ConfigurationCreate a rule

POST /v1/projects/{project}/rules

Create a custom bot rule. The expression is compiled and validated to a safe AST before it's stored.

curl -X POST https://api.botect.ai/v1/projects/123/rules \
  -H "Authorization: Bearer YOUR_ACCOUNT_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Protect login from bots",
    "expression": "score < 30 AND path == "/login" AND NOT verified_bot",
    "action": "block",
    "sort_order": 10
  }'

{
  "id": 7,
  "project_id": 123,
  "name": "Protect login from bots",
  "expression_source": "score < 30 AND path == "/login" AND NOT verified_bot",
  "action": "block",
  "is_active": true,
  "sort_order": 10,
  "created_at": "2026-06-14T10:00:00Z",
  "updated_at": "2026-06-14T10:00:00Z"
}

Creates a custom rule. The expression is parsed and validated into a safe AST at save time — an invalid or out-of-grammar expression is rejected with 422 here, never at evaluation time.

POST https://api.botect.ai/v1/projects/{project}/rules

Authentication

Account API token via Authorization: Bearer <token>. The project must belong to the token's account. See Authentication.

Path parameters

Body

body
namestring
Required

Human-readable label. Surfaces in the verdict reason when the rule matches.

body
expressionstring
Required

A boolean expression in the rule grammar over allow-listed signal fields.

body
actionstring
Required

What to do when the rule matches: block, challenge, allow, log, or delay.

body
is_activeboolean

Whether the rule is evaluated. Default true.

body
sort_orderinteger

Evaluation order (ascending). Default 0.

Example

Errors

StatuscodeWhen
401UNAUTHENTICATEDMissing / bad account token
403Project does not belong to the token's account
422INVALID_PAYLOADMissing field, invalid action, or an expression with an unknown field, type/operator mismatch, unbalanced parens, or out-of-grammar token

See Rules for the grammar and worked examples.

Was this page helpful?