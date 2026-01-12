Ephemeral IDs let you detect fraud patterns that evade traditional IP-based detection. This tutorial will show you how to log Ephemeral IDs, detect suspicious patterns, and block bad actors.
Attackers often create hundreds of fake accounts to abuse promotions, rotate through proxy pools to avoid IP-based rate limiting, and use real browsers to evade basic bot detection.
Traditional IP-based detection fails because each request appears to come from a different address. Ephemeral IDs solve this by identifying the underlying client device, even when IP addresses change.
Create a table to store events with Ephemeral IDs.
2. Extract and log Ephemeral IDs
When you call Siteverify, the Ephemeral ID is returned in the
metadata field. Log it with every protected action.
3. Use it in your sign up flow
Run the following query periodically (for example, every five minutes) to find suspicious Ephemeral IDs:
When you find suspicious IDs, block them:
5. Investigate and take action
When you ban accounts for abuse, find other accounts from the same device:
Bulk-flag accounts for review:
- Log immediately: Capture the Ephemeral ID right when you call Siteverify.
- Silent rejection: When blocking fraud, return generic errors. Never reveal that you detected the device.
- Tune thresholds: Start conservative (for example, three sign ups per hour) with the query and adjust based on your traffic.
- Combine signals: Use Ephemeral IDs alongside IP reputation and behavior analytics.