Hasty Briefsbeta

"Passport" for Web Agents: Web Bot Auth

13 days ago
https://developers.cloudflare.com/bots/reference/bot-verification/web-bot-auth/
Copy Link
  • #bots
  • #cloudflare
  • #authentication
  • Web Bot Auth uses cryptographic signatures in HTTP messages to verify automated bot requests.
  • Requires generating an Ed25519 private key and converting the public key to JSON Web Key (JWK).
  • Host a key directory at `/.well-known/http-message-signatures-directory` serving a JWKS.
  • Key directory must be served over HTTPS and include signature headers for validation.
  • Register the bot in Cloudflare dashboard under 'Verified Bots' with Request Signature method.
  • Sign requests with `@authority` derived component and required headers: `Signature-Input`, `Signature`, and `Signature-Agent`.
  • Cloudflare validates Ed25519 keys and provides tools like `http-signature-directory` CLI for directory validation.
  • Resources include Cloudflare blogs, Rust library, and npm package for Web Bot Auth integration.
AboutLogin