Get Started with BotID
This guide shows you how to add BotID protection to your Vercel project. BotID blocks automated bots while allowing real users through, protecting your APIs, forms, and sensitive endpoints from abuse.
The setup involves three main components:
- Client-side component to run challenges.
- Server-side verification to classify sessions.
- Route configuration to ensure requests are routed through BotID.
Before setting up BotID, ensure you have a JavaScript project deployed on Vercel.
Add BotID to your project:
Use the appropriate configuration method for your framework to set up proxy rewrites. This ensures that ad-blockers, third party scripts, and more won't make BotID any less effective.
Choose the appropriate method for your framework:
- Next.js 15.3+: Use in for optimal performance
- Other Next.js: Mount the component in your layout
- Other frameworks: Call during application initialization
Use on the routes configured in the component.
Important configuration requirements: - Not adding the protected route to will result in failing. The client side component dictates which requests to attach special headers to for classification purposes. - Local development always returns unless you configure the option on . Learn more about local development behavior.
BotID actively runs JavaScript on page sessions and sends headers to the server. If you test with or visit a protected route directly, BotID will block you in production. To effectively test, make a request from a page in your application to the protected route.
BotID Deep Analysis are available on Enterprise and Pro plans
From the Vercel dashboard
- Select your Project
- Click the Firewall tab
- Click Rules
- Enable Vercel BotID Deep Analysis
Client-side code for the BotID Next.js implementation:
Server-side code for the BotID Next.js implementation:
Was this helpful?