Russian

What is BotProtection?

BotProtection is an effective SDK & Backend solution to protect your business from malicious bot attacks.

BotProtection kit consists of two parts: BotProtection SDK (client) and BotProtection machine (server). There's also a BotProtection Dashboard for visualisation and statistics.

  • BotProtection SDK is a module that you include on your clients - Android, iOS or Web.

  • BotProtection machine is a server that you put up in your infrastructure.

  • BotProtection Dashboard is a web page available for you only.

BotProtection machine takes behavioural anonymised data from mobile devices and then analyses it to get a score. The result can be:

  • If a score is lower than 50, then a client is predicted to be a human.

  • If a score is greater than 50, then a client is predicted to be a bot.

  • If a score shows "NA", then a device is "Not Active".

BotProtection machine also supports Grafana, Zabbix systems and syslog formats (CEF and etc).

For more information about our infrastructure, check Architecture page.

Interaction with your backend

BotProtection works in two modes:

  • Active mode (targeted checks with bot prevention)

  • Passive mode (statistics aggregation & monitoring)

Passive mode

You enable BotProtection SDK on your client and it collects behaviour data every set time interval.

Active mode

You enable BotProtection SDK on your client and target it on a specific part of your app. For example, you can scan only a registration page.

When a user or a bot enters the part of app that is protected by BotProtection, BotProtection machine sends a challenge to the client. Client then collects behavioural data and send it to BotProtection machine with a passed challenge.

Then, you can choose sync or async check methods.

Sync check method

If you choose a sync method, client will send encrypted BotProtection decision to your backend server as a JWT token.

To see exact JWT structure and how to decrypt and use JWT tokens, check JWT part of this documentation.

Async check method

If you don't need realtime checks, you can choose to request BotProtection decisions only for specific UUIDs.

In this scheme, your backend sends a POST request to BotProtection machine. More information on this API is provided at API Description part of this documentation.

NextArchitecture

Last updated