ConfigurationEnable scoring

POST /v1/projects/{project}/scoring

Enable bot scoring on a project and mint its site key and private key. The private key is returned once.

curl -X POST https://api.botect.ai/v1/projects/123/scoring \
  -H "Authorization: Bearer YOUR_ACCOUNT_TOKEN"

{
  "site_key": "pk_2bX…",
  "private_key": "sk_9aQ…",
  "bot_settings": {
    "allow_verified": true,
    "protect_static": true,
    "block_definite": false,
    "challenge_likely": false
  },
  "likely_bot_threshold": 30
}

Turns scoring on for a project and mints the data-plane credentials: a site key (pk_…, public) and a private key (sk_…, secret). Idempotent — calling it again while already enabled returns the existing site key and a null private key (Botect only stores the private key's hash, so it can't re-show it).

POST https://api.botect.ai/v1/projects/{project}/scoring

Authentication

Account API token via Authorization: Bearer <token>. The project must belong to the token's account. Reachable without an active subscription, so you can configure a project before subscribing. See Authentication.

Path parameters

path
projectinteger
Required

The project ID to enable scoring on.

Example

Response fields

site_keystring
Required

The public site key (pk_…) for ingest.

private_keystring | null
Required

The secret private key (sk_…) for verdict reads — returned only on first enablement. null if scoring was already enabled; rotate to get a new one.

bot_settingsobject
Required

The project's enforcement toggles (observe-first defaults). See Score bands.

likely_bot_thresholdinteger
Required

The bot/human boundary T (default 30).

Store the private_key immediately — it is shown once and cannot be recovered, only rotated.

Errors

StatuscodeWhen
401UNAUTHENTICATEDMissing / bad account token
403Project does not belong to the token's account
Was this page helpful?