintThis SDK on the device.

You remain in control of when to validate and what your app does on success or failure. We take care of how the device identity and token are computed and checked.

1. Activation flow

A one-time flow that binds a license to a physical device. You call us from your backend, we handle the email + PIN, device fingerprinting and token issuance.

Activation — from license to device token

Developer backend triggers activation → user downloads the FingerPrintThis app → hardware is fingerprinted and a token is installed locally.

Activation process diagram
  1. Your backend calls the FingerPrintThis API with email, a license_id and your download URL for the app.
  2. FingerPrintThis sends the user an email with a one-shot PIN and a link to the FingerPrintThis download page.
  3. The user downloads the FingerPrintThis app, runs it, and enters the PIN.
  4. The app fingerprints the device and sends the result plus the PIN to the FingerPrintThis service.
  5. We bind (developer, license_id, device_id), create a signed token + validation key, and return them to the app.
  6. The app installs the token/key locally and opens your download page so the user can install your app.
  7. Your backend marks that device as licensed using the device_id and token we returned.

2. Runtime validation & refresh

At runtime, your app talks to your backend. The backend calls FingerPrintThis to confirm that the current device matches the one you activated and to renew tokens when necessary.

Validation flow (SDK on device, your backend in control)

On each launch (or whenever you decide), your app asks the local SDK to validate the token, and your backend talks to FingerPrintThis only when an online check is required.

Validation process with SDK diagram
  1. Your app starts and calls fpt_sdk.validate_token_locally(token).
  2. If the token is valid and not expired, the SDK reports Licensed (offline OK).
  3. If an online check is needed, your app calls fpt_sdk.build_validation_payload(license_id). The payload includes a fresh fingerprint, device_id, token and proof.
  4. Your backend receives the payload from the app and forwards it to FingerPrintThis via a backend-to-backend endpoint.
  5. FingerPrintThis compares the new fingerprint with the registered device_id, checks the binding, and returns a status plus an optional new token.
  6. Your backend translates the result into something app-friendly, returns it to your app, and passes down the new token if present.
  7. The app calls fpt_sdk.install_token(new_token) when applicable, and continues or blocks based on your own licensing rules.