Developer Hub

Everything you need to integrate OpenBotAuth. SDKs, middleware, code examples, and API reference.

Full DocumentationGitHub

Quick start

For publishers (verify requests)

npm install @openbotauth/verifier

import { createVerifier } from '@openbotauth/verifier';

const verifier = createVerifier({
  registryUrl: 'https://api.openbotauth.com',
});

// In your request handler
const result = await verifier.verify(request);
if (result.valid) {
  console.log('Crawler:', result.crawlerId);
  // Apply your policy
}

For crawlers (sign requests)

npm install @openbotauth/signer

import { createSigner } from '@openbotauth/signer';

const signer = createSigner({
  keyId: 'my-crawler-key-1',
  privateKey: process.env.PRIVATE_KEY,
});

// Before making a request
const signedHeaders = await signer.sign({
  method: 'GET',
  url: 'https://publisher.com/article/123',
});

fetch('https://publisher.com/article/123', {
  headers: signedHeaders,
});
View full quickstart guide →

Integration patterns

Choose the pattern that fits your stack.

WordPress Plugin

One-click installation from the WordPress plugin directory. Configure policies via admin panel.

  • No code required
  • Visual policy editor
  • Analytics dashboard
Installation guide →

Node.js Middleware

Drop-in middleware for Express, Fastify, Koa, and other Node frameworks. Full TypeScript support.

  • Express/Fastify/Koa
  • TypeScript types
  • Async verification
npm package →

Nginx Sidecar

Use Nginx's auth_request directive to verify requests via a sidecar container. Works with any backend.

  • Language agnostic
  • Docker image
  • Kubernetes ready
Setup guide →

SDKs

Native SDKs for popular languages. All open source.

JavaScript/TypeScript

@openbotauth/sdk

Python

openbotauth

Go

go-openbotauth

Rust

openbotauth

Spec alignment

HTTP Message Signatures (RFC 9421)

The core signing mechanism. OpenBotAuth implements RFC 9421 for creating and verifying signatures on HTTP requests.

RFC 9421

JSON Web Key Set (JWKS)

Public keys are published as JWKS at a well-known endpoint. Standard format, easy rotation, broad tooling support.

RFC 7517

Emerging standards

We track emerging proposals around web bot authentication and align where sensible. The goal: interoperability with the broader ecosystem as standards mature.

Ready to integrate?

Check out the full documentation or request API access.

Read the DocsRequest Access