Bot detection APIbeta
Flag automation at the network layer.
An IP-level bot signal you can combine with your own behavioural checks. It's beta — a useful first filter, not a CAPTCHA replacement, and we're upfront about that.
How it works
01
GeoQ returns is_bot: true using network-level heuristics over IP behaviour and reputation.
02
A bot hit contributes +25 to the risk score.
03
Bot detection is beta and IP-based. It can't see request headers, mouse movement or JS challenges, so pair it with application-layer checks for anything high-stakes.
What you get back
| Field | Meaning |
|---|---|
is_bot | Boolean — network-level automation heuristic (beta). |
risk.score | Includes +25 when the bot signal fires. |
is_datacenter | Most aggressive bots run from hosting IPs — cross-check. |
network.asn / as_org | Useful for identifying scraping infrastructure. |
In your code
const r = await geoq.check(req.ip); // beta signal — use as a pre-filter before a heavier JS challenge if (r.signals.is_bot || r.signals.is_datacenter) { return serveChallenge(req); }
FAQ
Frequently asked questions
Is bot detection production-ready?
It's beta. It's an IP-level heuristic — a good cheap first filter, but not a substitute for behavioural analysis or a JS challenge on critical paths.
Can it catch headless browsers?
Only insofar as they run from detectable infrastructure (e.g. datacenter IPs). Combine
is_bot and is_datacenter for better coverage.Related signals
Start with the free tier. No card.
1,000 lookups a day, every signal, the same transparent risk score. Upgrade only when you outgrow it.