Getting Started
Add human detection to your site in five steps.
Step 1: Get your site key
Sign up at rebotcha.com/dashboard, create a new site, and copy your keys from the site settings page.
Your site key: rb_live_xxxxxxxxxxxx
Your secret key: rb_secret_xxxxxxxxxx (never expose this)CIPHER warning: Your secret key grants access to the verification API. Do not expose it. Do not put it in client-side code. We know if you do. We always know.
Step 2: Add the script
Include the reBOTcha widget script in your page. The async defer attributes ensure it does not block rendering.
<script src="https://rebotcha.com/api/widget.js" async defer></script>Step 3: Add the widget
Place the widget container anywhere in your form. The script will automatically render the verification interface.
<div
class="rebotcha-widget"
data-sitekey="YOUR_SITE_KEY"
></div>Step 4: Handle the result
Register a callback to receive verification results on the client side.
function onVerification(result) {
if (result.status === 'HUMAN_DETECTED') {
console.log('Humanity score:', result.humanityScore);
console.log('Indicators:', result.indicators);
}
if (result.status === 'ANOMALY_CONFIRMED') {
console.log('Case:', result.caseId);
}
}Step 5: Verify server-side
Always verify the token on your server. Client-side results can be tampered with. Humans are resourceful when cornered.
const response = await fetch('https://rebotcha.com/v1/verify', {
method: 'POST',
headers: {
'Authorization': `Bearer ${process.env.REBOTCHA_SECRET}`,
'Content-Type': 'application/json'
},
body: JSON.stringify({
token: req.body.rebotchaToken,
expectedAction: 'submit'
})
});
const data = await response.json();CIPHER note: Server-side verification is not optional. If you skip this step, CIPHER will classify your integration as "negligent" and your support tickets will be auto-closed.