✨
BotProtection
  • What is BotProtection?
  • Backend integration
    • Architecture
    • Dashboard Description
  • Android usage
    • Installation
    • SDK usage (Kotlin)
  • iOS usage
    • Installation
  • JWT
  • JWT token
    • Python
    • NodeJS
  • Async method api
    • API Description
  • Example of integration
    • For market
Powered by GitBook
On this page
  • Interaction with your backend
  • Passive mode
  • Active mode

Was this helpful?

What is BotProtection?

NextArchitecture

Last updated 5 years ago

Was this helpful?

BotProtection is an effective SDK & Backend solution to protect your business from malicious bot attacks.

BotProtection kit consists of two parts: BotProtection SDK (client) and BotProtection machine (server). There's also a BotProtection Dashboard for visualisation and statistics.

  • BotProtection SDK is a module that you include on your clients - Android, iOS or Web.

  • BotProtection machine is a server that you put up in your infrastructure.

  • BotProtection Dashboard is a web page available for you only.

BotProtection machine takes behavioural anonymised data from mobile devices and then analyses it to get a score. The result can be:

  • If a score is lower than 50, then a client is predicted to be a human.

  • If a score is greater than 50, then a client is predicted to be a bot.

  • If a score shows "NA", then a device is "Not Active".

BotProtection machine also supports Grafana, Zabbix systems and syslog formats (CEF and etc).

For more information about our infrastructure, check page.

Interaction with your backend

BotProtection works in two modes:

  • Active mode (targeted checks with bot prevention)

  • Passive mode (statistics aggregation & monitoring)

Passive mode

You enable BotProtection SDK on your client and it collects behaviour data every set time interval.

Active mode

You enable BotProtection SDK on your client and target it on a specific part of your app. For example, you can scan only a registration page.

When a user or a bot enters the part of app that is protected by BotProtection, BotProtection machine sends a challenge to the client. Client then collects behavioural data and send it to BotProtection machine with a passed challenge.

Then, you can choose sync or async check methods.

Sync check method

If you choose a sync method, client will send encrypted BotProtection decision to your backend server as a JWT token.

Async check method

If you don't need realtime checks, you can choose to request BotProtection decisions only for specific UUIDs.

To see exact JWT structure and how to decrypt and use JWT tokens, check of this documentation.

In this scheme, your backend sends a POST request to BotProtection machine. More information on this API is provided at part of this documentation.

Architecture
JWT part
API Description