What is Botid - v0 by Vercel

BotID is Vercel's bot protection service that acts as an invisible CAPTCHA to protect against sophisticated bots without showing visible challenges or requiring manual intervention 1. It's designed to protect critical routes in your applications, such as checkouts, signups, and APIs, that are common targets for bots imitating real users.

Key Features

BotID provides real-time protection against 1:

Automated attacks: Shield your application from credential stuffing, brute force attacks, and other automated threats
Data scraping: Prevent unauthorized data extraction and content theft
API abuse: Protect your endpoints from excessive automated requests
Spam and fraud: Block malicious bots while allowing legitimate traffic through
Expensive resources: Prevent bots from consuming expensive infrastructure, bandwidth, compute, or inventory

How It Works

BotID operates in two modes 1:

Basic: Ensures valid browser sessions are accessing your sites
Deep Analysis: Connects thousands of additional client-side signals to further distinguish humans from bots (powered by Kasada)

The Deep Analysis mode works by 1:

Silently collecting thousands of signals that distinguish human users from bots
Changing detection methods on every page load to prevent reverse engineering and sophisticated bypasses
Streaming attack data to a global machine learning system that improves protection for all customers

Implementation

To use BotID, you need to 1:

Install the botid package
Configure redirects in your Next.js config or vercel.json
Add the <BotIdClient/> component to your application layout with protected routes
Use checkBotId() function in your server-side code (API routes or Server Actions) to verify requests

Pricing

BotID has a tiered pricing model 1:

Basic mode: Free on all plans
Deep Analysis: $1 per 1,000 checkBotId() calls (available on Pro and Enterprise plans only)

The service is particularly effective against sophisticated bots that use tools like Playwright and Puppeteer to mimic real user behavior, as it can detect these automated sessions even when they solve CAPTCHAs and navigate interfaces like humans would 1.

Key Features

BotID provides real-time protection against 1:

Automated attacks: Shield your application from credential stuffing, brute force attacks, and other automated threats

Data scraping: Prevent unauthorized data extraction and content theft

API abuse: Protect your endpoints from excessive automated requests

Spam and fraud: Block malicious bots while allowing legitimate traffic through

Expensive resources: Prevent bots from consuming expensive infrastructure, bandwidth, compute, or inventory

How It Works

BotID operates in two modes 1:

Basic: Ensures valid browser sessions are accessing your sites

Deep Analysis: Connects thousands of additional client-side signals to further distinguish humans from bots (powered by Kasada)

The Deep Analysis mode works by 1:

Silently collecting thousands of signals that distinguish human users from bots

Changing detection methods on every page load to prevent reverse engineering and sophisticated bypasses

Streaming attack data to a global machine learning system that improves protection for all customers

Pricing

BotID has a tiered pricing model 1:

Basic mode: Free on all plans

Deep Analysis: $1 per 1,000 checkBotId() calls (available on Pro and Enterprise plans only)