Bot management
ML-scored bot detection, invisible CAPTCHA, fingerprinting and challenge framework.
What it is
Every request gets a bot score (0–100). The default action set is configurable: allow verified bots (search engines, crawlers you whitelist), challenge suspicious, block malicious. Invisible CAPTCHA challenges are zero-friction for humans; if a request can't pass, it gets an interactive challenge. Custom signals (TLS fingerprint, JS challenge tokens) feed back into the score.
When to use it
- Block credential stuffing on /login without making humans solve puzzles.
- Allow GoogleBot but block a scraper that mimics it.
- Protect signup flows from automated abuse.
Quickstart
asc edge bots enable example.com
asc edge bots policy set example.com --on-malicious block --on-suspicious challengeclient.edge.bots.policy.set(zone='example.com', on_malicious='block', on_suspicious='challenge')await client.edge.bots.policy.set({ zone: 'example.com', onMalicious: 'block', onSuspicious: 'challenge' });Limits & quotas
| Limit | Default | Burst | Notes |
|---|---|---|---|
| Invisible CAPTCHA (free tier) | 1M / mo | — | |
| Bot Management (Enterprise) | $2,000 / mo + 100M req | — | |
| Verified bot list | Google, Bing, Apple, … | — | Configurable |
Pricing
See pricing. Pay-as-you-go, billed monthly via Stripe.
API surface
POST /v1/edge/bots/policyGET /v1/edge/bots/events
Required scope(s): edge:write. See Scopes.
Security
All access is authenticated and scoped. See Auth & scopes and Network controls.