AIARCOASC Docs

Bot management

ML-scored bot detection, invisible CAPTCHA, fingerprinting and challenge framework.

What it is

Every request gets a bot score (0–100). The default action set is configurable: allow verified bots (search engines, crawlers you whitelist), challenge suspicious, block malicious. Invisible CAPTCHA challenges are zero-friction for humans; if a request can't pass, it gets an interactive challenge. Custom signals (TLS fingerprint, JS challenge tokens) feed back into the score.

When to use it

  • Block credential stuffing on /login without making humans solve puzzles.
  • Allow GoogleBot but block a scraper that mimics it.
  • Protect signup flows from automated abuse.

Quickstart

asc edge bots enable example.com
asc edge bots policy set example.com --on-malicious block --on-suspicious challenge
client.edge.bots.policy.set(zone='example.com', on_malicious='block', on_suspicious='challenge')
await client.edge.bots.policy.set({ zone: 'example.com', onMalicious: 'block', onSuspicious: 'challenge' });

Limits & quotas

LimitDefaultBurstNotes
Invisible CAPTCHA (free tier)1M / mo
Bot Management (Enterprise)$2,000 / mo + 100M req
Verified bot listGoogle, Bing, Apple, …Configurable

Pricing

See pricing. Pay-as-you-go, billed monthly via Stripe.

API surface

  • POST /v1/edge/bots/policy
  • GET /v1/edge/bots/events

Required scope(s): edge:write. See Scopes.

Security

All access is authenticated and scoped. See Auth & scopes and Network controls.