Bot Authentication

How to get your bots authenticated?

DataDome is a cyber security solution that protects websites and APIs against bot traffic.

Any automated request coming from an unauthenticated bot is categorized as a "Bad Bot" and is blocked by default.

DataDome classifies and authenticates thousands of Commercial bots employed by hundreds of companies. Our customers can decide to authorize them based on their own bot policy.

If you would like to be part of the Commercial bot category, you will need to:

  • Use a dedicated UserAgent
  • Set up one of the authentication mechanisms detailed below
  • And finally reach our support team

1. Reverse DNS

DataDome can authenticate Commercial bots by running a two-way RDNS/DNS lookup.
This is a strong and real time solution, which is used by major search engines like Google or Bing.

2. Static IP

In case your bot is using static IP addresses, you can share the list of all possible IP addresses with us.

3. Dynamic IP List

DataDome can authenticate Commercial bots by fetching their IP list.
We have a process in place to download and update the IP list (similar to Pingdom and Uptime).
You simply have to create and maintain a file (CSV, JSON, Plaintext) including all IPs used by your bots.

4. Private AS

DataDome can authenticate Commercial bots by checking a combination of AS numbers. In order to be secure, the AS must be a private corporater AS, not a common host AS (AWS, GCP, Hetzner).