Get Bot Verdict

cURL

curl --request POST \
  --url https://api.deflect.bot/verify \
  --header 'Content-Type: application/json' \
  --data '
{
  "api_key": "<string>",
  "action_id": "<string>",
  "token": "<string>"
}
'

{
  "success": true,
  "verdict": {
    "can_pass": true
  },
  "device": {
    "fingerprint": "<string>",
    "user_agent": "<string>",
    "languages": "<string>",
    "timezone": "<string>",
    "os": "<string>",
    "is_mobile": true
  },
  "ip": {
    "address": "<string>",
    "type": "<string>",
    "is_datacenter": true,
    "is_proxy": true,
    "is_tor": true,
    "is_vpn": true,
    "is_threat": true,
    "is_bogon": true,
    "asn": "<string>",
    "asn_number": 123
  },
  "location": {
    "city": "<string>",
    "postal_code": "<string>",
    "country": "<string>",
    "continent": "<string>",
    "latitude": 123,
    "longitude": 123
  },
  "session": {
    "started_at": "2023-11-07T05:31:56Z",
    "finished_at": "2023-11-07T05:31:56Z"
  }
}

POST

verify

cURL

curl --request POST \
  --url https://api.deflect.bot/verify \
  --header 'Content-Type: application/json' \
  --data '
{
  "api_key": "<string>",
  "action_id": "<string>",
  "token": "<string>"
}
'

{
  "success": true,
  "verdict": {
    "can_pass": true
  },
  "device": {
    "fingerprint": "<string>",
    "user_agent": "<string>",
    "languages": "<string>",
    "timezone": "<string>",
    "os": "<string>",
    "is_mobile": true
  },
  "ip": {
    "address": "<string>",
    "type": "<string>",
    "is_datacenter": true,
    "is_proxy": true,
    "is_tor": true,
    "is_vpn": true,
    "is_threat": true,
    "is_bogon": true,
    "asn": "<string>",
    "asn_number": 123
  },
  "location": {
    "city": "<string>",
    "postal_code": "<string>",
    "country": "<string>",
    "continent": "<string>",
    "latitude": 123,
    "longitude": 123
  },
  "session": {
    "started_at": "2023-11-07T05:31:56Z",
    "finished_at": "2023-11-07T05:31:56Z"
  }
}

Response Format

The API returns detailed information about the request, including:

Verdict - Whether the request should be allowed (can_pass: true/false)
Device information - Browser details, fingerprint, user agent
IP analysis - Location, threat indicators, proxy/VPN detection
Session data - Timing and behavioral analysis

Testing

For local development, use test action IDs that return predictable results without consuming API credits:

Success: t/FFFFFFFFFFFFF/111111111 (always returns can_pass: true)
Failure: t/FFFFFFFFFFFFF/000000000 (always returns can_pass: false)

See the Defense Actions guide for more details.

Body

application/json

Plant to add to the store

api_key

string

required

Your Deflect API Key

action_id

string

required

Your Deflect Action ID

token

string

required

The user session token from the protected endpoint.

Response

Successful response

success

boolean

verdict

object

Show child attributes

verdict.can_pass

boolean

device

object

Show child attributes

device.fingerprint

string

device.user_agent

string

device.languages

string

device.timezone

string

device.os

string

device.is_mobile

boolean

object

Show child attributes

ip.address

string

ip.type

string

ip.is_datacenter

boolean

ip.is_proxy

boolean

ip.is_tor

boolean

ip.is_vpn

boolean

ip.is_threat

boolean

ip.is_bogon

boolean

ip.asn

string

ip.asn_number

integer

location

object

Show child attributes

location.city

string

location.postal_code

string

location.country

string

location.continent

string

location.latitude

number

location.longitude

number

session

object

Show child attributes

session.started_at

string<date-time>

session.finished_at

string<date-time>

Wordpress Plugin Email Intelligence

⌘I

Get Started

Client-Side

Endpoints

Get Bot Verdict

Response Format

Testing

Body

Response

Get Started

Client-Side

Endpoints

​Response Format

​Testing

Body

Response

Response Format

Testing