Peet APItls.peet.ws ↗
Get JA3, JA4, Akamai HTTP/2, and PeetPrint fingerprint hashes plus full TLS cipher/extension data for any HTTP client via the tls.peet.ws API.
What is the Peet API?
The tls.peet.ws API exposes 3 endpoints that return live TLS and HTTP/2 fingerprint data for the calling client, including JA3, JA4, Akamai, and PeetPrint hashes. The get_all endpoint returns the full picture: cipher suites, TLS extensions, HTTP/2 frames, TCP/IP packet details, client IP, HTTP method, user agent, and all fingerprint strings in a single response object.
No input parameters required.
curl -X GET 'https://api.parse.bot/scraper/146dfd2e-1372-4c03-b84c-ba2a6b10e352/get_all' \ -H 'X-API-Key: $PARSE_API_KEY'
Typed, relational, agent-ready
A generated client with real types, enums, and the links between objects — the structure a flat JSON response can't carry. Autocompletes in your editor and reads cleanly to coding agents.
- Fully typed · autocompletes
- Objects link to objects
- Typed errors & pagination
Typed Python client. Set up the SDK in your uv project, then pull this API’s typed client:
uv add parse-sdk uv run parse init uv run parse add --marketplace tls-peet-ws-api
uv run parse add --marketplace pulls a pinned snapshot of this canonical API — it won’t change underneath you. To customize it, subscribe and swap to your own copy.
"""Walkthrough: TLS Peet fingerprinting SDK — analyze your connection's TLS profile."""
from parse_apis.tls_peet_ws_fingerprinting_api import TlsPeet, UpstreamError
client = TlsPeet()
# Quick fingerprint summary — lightweight, returns just the hashes.
summary = client.fingerprintsummaries.get()
print(f"JA3 Hash: {summary.ja3_hash}")
print(f"JA4: {summary.ja4}")
print(f"Akamai Hash: {summary.akamai_hash}")
print(f"PeetPrint Hash: {summary.peetprint_hash}")
print(f"HTTP Version: {summary.http_version}")
# Full connection profile — includes TLS, HTTP/2, TCP/IP, and user agent.
profile = client.connectionprofiles.get()
print(f"IP: {profile.ip}")
print(f"User Agent: {profile.user_agent}")
print(f"TLS Version: {profile.tls.tls_version_negotiated}")
print(f"Ciphers offered: {len(profile.tls.ciphers)}")
print(f"Akamai HTTP/2 fingerprint: {profile.http2.akamai_fingerprint_hash}")
print(f"Dst Port: {profile.tcpip.dst_port}")
# TLS-only profile — no HTTP/2 frames, focused on cipher/extension analysis.
try:
tls_only = client.tlsprofiles.get()
print(f"TLS Record Version: {tls_only.tls.tls_version_record}")
print(f"PeetPrint: {tls_only.tls.peetprint_hash}")
except UpstreamError as exc:
print(f"TLS endpoint unavailable: {exc}")
print("exercised: fingerprintsummaries.get / connectionprofiles.get / tlsprofiles.get")Retrieve the complete TLS fingerprint data including all TLS details, HTTP/2 frames, TCP/IP info, request headers, user agent, and all fingerprint hashes (JA3, JA4, Akamai, PeetPrint). Returns a single object with all connection analysis data. No input parameters required — the server analyzes the incoming connection itself.
No input parameters required.
{
"type": "object",
"fields": {
"ip": "string - Client IP address and port",
"tls": "object - TLS details including ciphers, extensions, tls_version_record, tls_version_negotiated, ja3, ja3_hash, ja4, ja4_r, peetprint, peetprint_hash, client_random, session_id",
"http2": "object - HTTP/2 details including akamai_fingerprint, akamai_fingerprint_hash, sent_frames array",
"tcpip": "object - TCP/IP details including cap_length, dst_port, src_port, ip, tcp sub-objects",
"donate": "string - Donation message",
"method": "string - HTTP method used",
"user_agent": "string - User agent string sent in request",
"http_version": "string - HTTP version used (e.g. h2)"
}
}About the Peet API
What the API Returns
Each endpoint reflects the TLS connection properties of whichever HTTP client makes the request. get_all returns the most complete response: a tls object with cipher suites, extensions, negotiated TLS version, and fingerprints (ja3, ja3_hash, ja4, ja4_r, peetprint, peetprint_hash); an http2 object with akamai_fingerprint, akamai_fingerprint_hash, and the raw sent_frames array; a tcpip object with source/destination ports and IP-level packet details; plus the client ip, user_agent, method, and http_version.
Fingerprint-Only and TLS-Only Variants
get_fingerprints returns just the nine hash and fingerprint string fields — ja3, ja3_hash, ja4, ja4_r, akamai, akamai_hash, peetprint, peetprint_hash, and http_version — without the full extension list, raw frames, or TCP/IP breakdown. Use it when you only need to identify or compare a client's fingerprint profile. get_tls sits between the two: it returns the full tls object (ciphers array, extensions array, all fingerprints) but leaves ip, method, http_version, and donate as empty strings, and returns empty sub-objects for TCP/IP.
No Input Parameters
None of the three endpoints accept query parameters or request bodies. The fingerprint data is derived entirely from the incoming connection, so the caller's HTTP client configuration — TLS library, cipher order, extension list, HTTP/2 settings frames — determines what gets returned. This makes the API useful as a mirror for verifying how a client appears to anti-bot or CDN systems.
Fingerprint Standards Covered
JA3 is an MD5 hash of TLS client-hello fields widely used in network security tooling. JA4 is a newer, structured alternative designed to be more stable across TLS library versions. The Akamai HTTP/2 fingerprint captures HTTP/2 SETTINGS and WINDOW_UPDATE frame ordering, which CDN and WAF systems use to distinguish browser traffic from scripted clients. PeetPrint is an extended fingerprint that incorporates additional TLS handshake signals beyond what JA3 covers.
The Peet API is a managed, monitored endpoint for tls.peet.ws — not a raw scraper you maintain. Every endpoint is automatically health-checked on a schedule, and when tls.peet.ws changes and a check fails, the API is automatically queued for repair and re-verified. It is built to keep working as the site underneath it changes.
This isn't an official tls.peet.ws API — it's an independent, maintained REST wrapper over public data. Where the source has no official API (or only a limited one), Parse gives you a stable contract over a source that never promised one, and keeps it current. Need a new endpoint or field? You can revise it yourself in plain English and the agent rebuilds it against the live site in minutes — contributing the change back to the shared API is free.
Will this API break when the source site changes?+
Is this an official API from the source site?+
Can I fix or extend this API myself if I need a new endpoint or field?+
What happens if I call an endpoint that has an issue?+
- Verify that a headless browser or HTTP client produces a browser-like JA3/JA4 hash before deploying it against bot-protected endpoints
- Compare
akamai_fingerprintvalues across different HTTP libraries to understand how CDN WAFs distinguish them - Audit TLS cipher suite ordering in a custom TLS stack using the
tls.ciphersarray fromget_tls - Build a regression test that asserts a client's
peetprint_hashdoes not change after upgrading TLS dependencies - Log and compare
sent_framesfrom thehttp2object to debug HTTP/2 SETTINGS negotiation differences between environments - Confirm that a proxy or VPN preserves the original client's TLS fingerprint by comparing
ja4before and after routing - Identify client TLS extension order using the
tls.extensionsarray to diagnose mismatches with server-side fingerprint blocklists
| Tier | Price | Credits/month | Rate limit |
|---|---|---|---|
| Free | $0/mo | 100 | 5 req/min |
| Hobby | $30/mo | 1,000 | 20 req/min |
| Developer | $100/mo | 5,000 | 100 req/min |
One credit = one API call regardless of which marketplace API you call. Exceeding the rate limit returns a 429 response. Authenticate with the X-API-Key header.
Does tls.peet.ws have an official developer API?+
What is the difference between `get_all`, `get_fingerprints`, and `get_tls`?+
get_all returns every field: full TLS cipher/extension arrays, HTTP/2 frames, TCP/IP packet details, client IP, user agent, and all fingerprint hashes. get_fingerprints returns only the nine fingerprint hash and string fields with no raw arrays. get_tls returns the full tls object including ciphers and extensions, but omits HTTP/2 frames and leaves IP, method, and http_version as empty strings.Does the API return historical or stored fingerprint data for a given IP address?+
Does the API expose TLS certificate details from the server side, such as the server's certificate chain?+
Are there quirks in what `get_tls` returns compared to `get_all`?+
get_tls, the ip, method, http_version, and donate fields are always empty strings, and the tcpip object contains empty ip and tcp sub-objects. If you need those fields, use get_all instead. This is expected behavior, not a data gap.