Developer Hub
Implement Web Bot Auth with RFC 9421 HTTP Message Signatures. SDKs for Express, Next.js, FastAPI, Flask, WordPress, and Docker.
What are you building?
Verify bot requests
Add bot verification to your application. Choose your stack.
Option A: WordPress Plugin
RecommendedOne-click install. Includes analytics dashboard, llms.txt, and per-post policies.
1. Go to Plugins → Add New 2. Search "OpenBotAuth" 3. Click Install Now 4. Click Activate Or visit: wordpress.org/plugins/openbotauth
Option B: Zero-Code Proxy
No code changes. Run a reverse proxy in front of your app.
npx @openbotauth/proxy # or with Docker docker run -p 8088:8088 -e UPSTREAM_URL=http://localhost:3000 \ ghcr.io/openbotauth/openbotauth-proxy
Option C: Node.js (Express / Next.js)
Drop-in middleware for Express and Next.js.
npm install @openbotauth/verifier-client
import express from 'express';
import { openBotAuthMiddleware } from '@openbotauth/verifier-client/express';
const app = express();
app.use(openBotAuthMiddleware());
app.get('/api/content', (req, res) => {
if (req.oba.signed && req.oba.result?.verified) {
res.json({ content: 'Full content', agent: req.oba.result.agent });
} else {
res.json({ content: 'Preview only' });
}
});Option D: Python (FastAPI / Flask)
ASGI middleware for FastAPI, WSGI for Flask.
pip install openbotauth-verifier[fastapi]
from fastapi import FastAPI, Request
from openbotauth_verifier import OpenBotAuthASGIMiddleware
app = FastAPI()
app.add_middleware(OpenBotAuthASGIMiddleware)
@app.get('/api/content')
async def get_content(request: Request):
if request.state.oba.signed and request.state.oba.result.verified:
return {'content': 'Full content'}
return {'content': 'Preview only'}Sign your requests
Register your crawler, generate keys, sign HTTP requests.
Step 1: Register your crawler
Sign in with GitHub to register. Generate Ed25519 keypairs and host your public keys (JWKS) automatically.
Register with GitHubStep 2: Sign requests
Use bot-cli to test signing, or integrate registry-signer into your code.
# Generate Ed25519 keypair oba-bot keygen --jwks-url https://api.openbotauth.org/jwks/mybot.json # Fetch URL with signed request oba-bot fetch https://example.com/api/content -v
Use in your code
npm install @openbotauth/registry-signer
import { generateKeyPair, publicKeyToJWK } from '@openbotauth/registry-signer';
const { publicKey, privateKey } = generateKeyPair();
const jwk = publicKeyToJWK(publicKey, 'my-key-id', {
alg: 'EdDSA'
});Resulting signature headers
Signature-Input: sig1=("@method" "@path");keyid="my-key";alg="ed25519"
Signature: sig1=:K2qGT5srn2OGbOIDzQ6kYT+ruaycnDAAUpKv+ePFfD0=:
Signature-Agent: https://api.openbotauth.org/jwks/mybot.jsonAll Packages
Official SDKs and tools. Apache 2.0 license.
WordPress Plugin
AI crawler control + analytics
@openbotauth/verifier-client
Express & Next.js middleware
@openbotauth/proxy
Zero-code reverse proxy
openbotauth-verifier
FastAPI & Flask middleware
openbotauth-proxy
Container (amd64/arm64)
@openbotauth/bot-cli
Demo crawler with signing
@openbotauth/registry-signer
Ed25519 keygen & JWKS