BCS Pro Middleware

Active bot enforcement. Server-side. Three lines of code.

Sign up

Get your API key at sensor.html. Free tier includes 5,000 calls/month.

Install middleware

Copy the code below into your server. Python, Node.js, or Vercel Edge.

Bots get handled

Every request is checked against 172+ bot conduct scores. Bad bots get blocked automatically.

How it works

Score ≥ 70

ALLOW

Score 50–69

THROTTLE

Unknown bot

CHALLENGE

Score < 50

BLOCK

The middleware fails open — if the BCS API is unreachable, the request passes through. Your site never goes down because of us.

Python (Flask)

Node.js (Express)

Vercel Edge

Python — Flask / FastAPI

Requirements: pip install requests

"""BCS Pro Middleware"""
import requests

BCS_API_KEY = "YOUR_API_KEY"
BCS_URL = "https://botconduct.org/api/score"

def bcs_check(request):
    try:
        r = requests.post(BCS_URL, json={
            "ua": request.headers.get("User-Agent", ""),
            "ip": request.remote_addr,
            "path": request.path,
            "api_key": BCS_API_KEY
        }, timeout=0.2)
        return r.json()
    except:
        return {"action": "allow"}  # fail open

# Flask usage:
# @app.before_request
# def check_bots():
#     verdict = bcs_check(request)
#     if verdict["action"] == "block":
#         return "Access denied", 403
#     if verdict["action"] == "throttle":
#         return "Rate limited", 429

Download bcs_middleware.py

Node.js — Express

No dependencies required (uses native fetch).

const BCS_API_KEY = "YOUR_API_KEY";

async function bcsMiddleware(req, res, next) {
  try {
    const r = await fetch("https://botconduct.org/api/score", {
      method: "POST",
      headers: { "Content-Type": "application/json" },
      body: JSON.stringify({
        ua: req.headers["user-agent"] || "",
        ip: req.ip,
        path: req.path,
        api_key: BCS_API_KEY
      }),
      signal: AbortSignal.timeout(200)
    });
    const verdict = await r.json();
    if (verdict.action === "block")
      return res.status(403).send("Access denied by BCS");
    if (verdict.action === "throttle")
      return res.status(429).send("Rate limited");
    req.bcsVerdict = verdict;
    next();
  } catch {
    next(); // fail open
  }
}

module.exports = bcsMiddleware;

// Usage:
// const bcsMiddleware = require("./bcs_middleware");
// app.use(bcsMiddleware);

Download bcs_middleware.js

Vercel Edge Middleware

Save as middleware.js in your project root.

export default async function middleware(req) {
  try {
    const verdict = await fetch("https://botconduct.org/api/score", {
      method: "POST",
      headers: { "Content-Type": "application/json" },
      body: JSON.stringify({
        ua: req.headers.get("user-agent") || "",
        ip: req.headers.get("x-forwarded-for") || "",
        path: new URL(req.url).pathname,
        api_key: "YOUR_API_KEY"
      })
    }).then(r => r.json());

    if (verdict.action === "block")
      return new Response("Blocked by BCS", { status: 403 });
    if (verdict.action === "throttle")
      return new Response("Rate limited", {
        status: 429,
        headers: { "Retry-After": "60" }
      });
  } catch {}
}

Download bcs_vercel.js

API Reference — POST /api/score

Send a JSON body with the visitor's details. Get back a verdict in <100ms.

Request

{
  "ua": "Mozilla/5.0 ... GPTBot/1.3 ...",
  "ip": "74.7.241.33",
  "path": "/api/products",
  "api_key": "bcs-xxxxx"
}

Response

{
  "bot": true,
  "bot_name": "GPTBot",
  "operator": "OpenAI",
  "score": 0,
  "rating": "hostile",
  "action": "block",
  "certified": false,
  "cert_level": 0
}

Actions

allow — Score ≥ 70. Let the request through.
throttle — Score 50–69. Return 429 with Retry-After.
challenge — Unknown bot. Return captcha or JS challenge.
block — Score < 50. Return 403.

Get your API key (free)

Free tier: 5,000 calls/month. Pro: 50,000 calls/month for $99.