Add this script tag to your website's <head> section to enable bot protection:
<script src="http://localhost:8080/protect.js?key=YOUR_API_KEY"></script>
Copy the code above
Paste in your <head> tag
You're protected!
Detailed Analytics
Time Series Data
Attack Types Distribution
Decision Distribution
🌍 Geographic Distribution
Hourly Attack Patterns
Training History
Trained Models
Label Sessions
Your API Keys
Manage authentication keys for your applications
How to Use API Keys
?key=YOUR_API_KEY
X-API-Key: YOUR_API_KEY
/api/protect/check
curl -X POST http://localhost:8080/api/protect/check?key=YOUR_API_KEY \
-H "Content-Type: application/json" \
-d '{"user_agent": "Mozilla/5.0", "ip_address": "8.8.8.8"}'
Rule Types
Block specific IP addresses or CIDR ranges (e.g., 192.168.1.0/24)
Block requests with specific user agent strings or patterns
Block traffic from specific countries using ISO codes (e.g., CN, RU)
Custom Rules
Create and manage custom protection rules
Choose Your Perfect Plan
All plans include full bot protection - upgrade for higher request limits
Payment Methods
Secure payment options for your subscription
EMAIL NOTIFICATIONS
Recent Alerts
Latest security notifications
No alerts yet
You'll see notifications here when suspicious activity is detected on your protected websites
PROFILE INFORMATION
SECURITY
DANGER ZONE
Quick Start (30 seconds)
Add protection to your website in one line
Add this single line to your website's HTML, right before the closing </body> tag:
<script src="http://localhost:8080/protect.js?key=YOUR_API_KEY" async></script>- Tracks user behavior (mouse movements, clicks, typing patterns)
- Generates browser fingerprints
- Detects headless browsers and automation tools
- Validates all form submissions
- Monitors AJAX requests
Integration Examples
Framework-specific implementation guides
HTML / Static Sites
<!DOCTYPE html>
<html>
<head>
<title>My Protected Website</title>
</head>
<body>
<h1>Welcome</h1>
<p>This site is protected from bots.</p>
<!-- Anti-Bot Protection -->
<script src="http://localhost:8080/protect.js?key=YOUR_API_KEY" async></script>
</body>
</html>React / Next.js
// In your pages/_document.js or app layout
import Script from 'next/script';
export default function MyApp({ Component, pageProps }) {
return (
<>
<Component {...pageProps} />
<Script
src="http://localhost:8080/protect.js?key=YOUR_API_KEY"
strategy="afterInteractive"
/>
</>
);
}Vue.js
// In your main App.vue or index.html
<template>
<div id="app">
<router-view />
</div>
</template>
<script>
export default {
mounted() {
const script = document.createElement('script');
script.src = 'http://localhost:8080/protect.js?key=YOUR_API_KEY';
script.async = true;
document.body.appendChild(script);
}
}
</script>WordPress
// Add to your theme's functions.php
function add_antibot_protection() {
wp_enqueue_script(
'antibot-protection',
'http://localhost:8080/protect.js?key=YOUR_API_KEY',
array(),
null,
true
);
}
add_action('wp_enqueue_scripts', 'add_antibot_protection');Direct API Usage (Advanced)
For custom integrations, you can call our API directly from your backend:
Endpoint
POST http://localhost:8080/api/protect/checkRequest Headers
Content-Type: application/json
X-API-Key: YOUR_API_KEYRequest Body
{
"ip_address": "192.168.1.100",
"user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64)...",
"fingerprint": "abc123xyz789",
"behavioral_data": {
"mouse_movements": 150,
"click_count": 5,
"time_on_page": 12.5,
"keystroke_dynamics": [120, 85, 95, 110]
}
}Response
{
"decision": "allow", // "allow", "block", or "challenge"
"score": 0.87, // 0.0 (bot) to 1.0 (human)
"reasons": [],
"challenge_token": null
}Python Example
import requests
response = requests.post(
'http://localhost:8080/api/protect/check',
headers={
'Content-Type': 'application/json',
'X-API-Key': 'YOUR_API_KEY'
},
json={
'ip_address': request.remote_addr,
'user_agent': request.headers.get('User-Agent'),
'fingerprint': 'generated_fingerprint',
'behavioral_data': {
'mouse_movements': 100,
'click_count': 3,
'time_on_page': 8.2
}
}
)
result = response.json()
if result['decision'] == 'block':
return abort(403, 'Access denied')Frequently Asked Questions
Do I need to modify my forms?
No! The protection script automatically detects and protects all forms on your page. Just add the script tag and you're done.
Will this slow down my website?
The script loads asynchronously and is under 15KB. It has minimal impact on page load times and runs in the background without blocking page rendering.
What if a legitimate user gets blocked?
Our system uses multiple detection methods and scores. False positives are rare. You can adjust sensitivity in your API Settings page and whitelist specific IPs.
Can I test the protection?
Yes! We provide a test site at http://localhost:8181/ with protection already integrated. Run python test-site/attack_test_site.py to simulate attacks and see the dashboard update in real-time.
Do I need to update the script when you release updates?
No! The script is served from our CDN and automatically updates. Your integration code never changes.
What data is collected?
We collect behavioral signals (mouse movements, typing patterns), browser fingerprints, IP addresses, and user agents. No personal information or form data is stored. See our Privacy Policy for details.
Can I use multiple API keys?
Yes! Create separate API keys for different websites in the API Keys page. Each key has its own analytics and configuration.
Does it work with single-page applications (SPAs)?
Absolutely! The script works seamlessly with React, Vue, Angular, and other SPA frameworks. It automatically detects route changes and AJAX requests.
Best Practices
✓ Do's
- Place the script tag at the end of your
<body>for best performance - Use the
asyncattribute to prevent blocking page load - Create separate API keys for development, staging, and production
- Monitor your Analytics dashboard regularly for attack patterns
- Set up email alerts for high-volume attacks
- Test your integration with our provided attack simulation tools
- Whitelist your office IP if you're testing from the same network
✗ Don'ts
- Don't hardcode API keys in public repositories
- Don't use the same API key across multiple unrelated websites
- Don't disable the script on forms - it's automatic and seamless
- Don't block based on IP alone - use our multi-factor scoring
- Don't set rate limits too aggressively - this can block real users
Troubleshooting
Script not loading
Problem: Console shows "Failed to load resource"
Solution:
- Verify the server is running:
http://localhost:8080/protect.js - Check your API key is correct
- Ensure no CORS issues (script should be served from same domain or with proper headers)
Dashboard shows zero attacks
Problem: No data appears in Overview or Analytics
Solution:
- Verify the API key in the script matches the one in your dashboard
- Check browser console for JavaScript errors
- Run the test attack simulation:
python test-site/attack_test_site.py - Ensure you're logged in as the correct user account
Legitimate users getting blocked
Problem: Real users can't access your site
Solution:
- Check the Recent Attacks table in Overview for their IP
- Add their IP to the whitelist in API Settings
- Lower the sensitivity threshold in Settings
- Review the blocking reasons in Analytics page
Still need help?
Contact our support team at support@antibot-saas.com or check our documentation at docs.antibot-saas.com
Live Demo Site
We've created a fully functional e-commerce demo site with Anti-Bot protection already integrated:
Run Attack Simulation
Test the protection by simulating 6 different attack scenarios:
cd test-site
python attack_test_site.pyThis will simulate aggressive scraping, form spam, headless browsers, and more. Watch the attacks appear in your dashboard in real-time!