Bot Authentication
How to get your bots and AI agents authenticated?
DataDome is a cyber security solution that protects websites and APIs against bot traffic.
Any automated request coming from an unauthenticated bot or AI agent is categorized as a "Bad Bot" and is blocked by default.
DataDome classifies and authenticates thousands of Commercial bots and AI agents employed by hundreds of companies. Our customers can decide to authorize them based on their own bot policy.
If you would like to be part of our Verified Bot bot category, or if you want your AI agent to be identified by DataDome, you will need to:
- Use a dedicated UserAgent
- Set up one of the authentication mechanisms detailed below
- And finally reach our support team
For AI agents, you can fill this form.
1. Web Bot Auth
DataDome can cryptographically verify http signatures using the Web Bot Auth protocol, based on the HTTP Message Signatures standard. Requests to validate AI agent signatures via Web Bot Auth can be filled using this form.
2. Reverse DNS
DataDome can authenticate Commercial bots by running a two-way RDNS/DNS lookup.
This is a strong and real time solution, which is used by major search engines like Google or Bing.
3. Static IP
In case your bot is using static IP addresses, you can share the list of all possible IP addresses with us.
4. Dynamic IP List
DataDome can authenticate Commercial bots by fetching their IP list.
We have a process in place to download and update the IP list (similar to Pingdom and Uptime).
You simply have to create and maintain a file (CSV, JSON, Plaintext) including all IPs used by your bots.
5. Private AS
DataDome can authenticate Commercial bots by checking a combination of AS numbers. In order to be secure, the AS must be a private corporater AS, not a common host AS (AWS, GCP, Hetzner).
Updated 12 days ago