Vercel Integration Guide

Add JA4 threat intelligence to any Vercel application in minutes

Zero Config Edge Runtime Real-time Lookup

What is JA4 Fingerprinting?

Understanding TLS client fingerprinting for threat detection

JA4 is a suite of network fingerprinting methods created by Platphorm that identify clients based on their TLS handshake characteristics. Unlike IP-based blocking, JA4 fingerprints are extremely difficult to spoof and provide persistent identification of malware, bots, and threat actors.

JA4

TLS client fingerprint based on cipher suites, extensions, and supported versions

JA4H

HTTP client fingerprint from headers, cookies, and request patterns

JA4S

Server fingerprint for identifying infrastructure and C2 servers

JA4 on GitHub JA4 Database

Quick Start

Get JA4 threat intelligence running in 3 steps

Add Environment Variables

Add these variables to your Vercel project settings or .env.local file:

# .env.local
JA4DB_INGEST_URL=https://atlas.platphormnews.com/api/ingest/http
JA4DB_INGEST_TOKEN=your-token-here
JA4DB_SENSOR_NAME=my-vercel-app
JA4DB_PROJECT_ID=prj_your-project-id
JA4DB_ENVIRONMENT=production
JA4DB_SAMPLE_RATE=1.0

Advanced Usage

Lookup, blocking, and automation patterns

Query the JA4 Atlas API to get threat intelligence on any fingerprint:

// lib/ja4-lookup.ts
const JA4DB_API_URL = 'https://atlas.platphormnews.com/api'

export interface JA4LookupResult {
  fingerprint: string
  label: string | null
  application: string | null
  category: string | null
  severity: 'critical' | 'high' | 'medium' | 'low' | 'info' | null
  first_seen: string | null
  observation_count: number
  campaigns: Array<{
    name: string
    severity: string
    confidence: number
  }>
}

export async function lookupJA4(fingerprint: string): Promise<JA4LookupResult | null> {
  try {
    const response = await fetch(
      `${JA4DB_API_URL}/lookup?fingerprint=${encodeURIComponent(fingerprint)}`,
      { next: { revalidate: 3600 } } // Cache for 1 hour
    )
    
    if (!response.ok) return null
    return response.json()
  } catch {
    return null
  }
}

// Example: Check if a fingerprint is associated with known malware
export async function isMalicious(fingerprint: string): Promise<boolean> {
  const result = await lookupJA4(fingerprint)
  if (!result) return false
  return result.severity === 'critical' || result.severity === 'high'
}

API Endpoints

JA4 Atlas REST API reference

POST/api/ingest/http

Auth Required

Ingest JA4 observations from sensors

GET/api/lookup?fingerprint=...

Public

Look up threat intelligence for a fingerprint

GET/api/stats

Public

Get aggregated statistics and top fingerprints

GET/api/observations

Public

List recent observations with pagination

View Full API Documentation

Vercel Configuration

Optional vercel.json settings for production deployments

// vercel.json
{
  "headers": [
    {
      "source": "/api/(.*)",
      "headers": [
        { "key": "X-JA4-Atlas-Version", "value": "1.0.0" }
      ]
    }
  ],
  "env": {
    "JA4DB_INGEST_URL": "@ja4db-ingest-url",
    "JA4DB_INGEST_TOKEN": "@ja4db-ingest-token",
    "JA4DB_SENSOR_NAME": "@ja4db-sensor-name"
  }
}

Need Help?

GitHub Issues API Documentation Contact Support

# .env.local JA4DB_INGEST_URL=https://atlas.platphormnews.com/api/ingest/http JA4DB_INGEST_TOKEN=your-token-here JA4DB_SENSOR_NAME=my-vercel-app JA4DB_PROJECT_ID=prj_your-project-id JA4DB_ENVIRONMENT=production JA4DB_SAMPLE_RATE=1.0

// lib/ja4-lookup.ts const JA4DB_API_URL = 'https://atlas.platphormnews.com/api' export interface JA4LookupResult { fingerprint: string label: string | null application: string | null category: string | null severity: 'critical' | 'high' | 'medium' | 'low' | 'info' | null first_seen: string | null observation_count: number campaigns: Array<{ name: string severity: string confidence: number }> } export async function lookupJA4(fingerprint: string): Promise<JA4LookupResult | null> { try { const response = await fetch( `${JA4DB_API_URL}/lookup?fingerprint=${encodeURIComponent(fingerprint)}`, { next: { revalidate: 3600 } } // Cache for 1 hour ) if (!response.ok) return null return response.json() } catch { return null } } // Example: Check if a fingerprint is associated with known malware export async function isMalicious(fingerprint: string): Promise<boolean> { const result = await lookupJA4(fingerprint) if (!result) return false return result.severity === 'critical' || result.severity === 'high' }

// vercel.json { "headers": [ { "source": "/api/(.*)", "headers": [ { "key": "X-JA4-Atlas-Version", "value": "1.0.0" } ] } ], "env": { "JA4DB_INGEST_URL": "@ja4db-ingest-url", "JA4DB_INGEST_TOKEN": "@ja4db-ingest-token", "JA4DB_SENSOR_NAME": "@ja4db-sensor-name" } }

Vercel Sentinel

Vercel Sentinel

Vercel Integration Guide

JA4

JA4H

JA4S

Add Environment Variables

Vercel Sentinel

Vercel Sentinel

Vercel Sentinel

Vercel Sentinel

Vercel Integration Guide

JA4

JA4H

JA4S

Add Environment Variables