Continuous human presence verification using cognitive biometrics and biological signals. No hardware. No government ID. Works on any device in under 2 minutes.
// POST /v1/verify { "score": 91, "verdict": "HUMAN", "confidence":"HIGH", "signals": { "keystroke":{ "score":94, "pass":true }, "motor": { "score":88, "pass":true }, "rppg": { "score":91, "pass":true }, "cardiac": { "score":92, "pass":true } }, "latency_ms":340 }
Every system built for humans is being exploited. CAPTCHAs are solved by AI in milliseconds. Traditional KYC doesn't verify liveness.
NotBot provides an API that verifies biological human presence using signals from the nervous system — keystroke dynamics, motor control, reaction timing, and remote photoplethysmography through the browser camera. No hardware. Any device.
Output is a continuous Human Trust Score (0–100) with per-signal breakdown, delivered via REST and webhook. Your system decides what to do with it.
Any platform that allows user accounts, content creation, or financial action is exposed. NotBot closes the gap.
Continuous presence verification during tests — without hardware proctoring. Flags when a human is no longer at the keyboard.
EDTECH · HR TESTING · CERTIFICATIONVerify sellers and reviewers are real humans before they affect trust scores. Stop bot-driven fake reviews and synthetic listings.
E-COMMERCE · FREELANCE · REVIEWSAdd a biological liveness layer before document KYC — catching AI-generated applicants before they hit your pipeline.
NEOBANKS · LENDING · WALLETSGate posting and voting behind human verification. Stop coordinated bot campaigns without breaking UX.
FORUMS · DAOs · SOCIAL PLATFORMSDetect AI agents in ranked sessions. Verify human input during tournaments and reward distributions.
ESPORTS · TOURNAMENTS · REWARDSIndia IT Rules 2026 live. EU AI Act hits August 2026. NotBot API is your compliance infrastructure for human vs AI disclosure.
INDIA · EU · AUDIT TRAILREST API. Webhook callbacks. Drop-in JS widget. Works with any backend stack.
One script tag. The NotBot widget handles the full verification UX — cognitive test and optional biological scan. No build step required.
On completion the widget emits a signed, short-lived session token. Pass it to your backend for server-side validation.
One API call returns the Human Trust Score (0–100), per-signal breakdown, and verdict. You set the threshold — block, flag, or allow.
For exam/high-stakes sessions: stream live score updates via webhook. Get notified when trust drops mid-session.
// 1. frontend widget import { NotBot } from '@notbot/widget'; NotBot.init({ apiKey: 'nb_live_xxxx', mode: 'cognitive+bio', onComplete: (token) => verifyOnServer(token) }); // 2. server-side validation const res = await fetch( 'https://api.notbot.id/v1/verify', { method:'POST', headers:{'Authorization':`Bearer ${KEY}`}, body:JSON.stringify({token}) } ); const{score,verdict}=await res.json(); if(score<70) block();
No single signal is the verification. The ensemble — multiple independent biological and behavioral signals — is what makes spoofing economically unviable.
Inter-key timing, dwell time, flight time. Governed by your neuromuscular system.
Cursor trajectory, overshoot, correction behavior. Controlled by the cerebellum.
Nerve conduction governs minimum reaction time. AI reacts too fast or too uniformly.
Microscopic skin color changes from blood flow — visible through any browser camera.
Unexpected stimuli trigger measurable heart rate changes via the autonomic nervous system.
Cross-signal ensemble check across the session. Drift and timing gaps are weighted.
Both demos run in your browser, no account required. Exactly what your users experience when you integrate NotBot.
Type a sentence. React to stimuli. Keystroke dynamics, motor patterns, and reaction timing analyzed and scored. 60 seconds.
LAUNCH TEST →Camera reads heartbeat through skin color changes. A deepfake has no blood vessels. This is what separates biology from pixels. 20 seconds.
LAUNCH SCAN →Platforms that can't distinguish humans from AI are now legally exposed. NotBot API is the compliance infrastructure.
Mandatory AI labelling, identity disclosure, 3-hour deepfake removal. Platforms lose safe-harbour without verification infrastructure.
LIVE · FEB 2026Users must be informed when interacting with AI. Deepfakes require machine-readable markers. Fines up to €35M or 7% of global turnover.
ENFORCEMENT · AUG 2026Only derived feature vectors stored — never raw biometric data. Data residency in India. Consent flows built-in. DPDP compliant.
PRIVACY-FIRSTWe're onboarding design partners before public launch. Locked-in terms, direct team access, your use case shapes the roadmap.