Call the decision API from middleware
Send site ID, path, method, request headers, IP, and browser token state to receive an allow, log, challenge, or block decision.
Bot protection API
A bot protection API for crawler and scraper decisions.
A simple API decision point for teams that want bot protection without migrating DNS or changing CDN providers.
bot protection APIbot detection APIcrawler detection APIscraper detection APIanti bot APIrequest scoring API
Use API keys server-side
Server-side middleware should call the API with a Bearer API key. Browser collect calls remain public and use per-site challenge tokens.
Log decisions for review
Each decision can be logged with user-agent labels, client family, score, and action so operators can tune blocking safely.
FAQ
Questions teams ask before turning on crawler defense.
Should backend API calls include an auth token?
Yes. Server-side decision calls should include an Authorization Bearer API key. Dashboard calls use the secure session cookie.
Can I test the API from docs or Swagger?
You can test public health endpoints without a key. Runtime decision examples should include the site API key generated in the dashboard.