Skip to content
POST AI agent ready /v1/tls/fingerprint

TLS Fingerprint API - Get Your JA3 & JA4 Hashes

Analyzes the caller's TLS connection at the Cloudflare edge and returns the negotiated TLS version, cipher suite, HTTP protocol, TCP round-trip time, JA3 hash, JA4 fingerprint string, Cloudflare bot score (1-99), and verified bot flag. No parameters required; the data comes from the live connection.

Code examples

curl -X POST https://api.botoi.com/v1/tls/fingerprint \
  -H "Content-Type: application/json" \
  -d '{}'

When to use this API

Bot detection

Compare the JA3/JA4 hash against known bot fingerprint databases. Headless browsers, scrapers, and automated tools produce different TLS fingerprints than standard browsers. Combine with the bot_score for layered detection.

Client fingerprinting for fraud prevention

Use the TLS fingerprint as a device signal in your fraud scoring model. Consistent fingerprints across sessions suggest the same client. A sudden fingerprint change on an existing account may indicate credential theft.

Zero-trust security policies

Enforce minimum TLS version and cipher requirements. Reject connections from clients negotiating TLSv1.0 or weak ciphers. Log the fingerprint for forensic analysis during incident response.

Frequently asked questions

What is a JA3 hash?
JA3 is an MD5 hash of specific fields in the TLS Client Hello message (TLS version, ciphers, extensions, elliptic curves, and elliptic curve point formats). Identical TLS implementations produce the same hash, making it useful for identifying client software.
What is JA4 and how is it different from JA3?
JA4 is a newer fingerprinting method that produces a human-readable string instead of an opaque hash. It encodes TLS version, cipher count, extension count, ALPN protocol, and sorted hash components. JA4 is more granular and harder to spoof than JA3.
Can I fingerprint a different client or URL?
No. This endpoint analyzes your own TLS connection to Cloudflare. The fingerprint data comes from the edge node handling your request. To fingerprint other clients, they need to call this endpoint themselves.
What does the bot_score mean?
The bot_score ranges from 1 (most likely a bot) to 99 (most likely a human). Scores below 30 strongly suggest automated traffic. Scores above 80 suggest a standard browser. This score is powered by Cloudflare Bot Management.
Can bots spoof their TLS fingerprint?
Sophisticated bots can modify their TLS Client Hello to mimic browser fingerprints, but it requires effort. Most commodity scrapers and headless browsers do not bother, making JA3/JA4 effective for catching the majority of automated traffic.

Get your API key

Free tier includes 5 requests per minute with no credit card required. Upgrade for higher limits.

Sign up free View full docs