> ## Documentation Index
> Fetch the complete documentation index at: https://docs.fingerprint.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Bot Detection Overview

> Overview of Fingerprint bot detection for AI automation, browsers and tools

## What is Fingerprint Bot Detection?

Fingerprint Bot Detection detects automated activity on your websites or API endpoints. It detects both AI tools (agents, assistants) and traditional bots. When performing bot detection, Fingerprint analyzes hundreds of browser attributes and network signals and gives you back a bot detection result with one of three values:

* **Good bot** - includes several categories of bots, such as authorized AI agents, AI assistants, verified search crawlers, marketing, monitoring, and SEO optimization tools.
* **Bad bot** - includes browser automation tools like Selenium, Puppeteer, Playwright, or anything that impersonates verified tools. Bad bots can take over accounts, submit spam, steal passwords, scrape data, waste resources, etc.
* **Bot not detected** - the visitor is likely a human using a regular browser.

<Expandable title="AI tools detection" defaultOpen>
  Fingerprint supports the detection of AI tools, such as AI agents and AI assistants. When an AI tool is detected, additional bot metadata is returned in the `bot_info` object that includes:

  * Category (`ai_assistant`, `ai_agent`, etc)
  * Identity (`signed`, `verified`, `unknown`, or `spoofed`)
  * Provider (who operates the bot, e.g. OpenAI)
  * Name (the name of the bot, e.g. ChatGPT)
</Expandable>

You can use the provided bot detection result to better understand your AI and human traffic or implement protective measures against malicious bots.

## How to enable Fingerprint Bot Detection?

If you want to use Fingerprint Bot Detection, upgrade to the Pro Plus plan. If you have an Enterprise plan, reach out to your Customer Success Manager or [Fingerprint support team](https://fingerprint.com/support/).

## Integrating Bot Detection

Bot detection supports two integration methods: JavaScript agent and Flow worker (does not require JavaScript). They can be used together.

### JavaScript agent integration

This method is ideal to detect browser automation or AI agents that orchestrate browsers. It also supports anti-detect browsers, and traditional browser automation libraries, such as Playwright, Selenium, or Puppeteer.

To use this integration:

1. Add the [JavaScript agent](/docs/install-the-javascript-agent) in the frontend part of your web application.
2. Get the [`event_id`](/reference/js-agent-v4-get-function#event_id) from the JavaScript agent response and pass it to your server.
3. Use [Fingerprint Events API](https://docs.fingerprint.com/reference/server-api-v4-get-event)  from your backend to retrieve the Bot Detection result. Use the information about AI tools and bots in your business logic.

### JavaScript agent

The JavaScript agent is a client-side library that collects browser signals and sends them to the Fingerprint backend. The library returns an object with multiple fields, but for Bot detection only the `event_id` is needed to get the results on the backend.

<Note>
  **Bot Detection and JavaScript agent versions**

  Bot Detection works only with JavaScript agent version 3.7.0 or newer. Check your version and [update](/docs/migrating-from-previous-versions) it if needed.
</Note>

### Bot Detection results on the client side

Since the data from the client browser might be spoofed by fraudulent parties, Fingerprint strongly recommends server verification using the [Server API](/reference/server-api-v4-get-event).

Bad actors can replace the `event_id` with a fake value or completely delete this field. Check the request timestamp returned by the Server API – it shouldn't be older than several seconds or minutes depending on the implemented scenario. If the `event_id` doesn't pass the verification, you need to ask your users for additional verification (CAPTCHA, 2FA) or deny access to the requested resource.

However, the most secure way of using the Fingerprint platform is [Zero Trust Mode](/docs/zero-trust-mode) which makes only `event_id` available on the frontend.

### Flow worker integration (currently in beta)

If you want to detect AI tools and bots at the edge level, use the Flow integration running on Cloudflare.

Flow workers can detect AI agents, AI assistants, and bots that access your pages and API endpoints. Importantly, API endpoint bot management is only supported by the Flow worker integration option.

After [enabling **Edge Bot Detection**](https://docs.fingerprint.com/docs/flow-deployments#using-a-flow-worker-to-detect-bots-at-the-edge), the Flow worker provides IP intelligence and bot detection data to your pages and API endpoints by setting HTTP request headers in the requests it forwards. The headers are delivered to your protected origins synchronously with each request.

This method does not require the JavaScript agent and will work for all bot types.

To get the best bot detection accuracy and coverage, use Flow worker integration together with the JavaScript agent integration.

### Native mobile libraries

Bot Detection doesn't currently support native mobile libraries.

### Fingerprint's SDKs and libraries

Bot Detection is supported by all [provided client and server-side libraries](/reference/server-sdks), but the AI tool detection results are available in [server API v4](/reference/server-api-v4-get-event) or later.

## Identification and Bot Detection

Fingerprint Identification and Bot Detection produce the best results when used together.

A combination of Identification and Bot Detection gives you a powerful tool to prevent online fraud. Using both products is recommended. One JavaScript agent running in the browser and one `event_id` value to get both identification and bot detection results on the backend without additional latency.

### Useful links

* [**Bot Directory**](https://docs.fingerprint.com/docs/bot-detection/bot-directory) - list of bots and AI agents Fingerprint can detect