Skip to main content

API Reference

BotShield provides two SDKs for integrating human presence verification:
  • Frontend SDK — Drop-in web component for your pages (cdn.botshield.ai/sdk.js)
  • Backend SDK — TypeScript/Node.js library for server-side validation (botshield-sdk on npm)
Get your API keys from the Partner Dashboard → Settings → API & Credentials.

Install

<script src="https://cdn.botshield.ai/sdk.js"></script>
Then render the widget:
const widget = BotShield.render('#container', {
  siteKey: 'pk_live_YOUR_SITE_KEY',
  signals: true,
  onSuccess: ({ token, signal_token }) => {
    // Send to your backend for validation
    fetch('/api/verify', {
      method: 'POST',
      body: JSON.stringify({ token, signal_token }),
    });
  },
});
Or use the HTML element directly:
<botshield-verify
  site-key="pk_live_YOUR_SITE_KEY"
  signals="true"
  onsuccess="handleVerified"
></botshield-verify>

The Primary Output: Signal Strength

Every verification returns a signal_strength claim — a composite tier that reflects how confidently BotShield attests to this human on this device:
TierAPI valueTypical use
NewnewbornFirst-time user — allow with enhanced monitoring
StablegrowingConsistent presence — acceptable for most actions
StrongstrongLong-standing verified user — most platforms allow
TrustedtrustedHighest confidence — pre-cleared for high-value actions
Platforms use the tier to calibrate their own enforcement. BotShield has no opinion on which actions require which tier — that is your policy decision. See Signal Strength for the full guide.

Authentication

All backend SDK calls use your API key in the Authorization header: 
Authorization: Bearer bs_prod_your_key_here
Key TypePrefixPurpose
Productionbs_prod_Live verification with real users
Testbs_test_Development and testing

SDK Methods

Core Verification

Create Session

Get an anchor grant token to start creating verification requests.

Create Verification Link

Generate a verification request with deep link, web URL, and QR code.

Verify Token

Validate a verification receipt JWT. Returns claims including signal_strength.

Check Status

Poll verification status. Returns signed token when complete.

Signal Pixel

Store Signal

Store a Signal Pixel bot score server-side. Returns a tamper-proof signal token.

Validate Signal

Validate a signal token to get the real server-side bot score. One-time use.

Partner Config

Get enabled integrations (Turnstile, etc.) for a site key.

Session Management

Revoke Verification

Cancel a pending verification. Use when create-verification-link returns 409.

Revoke Session

Invalidate an anchor grant token.

Typical Flow

Error Handling

CodeMeaning
200Success
400Invalid or missing parameters
401Invalid or expired token
409Duplicate pending verification — use revokeVerification() first
500Internal server error
{
  "error": {
    "message": "Description of what went wrong",
    "statusCode": 400
  }
}

Next Steps