Skip to content
Documentation

Proxy Integrations

Run fingerprint API traffic through a first-party subdomain on your domain. Edge proxies defeat ad blockers, improve collection rates, and keep requests same-origin.

Back to main docs

What first-party proxying does

Instead of calling api.lrdefender.lightningresearch.ai directly from the browser, you route requests through a subdomain you control — for example fp.yourdomain.com. The edge proxy forwards only the fingerprint API paths below to LRDefender, adding your API key and client IP headers server-side.

Supported proxy paths

  • /api/device-id
  • /api/fingerprint
  • /api/device-recall
  • /api/health
  • /api/challenge/verify

integrations/cloudflare-worker/

Cloudflare Worker

Deploy an edge worker on a first-party subdomain (for example fp.yourdomain.com) that transparently proxies fingerprint traffic to LRDefender. Requests appear same-origin to the browser, which helps bypass ad blockers and third-party cookie restrictions.

Installation & deployment

  1. 1.Copy integrations/cloudflare-worker/ into your Cloudflare Workers project.
  2. 2.Set LR_DEFENDER_API_KEY as a Worker secret: wrangler secret put LR_DEFENDER_API_KEY
  3. 3.Optionally override LR_DEFENDER_ENDPOINT in wrangler.toml [vars].
  4. 4.Deploy: wrangler deploy
  5. 5.Route your first-party subdomain (e.g. fp.example.com) to the worker.
  6. 6.Point the browser SDK endpoint at https://fp.example.com instead of the LRDefender API host.

Environment variables

LR_DEFENDER_ENDPOINT

Upstream API base URL (default: https://api.lrdefender.lightningresearch.ai)

LR_DEFENDER_API_KEY

Your LRDefender API key, injected as X-API-Key on proxied requests

integrations/cloudflare-worker/config
# wrangler.toml
name = "lr-defender-proxy"
main = "index.js"

[vars]
LR_DEFENDER_ENDPOINT = "https://api.lrdefender.lightningresearch.ai"

# Secret (not in wrangler.toml):
# wrangler secret put LR_DEFENDER_API_KEY

integrations/aws-lambda-edge/

AWS Lambda@Edge

Attach a Lambda@Edge function to your CloudFront distribution so fingerprint requests on your first-party subdomain are proxied to LRDefender at the edge. Ideal when you already serve your app through CloudFront and want sub-50ms edge routing.

Installation & deployment

  1. 1.Copy integrations/aws-lambda-edge/index.js into your Lambda@Edge deployment package.
  2. 2.Create a Lambda function in us-east-1 (required for Lambda@Edge).
  3. 3.Set environment variables LR_DEFENDER_HOST and LR_DEFENDER_API_KEY on the function.
  4. 4.Publish a new version and associate the function with CloudFront viewer-request or origin-request events.
  5. 5.Map your first-party subdomain (e.g. fp.example.com) to the CloudFront distribution.
  6. 6.Configure the SDK to use https://fp.example.com as the endpoint.

Environment variables

LR_DEFENDER_HOST

Upstream API hostname (default: api.lrdefender.lightningresearch.ai)

LR_DEFENDER_API_KEY

Your LRDefender API key, sent as X-API-Key on every proxied request

integrations/aws-lambda-edge/config
# Lambda environment variables
LR_DEFENDER_HOST=api.lrdefender.lightningresearch.ai
LR_DEFENDER_API_KEY=lr_live_xxxxxxxx

# CloudFront behavior: associate Lambda@Edge on viewer-request
# for paths matching /api/device-id, /api/fingerprint, etc.

integrations/vercel-middleware/

Vercel Middleware

Add edge middleware to a Next.js or Vercel-hosted project so fingerprint API paths on your own domain are forwarded to LRDefender. No separate worker infrastructure — the proxy runs in Vercel's edge network alongside your app.

Installation & deployment

  1. 1.Copy integrations/vercel-middleware/middleware.js into your project as middleware.ts (or merge with existing middleware).
  2. 2.Set LR_DEFENDER_ENDPOINT and LR_DEFENDER_API_KEY in your Vercel project environment variables.
  3. 3.Deploy to Vercel — the matcher config limits the middleware to fingerprint API paths only.
  4. 4.Point the browser SDK endpoint at your Vercel app origin (same domain as your site).

Environment variables

LR_DEFENDER_ENDPOINT

Upstream API base URL (default: https://api.lrdefender.lightningresearch.ai)

LR_DEFENDER_API_KEY

Your LRDefender API key, injected as X-API-Key on proxied requests

integrations/vercel-middleware/config
// middleware.ts — merge with existing middleware if needed
export { default, config } from './integrations/vercel-middleware/middleware';

// Vercel project env:
// LR_DEFENDER_ENDPOINT=https://api.lrdefender.lightningresearch.ai
// LR_DEFENDER_API_KEY=lr_live_xxxxxxxx

After deploying a proxy, update your SDK or collector configuration to use your first-party subdomain as the endpoint. The proxy handles authentication — do not expose your long-lived API key in browser code when using server-minted collector sessions.

Continue to Quick Start