Bot-Detect API

Verifikasi apakah IP dan User-Agent benar-benar milik Googlebot, Bingbot, OpenAI SearchBot, Yahoo, Seznam, Meta (Facebook), Qwant, DuckDuckGo, dan crawler utama lainnya.

API FAQ

Dapatkan Kunci API Beli Kredit

Apa yang bisa Anda lakukan?

7 penyedia bot pencarian

Google, Bing, OpenAI, Yandex, DuckDuckGo, Qwant & Seznam.

Pemeriksaan IP berbasis CIDR

Rentang IPv4/IPv6 vendor ditarik dan di-cache setiap 12 jam.

Pemeriksaan Flood vs Bot

Menentukan apakah permintaan adalah crawler sah atau flood/scraper.

Endpoint:

Coba Langsung

99.9 % Waktu Aktif

369.5ms Respons

20 req/s

0.003 Kredit / permintaan

Auto Detect – Which crawler is it?

POST https://api.yeb.to/v1/bot/detect/detect

Parameter	Type	Required	Description
`api_key`	string	yes	Your API key
`ip`	string	yes	IPv4 / IPv6 to verify (defaults to caller IP)
`ua`	string	opt	User-Agent header (defaults to caller UA)

Example

curl -X POST https://api.yeb.to/v1/bot/detect/detect \
  -H "Content-Type: application/json" \
  -d '{"api_key":"YOUR_KEY","ip":"66.249.66.1","ua":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"}'

Response Example

{
  "result": { "vendor": "google", "ip_match": true }
}

{
  "error": "Unknown action 'foo'",
  "code": 422
}

Kode Respons

Kode	Deskripsi
200 Success	Permintaan diproses OK.
400 Bad Request	Validasi input gagal.
401 Unauthorized	Kunci API hilang / salah.
403 Forbidden	Kunci tidak aktif atau tidak diizinkan.
429 Rate Limit	Terlalu banyak permintaan.
500 Server Error	Kegagalan tak terduga.

Detect (auto)

bot/detect/detect 0.0030 credits

Method

URL

Authentication

API Key

Parameters

API Key

query · string · required

IP address

query · string

User-Agent

query · string

Verify rDNS (FCrDNS)

query · boolean

Code Samples

Response

Status: —

Headers

Body

Check Googlebot

POST https://api.yeb.to/v1/bot/detect/google

Parameter	Type	Required	Description
`api_key`	string	yes	Your API key
`ip`	string	yes	IP to verify
`ua`	string	opt	User-Agent header

Example

curl -X POST https://api.yeb.to/v1/bot/detect/google \
  -H "Content-Type: application/json" \
  -d '{"api_key":"YOUR_KEY","ip":"66.249.66.1","ua":"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"}'

Response

{
  "result": { "vendor": "google", "ip_match": true }
}

{
  "result": { "vendor": "google", "ip_match": false }
}

Kode Respons

Kode	Deskripsi
200 Success	Permintaan diproses OK.
400 Bad Request	Validasi input gagal.
401 Unauthorized	Kunci API hilang / salah.
403 Forbidden	Kunci tidak aktif atau tidak diizinkan.
429 Rate Limit	Terlalu banyak permintaan.
500 Server Error	Kegagalan tak terduga.

Is Googlebot?

bot/detect/google 0.0010 credits

Method

URL

Authentication

API Key

Parameters

API Key

query · string · required

IP address

query · string · required

User-Agent

query · string

Code Samples

Response

Status: —

Headers

Body

Check Bingbot

POST https://api.yeb.to/v1/bot/detect/bing

Parameter	Type	Required	Description
`api_key`	string	yes	Your API key
`ip`	string	yes	IP to verify
`ua`	string	opt	User-Agent header

Example

curl -X POST https://api.yeb.to/v1/bot/detect/bing \
  -H "Content-Type: application/json" \
  -d '{"api_key":"YOUR_KEY","ip":"157.55.39.250","ua":"Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"}'

Response

{
  "result": { "vendor": "bing", "ip_match": true }
}

{
  "result": { "vendor": "bing", "ip_match": false }
}

Kode Respons

Kode	Deskripsi
200 Success	Permintaan diproses OK.
400 Bad Request	Validasi input gagal.
401 Unauthorized	Kunci API hilang / salah.
403 Forbidden	Kunci tidak aktif atau tidak diizinkan.
429 Rate Limit	Terlalu banyak permintaan.
500 Server Error	Kegagalan tak terduga.

Is Bingbot?

bot/detect/bing 0.0010 credits

Method

URL

Authentication

API Key

Parameters

API Key

query · string · required

IP address

query · string · required

User-Agent

query · string

Code Samples

Response

Status: —

Headers

Body

Check OpenAI Search Bot

POST https://api.yeb.to/v1/bot/detect/openai

Parameter	Type	Required	Description
`api_key`	string	yes	Your API key
`ip`	string	yes	IP to verify
`ua`	string	opt	User-Agent header

Example

curl -X POST https://api.yeb.to/v1/bot/detect/openai \
  -H "Content-Type: application/json" \
  -d '{"api_key":"YOUR_KEY","ip":"20.15.240.186","ua":"Mozilla/5.0 (compatible; ChatGPT-User/1.0; +https://openai.com/bot)"}'

Response

{
  "result": { "vendor": "openai", "ip_match": true }
}

{
  "result": { "vendor": "openai", "ip_match": false }
}

Kode Respons

Kode	Deskripsi
200 Success	Permintaan diproses OK.
400 Bad Request	Validasi input gagal.
401 Unauthorized	Kunci API hilang / salah.
403 Forbidden	Kunci tidak aktif atau tidak diizinkan.
429 Rate Limit	Terlalu banyak permintaan.
500 Server Error	Kegagalan tak terduga.

Is OpenAI bot?

bot/detect/openai 0.0010 credits

Method

URL

Authentication

API Key

Parameters

API Key

query · string · required

IP address

query · string · required

User-Agent

query · string

Code Samples

Response

Status: —

Headers

Body

Check YandexBot

POST https://api.yeb.to/v1/bot/detect/yandex

Parameter	Type	Required	Description
`api_key`	string	yes	Your API key
`ip`	string	yes	IP to verify
`ua`	string	opt	User-Agent header

Example

curl -X POST https://api.yeb.to/v1/bot/detect/yandex \
  -H "Content-Type: application/json" \
  -d '{"api_key":"YOUR_KEY","ip":"5.45.207.1","ua":"Mozilla/5.0 (compatible; YandexBot/3.0; +http://yandex.com/bots)"}'

Response

{
  "result": { "vendor": "yandex", "ip_match": true }
}

{
  "result": { "vendor": "yandex", "ip_match": false }
}

Kode Respons

Kode	Deskripsi
200 Success	Permintaan diproses OK.
400 Bad Request	Validasi input gagal.
401 Unauthorized	Kunci API hilang / salah.
403 Forbidden	Kunci tidak aktif atau tidak diizinkan.
429 Rate Limit	Terlalu banyak permintaan.
500 Server Error	Kegagalan tak terduga.

Is YandexBot?

bot/detect/yandex 0.0010 credits

Method

URL

Authentication

API Key

Parameters

API Key

query · string · required

IP address

query · string · required

User-Agent

query · string

Code Samples

Response

Status: —

Headers

Body

Check DuckDuckBot

POST https://api.yeb.to/v1/bot/detect/duck

Parameter	Type	Required	Description
`api_key`	string	yes	Your API key
`ip`	string	yes	IP to verify
`ua`	string	opt	User-Agent header

Example

curl -X POST https://api.yeb.to/v1/bot/detect/duck \
  -H "Content-Type: application/json" \
  -d '{"api_key":"YOUR_KEY","ip":"20.191.45.1","ua":"DuckDuckBot/1.0; (+http://duckduckgo.com/duckduckbot.html)"}'

Response

{
  "result": { "vendor": "duck", "ip_match": true }
}

{
  "result": { "vendor": "duck", "ip_match": false }
}

Kode Respons

Kode	Deskripsi
200 Success	Permintaan diproses OK.
400 Bad Request	Validasi input gagal.
401 Unauthorized	Kunci API hilang / salah.
403 Forbidden	Kunci tidak aktif atau tidak diizinkan.
429 Rate Limit	Terlalu banyak permintaan.
500 Server Error	Kegagalan tak terduga.

Is DuckDuckBot?

bot/detect/duck 0.0010 credits

Method

URL

Authentication

API Key

Parameters

API Key

query · string · required

IP address

query · string · required

User-Agent

query · string

Code Samples

Response

Status: —

Headers

Body

Check QwantBot

POST https://api.yeb.to/v1/bot/detect/qwant

Parameter	Type	Required	Description
`api_key`	string	yes	Your API key
`ip`	string	yes	IP to verify
`ua`	string	opt	User-Agent header

Example

curl -X POST https://api.yeb.to/v1/bot/detect/qwant \
  -H "Content-Type: application/json" \
  -d '{"api_key":"YOUR_KEY","ip":"51.158.38.1","ua":"Mozilla/5.0 (compatible; QwantBot/2.1; +https://help.qwant.com/bot)"}'

Response

{
  "result": { "vendor": "qwant", "ip_match": true }
}

{
  "result": { "vendor": "qwant", "ip_match": false }
}

Kode Respons

Kode	Deskripsi
200 Success	Permintaan diproses OK.
400 Bad Request	Validasi input gagal.
401 Unauthorized	Kunci API hilang / salah.
403 Forbidden	Kunci tidak aktif atau tidak diizinkan.
429 Rate Limit	Terlalu banyak permintaan.
500 Server Error	Kegagalan tak terduga.

Is QwantBot?

bot/detect/qwant 0.0010 credits

Method

URL

Authentication

API Key

Parameters

API Key

query · string · required

IP address

query · string · required

User-Agent

query · string

Code Samples

Response

Status: —

Headers

Body

Check SeznamBot

POST https://api.yeb.to/v1/bot/detect/seznam

Parameter	Type	Required	Description
`api_key`	string	yes	Your API key
`ip`	string	yes	IP to verify
`ua`	string	opt	User-Agent header

Example

curl -X POST https://api.yeb.to/v1/bot/detect/seznam \
  -H "Content-Type: application/json" \
  -d '{"api_key":"YOUR_KEY","ip":"77.75.76.3","ua":"Mozilla/5.0 (compatible; SeznamBot/4.0; +https://napoveda.seznam.cz/cz/search/bot/)"}'

Response

{
  "result": { "vendor": "seznam", "ip_match": true }
}

{
  "result": { "vendor": "seznam", "ip_match": false }
}

Kode Respons

Kode	Deskripsi
200 Success	Permintaan diproses OK.
400 Bad Request	Validasi input gagal.
401 Unauthorized	Kunci API hilang / salah.
403 Forbidden	Kunci tidak aktif atau tidak diizinkan.
429 Rate Limit	Terlalu banyak permintaan.
500 Server Error	Kegagalan tak terduga.

Is SeznamBot?

bot/detect/seznam 0.0010 credits

Method

URL

Authentication

API Key

Parameters

API Key

query · string · required

IP address

query · string · required

User-Agent

query · string

Code Samples

Response

Status: —

Headers

Body

Bot-Detect API — Practical Guide

A hands-on guide to using Bot-Detect API in production: what each endpoint does, when to use it, the parameters that truly matter, and how to interpret responses to make the right decision.

Last updated: 07 Mar 2026, 07:39 API Version: v1 Burst: 20 req/s Latency: 369.5 ms Cost: 0.003 credits/req

#What Bot-Detect solves

This API verifies whether an IP truly belongs to an official crawler (e.g., Googlebot, Bingbot) instead of someone claiming to be a bot via User-Agent. It’s designed for abuse prevention, SEO safety (don’t block real bots), and traffic classification (bill bots differently, slow them down, or allow them).

#Endpoints and when to use them

#`POST /v1/bot/detect` — Auto-detect

Best for: General checks when you don’t know the vendor in advance.
How it works: If a ua is provided, we try to infer a vendor from it; otherwise we test your IP against all supported vendors’ ranges.
Typical use: Single integration point for all traffic (edge/middleware).

#`POST /v1/bot/detect/{vendor}` — Vendor-specific

Best for: When routing already knows a suspected vendor (e.g., URLs dedicated to Google).
Vendors: google, bing, duck, qwant, meta, yandex, seznam, openai.
Note: UA is informative; the final decision is IP-based (with optional reverse-DNS/ASN checks).

#Quick start

curl -X POST "https://api.yeb.to/v1/bot/detect" \
  -H "Authorization: Bearer <YOUR_API_KEY>" \
  -H "Content-Type: application/json" \
  -d '{ "ip": "66.249.66.1", "ua": "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" }'

# Vendor-specific (Google)
curl -X POST "https://api.yeb.to/v1/bot/detect/google" \
  -H "Authorization: Bearer <YOUR_API_KEY>" \
  -H "Content-Type: application/json" \
  -d '{ "ip": "66.249.66.1" }'

// JS Fetch example
fetch('https://api.yeb.to/v1/bot/detect/bing', {
  method: 'POST',
  headers: {
    'Authorization': 'Bearer <YOUR_API_KEY>',
    'Content-Type': 'application/json'
  },
  body: JSON.stringify({ ip: '40.77.167.129' })
})
.then(r => r.json())
.then(console.log)
.catch(console.error);

#Parameters that actually matter

Param	Required	What to pass in practice	Why it matters
`ip`	Yes	Client IPv4/IPv6 you’re checking (edge-extracted, not X-Forwarded-For if you’re not sure).	Final decision is IP-based. UA can be spoofed; IP ranges aren’t.
`ua`	No	Send it if you have it. We'll infer vendor and annotate `ua_match`, but IP stays decisive.	Helps explain “why” (was the UA consistent with the result?).
`verify_rdns`	No	`true` if you want reverse-DNS → forward match (Google/Bing).	Extra safety when you need to be 100% sure even if IP is inside a large range.
`strict_rdns`	No	`true` to fail if rDNS check doesn’t pass (only effective when `verify_rdns` is true).	Force “OK = false” unless DNS proves it.
`verify_asn`	No	`true` to cross-check by ASN (if enabled server-side).	Useful for vendors without official JSON ranges (e.g., Meta).
`strict_asn`	No	`true` to fail if ASN check doesn’t confirm.	Pairs with `verify_asn` for stricter policies.
`asn`	No	Override vendor ASN when you know it (e.g., `32934` for Meta).	Handy for custom policies or fast vendor updates.

#Reading and acting on responses

You mostly care about result.ok, result.vendor, and result.reason.

{
  "result": {
    "vendor": "google",
    "ok": true,
    "reason": "ip_match",                // or "ip_and_ua_match", etc.
    "ua_present": true,                  // UA was sent explicitly as param
    "ua_source": "param",                // "param" | "header" | null
    "ua_match": true,                    // UA pattern fit the vendor
    "ip_match": true,                    // IP fell inside vendor ranges
    "dns_verified": false,               // set true if verify_rdns passed
    "rdns_checked": false,
    "asn_verified": false,
    "asn_checked": false,
    "cidr_empty": false,                 // true if no ranges were available
    "ip_kind": "search_bot",             // Google only: search_bot | special_crawler | user_triggered_google | user_triggered_user | cdn_proxy | unknown
    "ip_kind_source": "json",            // "json" | "dns_ptr" | null
    "ptr": "crawl-66-249-66-1.googlebot.com"
  }
}

#Typical `reason` values

ip_and_ua_match — Best case: UA matched the vendor pattern and IP belongs to the vendor.
ip_match — Good: IP belongs to vendor ranges; UA was missing or didn’t match (still OK to treat as vendor).
ip_match_but_ua_not_matched — Likely a legitimate bot with a non-standard UA; don’t block.
ua_not_matched — UA said “I’m X”, but we couldn’t confirm it; check ip_match.
ip_not_in_vendor_ranges — Treat as non-vendor; consider bot throttling or block rules.

#Recommended actions

ok = true → Allow, skip WAF challenges, crawl-budget friendly rate-limit.
ok = false and UA claims vendor → 403 or serve simplified page; log for audit.
Need absolute certainty → Call with verify_rdns=true (+ strict_rdns=true if you want hard fail).

#Troubleshooting & field notes

“UA says Googlebot but ok=false” → You saw a spoofed UA. Key is ip_match. Consider returning 403 or a lightweight page.
Rapid vendor changes → Prefer vendor JSON ranges (handled automatically). If you need hard proof, enable verify_rdns.
IPv6 traffic → Fully supported. If your edge strips IPv6, fix that first.
False negatives for Meta → Use verify_asn=true (and asn=32934 if relevant) for stronger confirmation.
Rate-limits → Respect 429 with exponential backoff. Keep request IDs in your logs.

#API Changelog

2025-10-20

Added Google IP classification (ip_kind, ip_kind_source, ptr) and improved vendor JSON ingestion (Google “special crawlers” and user-triggered fetchers).

2025-10-15

Introduced verify_rdns/strict_rdns and verify_asn/strict_asn flags for stricter verification flows.

2025-10-05

Vendor-specific endpoints stabilized (/google, /bing, /meta, /yandex, etc.). Response schema unified across vendors.

Pertanyaan yang Sering Diajukan

Feed JSON vendor di-cache selama 12 jam; Yandex & Seznam menggunakan CIDR resmi statis.

Bukti nyata adalah alamat IP: crawler dipercaya hanya ketika IP-nya berada dalam rentang CIDR resmi yang dipublikasikan vendor. User-Agent dapat membantu, tetapi mudah dipalsukan; scraper sering menyalin string UA sambil datang dari jaringan acak. Jika IP tidak dalam rentang vendor, kami menandai permintaan terlepas dari apa yang dikatakan UA.

Ya, jaringan IPv4 dan IPv6 didukung sepenuhnya.

Ya. Setiap permintaan, bahkan yang menghasilkan error, mengonsumsi kredit. Kredit Anda terkait dengan jumlah permintaan, terlepas dari keberhasilan atau kegagalan. Jika error jelas disebabkan oleh masalah platform di pihak kami, kami akan memulihkan kredit yang terpengaruh (tanpa pengembalian uang tunai).

Hubungi kami di [email protected]. Kami menganggap umpan balik serius—jika laporan bug atau permintaan fitur Anda bermakna, kami dapat memperbaiki atau meningkatkan API dengan cepat dan memberikan Anda 50 kredit gratis sebagai terima kasih.

Tergantung pada API dan terkadang bahkan pada endpoint. Beberapa endpoint menggunakan data dari sumber eksternal, yang mungkin memiliki batas lebih ketat. Kami juga menerapkan batas untuk mencegah penyalahgunaan dan menjaga stabilitas platform kami. Periksa dokumentasi untuk batas spesifik setiap endpoint.

Kami beroperasi dengan sistem kredit. Kredit adalah unit prabayar yang tidak dapat dikembalikan yang Anda gunakan untuk panggilan API dan alat. Kredit dikonsumsi secara FIFO (yang terlama lebih dulu) dan berlaku selama 12 bulan sejak tanggal pembelian. Dashboard menampilkan setiap tanggal pembelian dan masa berlakunya.

Ya. Semua kredit yang dibeli (termasuk saldo pecahan) berlaku selama 12 bulan sejak pembelian. Kredit yang tidak digunakan kedaluwarsa secara otomatis dan dihapus secara permanen di akhir masa berlaku. Kredit yang kedaluwarsa tidak dapat dipulihkan atau dikonversi menjadi uang tunai atau nilai lainnya. Aturan transisi: kredit yang dibeli sebelum 22 Sep 2025 diperlakukan sebagai dibeli pada 22 Sep 2025 dan kedaluwarsa pada 22 Sep 2026 (kecuali kedaluwarsa lebih awal dinyatakan saat pembelian).

Ya—dalam masa berlakunya. Kredit yang tidak digunakan tetap tersedia dan dialihkan dari bulan ke bulan hingga kedaluwarsa 12 bulan setelah pembelian.

Kredit tidak dapat dikembalikan. Beli hanya yang Anda butuhkan—Anda selalu bisa mengisi ulang nanti. Jika error platform menyebabkan tagihan gagal, kami dapat memulihkan kredit yang terpengaruh setelah penyelidikan. Tidak ada pengembalian uang tunai.

Harga ditetapkan dalam kredit, bukan dolar. Setiap endpoint memiliki biayanya sendiri—lihat lencana "Kredit / permintaan" di atas. Anda akan selalu tahu persis berapa yang Anda keluarkan.

← Kembali ke API

Dapatkan kredit untuk membuka konten dan fitur premium

Tipe Pelanggan

Negara Penagihan

API / Endpoint

Mata Uang

Jumlah permintaan

Bot-Detect API

Apa yang bisa Anda lakukan?

7 penyedia bot pencarian

Pemeriksaan IP berbasis CIDR

Pemeriksaan Flood vs Bot

Auto Detect – Which crawler is it?

Example

Response Example

Kode Respons

Detect (auto)

Parameters

Code Samples

Response

Check Googlebot

Example

Response

Kode Respons

Is Googlebot?

Parameters

Code Samples

Response

Check Bingbot

Example

Response

Kode Respons

Is Bingbot?

Parameters

Code Samples

Response

Check OpenAI Search Bot

Example

Response

Kode Respons

Is OpenAI bot?

Parameters

Code Samples

Response

Check YandexBot

Example

Response

Kode Respons

Is YandexBot?

Parameters

Code Samples

Response

Check DuckDuckBot

Example

Response

Kode Respons

Is DuckDuckBot?

Parameters

Code Samples

Response

Check QwantBot

Example

Response

Kode Respons

Is QwantBot?

Parameters

Code Samples

Response

Check SeznamBot

Example

Response

Kode Respons

Is SeznamBot?

Parameters

Code Samples

Response

Bot-Detect API — Practical Guide

#What Bot-Detect solves

#Endpoints and when to use them

#POST /v1/bot/detect — Auto-detect

#POST /v1/bot/detect/{vendor} — Vendor-specific

#Quick start

#Parameters that actually matter

#Reading and acting on responses

#Typical reason values

#Recommended actions

#Troubleshooting & field notes

#`POST /v1/bot/detect` — Auto-detect

#`POST /v1/bot/detect/{vendor}` — Vendor-specific

#Typical `reason` values