Skip to main content
tracenow is a fraud intelligence API. It evaluates the signals attached to any user action — IP address, email, phone number, device fingerprint — and returns a verdict: allow, challenge, or deny. You configure the policies. tracenow does the enrichment and the evaluation in real time, on every request.

What you get

Trace

One call. All signals evaluated in parallel. A single verdict your backend can act on immediately.

Device fingerprinting

A browser snippet that identifies devices, detects headless browsers and automation, and enforces single-use token replay protection.

How to get started

1

Get your API keys

Go to tracenow.io/dashboard, create an account, and grab your secret key (tn_live_...) and publishable key (pk_live_...).
2

Add the snippet to your frontend

Load trace.min.js and call tracenow.identify() before the user submits a form. This gives you a device token you can send with every request. See Frontend integration.
3

Call /trace from your backend

On login, signup, checkout — any checkpoint — POST the user’s IP, email, and device token to /trace. Get a verdict back in milliseconds. See Server-side integration.
4

Configure your policies

Define what challenge and deny mean for your app — Tor exit nodes, disposable emails, headless browsers, velocity anomalies. Set them in the dashboard under Guard.

Authentication

All server-side endpoints require a Bearer secret key. The device endpoints use a publishable key that is safe to expose in browser code. 
Authorization: Bearer tn_live_xxxxxxxxxxxxxxxxxxxx
See Authentication for details.

Base URL

https://api.tracenow.io