# BotShield Documentation

## Docs

- [API Reference](https://docs.botshield.ai/api-reference/overview.md): Install the BotShield SDK and start verifying human presence in minutes
- [Rate Limits](https://docs.botshield.ai/api-reference/rate-limits.md): Per-key rate limit tiers, response envelope, and block behavior
- [Create a verification request](https://docs.botshield.ai/api-reference/sdk/create-a-verification-request.md): Creates a verification request with deep link, web URL, and QR code. Requires an anchor grant token from create-session.
- [Create an Anchor Grant Window](https://docs.botshield.ai/api-reference/sdk/create-an-anchor-grant-window.md): Creates a short-lived anchor grant token (5 minutes) from an API token or site key. Use this to get a token before creating verification links.
- [Get partner configuration](https://docs.botshield.ai/api-reference/sdk/get-partner-configuration.md): Returns enabled integrations (Turnstile, etc.) for a site key. Public config only — secret keys never exposed.
- [Revoke a pending verification](https://docs.botshield.ai/api-reference/sdk/revoke-a-pending-verification.md): Soft-expires a pending verification for a scope and user. Use when create-verification-link returns 409.
- [Revoke an Anchor Grant Window token](https://docs.botshield.ai/api-reference/sdk/revoke-an-anchor-grant-window-token.md)
- [Store a Signal Pixel bot score](https://docs.botshield.ai/api-reference/sdk/store-a-signal-pixel-bot-score.md): Stores a behavioral fingerprint score server-side and returns an opaque signal_token (bs_sig_...). The client-side score can be spoofed — the signal_token maps to the real score in BotShield's database.
- [Validate a signal token](https://docs.botshield.ai/api-reference/sdk/validate-a-signal-token.md): Validates a signal_token and returns the real server-side bot score. One-time use, 10-minute expiry. This is the tamper-proof check.
- [Validate a verification token](https://docs.botshield.ai/api-reference/sdk/validate-a-verification-token.md): Validates a signed JWT verification receipt. This is the primary server-side check. Optionally include signal_token for combined confidence scoring with Signal Pixel + Turnstile + passkey results.
- [Check verification status](https://docs.botshield.ai/api-reference/verification/check-verification-status.md): Poll for verification request status. Returns signed token on completion.
- [Look up user by email](https://docs.botshield.ai/api-reference/verification/look-up-user-by-email.md): Check whether a user exists and has a registered passkey before initiating verification.
- [Action-Scoped Enforcement](https://docs.botshield.ai/concepts/action-scoped-enforcement.md): Understanding how BotShield limits enforcement to specific actions
- [Device Security](https://docs.botshield.ai/concepts/device-security.md): Why BotShield requires a device passcode for presence verification
- [Human Presence](https://docs.botshield.ai/concepts/human-presence.md): Understanding what human presence means in BotShield
- [Presence Anchors](https://docs.botshield.ai/concepts/presence-anchors.md): Understanding Presence Anchors and cross-platform presence verification
- [Presence Continuity](https://docs.botshield.ai/concepts/presence-continuity.md): Cross-platform presence verification and reduced friction for returning users
- [Signal Durability](https://docs.botshield.ai/concepts/signal-durability.md): The streak mechanism. Consecutive days the device has been signed into BotShield, and how it drives MultiPass freshness.
- [Trusted Account Signal](https://docs.botshield.ai/concepts/trusted-account-signal.md): How linked third-party accounts strengthen MultiPass durability — Class A (identity-verified) and Class B (ownership-only).
- [Webhook Payloads](https://docs.botshield.ai/concepts/webhook-payloads.md): Event bodies delivered to your webhook_url on verification success, failure, or expiry
- [Deployment Overview](https://docs.botshield.ai/deployment/overview.md): Choose the right BotShield deployment option for your platform
- [Client SDK Embed](https://docs.botshield.ai/embed/overview.md): Drop-in web component for merchant-side human presence verification and bot detection
- [BotShield Signal Pixel](https://docs.botshield.ai/embed/signal-pixel.md): Passive bot scoring, tamper-proof signal tokens, Turnstile integration, and escalation to passkey verification
- [Web Component](https://docs.botshield.ai/embed/web-component.md): Reference for the <botshield-verify> web component — active human verification via passkey, with optional Signal Pixel and third-party integrations
- [Introduction](https://docs.botshield.ai/introduction.md): BotShield is a deployable verification layer that confirms whether a real human is present at the moment a sensitive action occurs — such as checkout, account creation, ticket purchase, or credential recovery.  It is designed to integrate with existing security, fraud, and risk systems — not replace…
- [Quick Start](https://docs.botshield.ai/quick-start.md): Get BotShield human presence verification running on your site in minutes
- [Client Libraries](https://docs.botshield.ai/sdk/client-libraries.md): Official BotShield SDKs for integrating human presence verification into your platform
- [SDK Features](https://docs.botshield.ai/sdk/features.md): BotShield SDK A capabilities and what is planned for SDK B
- [SDK Overview](https://docs.botshield.ai/sdk/overview.md): Understanding the BotShield API architecture and integration model
- [Use Cases](https://docs.botshield.ai/sdk/use-cases.md): Real-world applications for BotShield human presence verification

## OpenAPI Specs

- [openapi-sdk-a](https://docs.botshield.ai/openapi-sdk-a.json)
- [openapi](https://docs.botshield.ai/api-reference/openapi.json)