Endpoint Reference

Request/response schemas for all 11 Admin API endpoints.

Users

GET/admin/users

List all tracked users with aggregated stats, sorted by event count.

Parameters

Name	Type	Description
`limit`	query (int)	Max results, default 100

Response Shape

{
  "total": 342,
  "users": [{
    "userId": "user_2abc...",
    "totalEvents": 127,
    "uniqueFingerprints": 3,
    "uniqueDomains": 2,
    "avgRiskScore": 12.5,
    "lastSeen": "2026-03-22T..."
  }]
}

GET/admin/users/{userId}

Full detail for a specific user: events (max 100), all associated fingerprints and domainprints.

Parameters

Name	Type	Description
`userId`	path	User identifier

Response Shape

{
  "userId": "user_2abc...",
  "events": [...],  // max 100
  "fingerprints": ["fp1", "fp2"],
  "domainprints": ["dp1"],
  "stats": {
    "totalEvents": 127,
    "uniqueFingerprints": 3,
    "firstSeen": "...",
    "lastSeen": "...",
    "avgRiskScore": 12.5,
    "highRiskEvents": 2
  },
  "hasMore": true
}

Fingerprints

GET/admin/fingerprints

List all fingerprints with collision detection (same fingerprint, multiple users).

Parameters

Name	Type	Description
`limit`	query (int)	Max results, default 100

Response Shape

{
  "total": 1283,
  "fingerprints": [{
    "fingerprint": "a1b2c3...",
    "totalEvents": 45,
    "uniqueUsers": 1,
    "uniqueDomains": 2,
    "avgRiskScore": 8.2,
    "hasCollisions": false,
    "lastSeen": "..."
  }]
}

⚠️ hasCollisions = true when uniqueUsers > 1 (same browser fingerprint across multiple accounts)

GET/admin/fingerprints/{fingerprint}

Full detail for a specific fingerprint. Uses DynamoDB PK query (fast).

Parameters

Name	Type	Description
`fingerprint`	path	Fingerprint hash

Response Shape

{
  "fingerprint": "a1b2c3...",
  "events": [...],
  "userIds": ["user_1", "user_2"],
  "domainprints": ["dp1"],
  "stats": {
    "totalEvents": 45,
    "uniqueUsers": 2,
    "hasCollisions": true,
    "avgRiskScore": 32.1
  }
}

Domainprints

GET/admin/domainprints

List all domainprints with cross-domain statistics.

Parameters

Name	Type	Description
`limit`	query (int)	Max results, default 100

Response Shape

{
  "total": 891,
  "domainprints": [{
    "domainprint": "dp_abc...",
    "totalEvents": 23,
    "uniqueUsers": 1,
    "uniqueFingerprints": 2,
    "uniqueDomains": 1,
    "lastSeen": "..."
  }]
}

GET/admin/domainprints/{domainprint}

Full detail for a specific domainprint.

Parameters

Name	Type	Description
`domainprint`	path	Domainprint hash

Response Shape

{
  "domainprint": "dp_abc...",
  "events": [...],
  "userIds": ["user_1"],
  "fingerprints": ["fp1", "fp2"],
  "domains": ["example.com"],
  "stats": { ... }
}

Fraud Detection

GET/admin/fraud/stats

Fraud dashboard: risk level distribution, detection signals breakdown, impossible travel events, top offenders.

Parameters

Name	Type	Description
`hours`	query (int)	Lookback window, default 24

Response Shape

{
  "totalSuspicious": 47,
  "totalImpossibleTravel": 3,
  "timeRange": "Last 24 hours",
  "byRiskLevel": {
    "critical": 5,
    "high": 12,
    "medium": 30
  },
  "byReason": {
    "bot_detected": 8,
    "headless_browser": 3,
    "credential_stuffing": 2,
    "impossible_travel": 3,
    "ja4_context_mismatch": 15
  },
  "topFingerprints": [...],
  "topUsers": [...],
  "impossibleTravelEvents": [{
    "fingerprint": "...",
    "from_country": "ES",
    "to_country": "JP",
    "distance_km": 10200,
    "delta_hours": 0.5,
    "speed_kmh": 20400,
    "risk_score": 90
  }],
  "recentEvents": [...]  // max 50
}

⚠️ GSI_ORG query filters risk_score > 60. Superadmin uses table scan with memory filter.

Identity & Attribution

GET/admin/identity-graph

Cross-domain identity relationships: fingerprints ↔ users ↔ domainprints ↔ domains.

Parameters

Name	Type	Description
`limit`	query (int)	Max nodes, default 100

Response Shape

{
  "nodes": [...],
  "edges": [...],
  "stats": {
    "totalNodes": 45,
    "totalEdges": 67,
    "clusters": 12
  }
}

GET/admin/attribution

Campaign attribution aggregated statistics.

Response Shape

{
  "total": 1200,
  "campaigns": [{
    "source": "google",
    "medium": "cpc",
    "campaign": "spring_sale",
    "events": 340,
    "uniqueUsers": 89
  }]
}

Account Sharing

GET/admin/account-sharing

Account sharing detection: concurrent sessions, geo diversity, device diversity.

Response Shape

{
  "totalDetections": 12,
  "bySignal": {
    "concurrent_session": 5,
    "geo_diversity": 4,
    "device_diversity": 3
  },
  "detections": [{
    "userId": "user_...",
    "score": 80,
    "signals": ["concurrent_session", "geo_diversity"],
    "unique_fingerprints": 4,
    "unique_countries": ["ES", "US", "JP"]
  }]
}

Health Check

GET/health

Service health with DynamoDB connectivity test.

Response Shape

{
  "status": "ok",      // "ok" | "degraded"
  "timestamp": "2026-03-22T...",
  "database": true,
  "service": "impressio-api",
  "version": "4.5.1"
}

⚠️ Returns 503 if DynamoDB ping fails (database: false).