Skip to main content
title

Welcome to Deflect

Deflect is an advanced antibot engine that protects your site from bots on any scale. Unlike traditional CAPTCHAs, Deflect works invisibly in the background to provide seamless bot protection.

What Deflect protects against

  • Automated attacks: Headless browsers, scrapers, and automation tools
  • Malicious traffic: Proxy networks, VPNs, datacenter IPs, and Tor
  • Account abuse: Fake signups, credential stuffing, payment fraud
  • Data scraping: Content theft and competitive intelligence gathering

How it works

Deflect uses multiple layers of detection working together:
  1. Device fingerprinting - Analyzes browser characteristics and behavior
  2. IP reputation - Checks against our global threat database (Deflect Atlas)
  3. Behavioral analysis - Monitors user interactions and patterns
  4. Proof-of-work - Requires computational challenges when suspicious
  5. Integrity checks - Validates browser environment authenticity

Quick Setup (5 minutes)

Getting started with Deflect is simple:

Step 1: Get your credentials

  1. Sign up at deflect.bot and get your API key
  2. Create a Defense Action for your protected endpoint (login, signup, etc.)
  3. Copy your Action ID from the dashboard

Step 2: Add the client-side SDK

Add one line to your HTML or install via npm: 
<script src="https://cdn.jsdelivr.net/npm/@deflectbot/deflect-sdk@latest/dist/index.min.js"></script>

Step 3: Protect your frontend

Use @deflect-sdk@latest to always use the latest version, or specify a version with @[email protected]. 
Deflect.configure({ actionId: "YOUR_ACTION_ID" });
const token = await Deflect.getToken(); // returns token as string

Step 4: Verify on your backend

// Verify the token server-side
const response = await fetch("https://api.deflect.bot/verify", {
  method: "POST",
  body: JSON.stringify({
    api_key: "YOUR_API_KEY",
    action_id: "YOUR_ACTION_ID",
    token: token,
  }),
});
That’s it! Your endpoint is now protected from bots.

Next steps

I