// FOR DEVELOPERS & PLATFORMS

Human verification
as an API call.

One API. Continuous session verification. Real-time human trust scores using cognitive biometrics and biological signals — no hardware, no government ID, works on any device.

GET EARLY API ACCESS → VIEW INTEGRATION DOCS
<2s avg verification time
6+ biological signals measured
0px hardware required
REST drop-in API integration

USE CASES

Built for platforms
with real exposure.

Every platform that allows user accounts, content creation, or financial action is exposed to bots and AI agents. NotBot closes the gap.

📝
ONLINE ASSESSMENTS & EXAMS

Continuous presence verification during tests. Flag when a human is no longer at the keyboard — without requiring hardware proctoring. Built for the price points that work in India.

EDTECH · CERTIFICATION · HR TESTING
🛒
MARKETPLACE TRUST

Verify that sellers and reviewers are real humans before they can affect your trust score. Reduce bot-driven fake reviews, fraudulent listings, and synthetic seller accounts.

E-COMMERCE · FREELANCE · REVIEWS
💬
COMMUNITY & FORUM INTEGRITY

Gate posting privileges, votes, and reputation behind human verification. Stop coordinated bot campaigns without putting real users through broken CAPTCHA flows.

FORUMS · DAOs · SOCIAL PLATFORMS
🏦
FINTECH KYC LAYER

Add a biological liveness check to your onboarding flow before document verification — catching AI-generated fake applicants before they hit your KYC pipeline.

NEOBANKS · LENDING · WALLETS
🎮
GAMING & COMPETITIVE PLATFORMS

Detect AI agents and bots in competitive sessions. Verify human input during ranked play, tournaments, and reward distributions without breaking the user experience.

ESPORTS · TOURNAMENTS · REWARDS
📜
AI ACT COMPLIANCE

India IT Rules 2026 are live. EU AI Act enforcement hits August 2026. Platforms must verify and disclose humans vs AI. NotBot API is your compliance infrastructure.

REGULATORY · LEGAL EXPOSURE · AUDIT

SIGNAL STACK

What the API
actually measures.

No single signal is the verification. The ensemble — multiple independent biological and behavioral signals — is what makes spoofing economically unviable.

⌨️

KEYSTROKE DYNAMICS

Inter-key timing, dwell time, and flight time patterns. Governed by your neuromuscular system — as unique as a fingerprint.

HIGH UNIQUENESS
🖱️

MOTOR CONTROL PATTERNS

Cursor trajectory, overshoot, and correction behavior. Controlled by the cerebellum — impossible to perfectly replicate programmatically.

HARD TO SPOOF

REACTION TIMING VARIANCE

Nerve conduction speed governs the minimum reaction time a human can achieve. AI agents react too fast or too uniformly.

VERY HARD TO SPOOF
💓

REMOTE PHOTOPLETHYSMOGRAPHY

Microscopic skin color changes caused by blood flow — visible through any device camera. Deepfakes have no blood vessels.

BIOLOGICAL SIGNAL
😲

INVOLUNTARY CARDIAC RESPONSE

Unexpected stimuli trigger measurable heart rate changes through the autonomic nervous system. Impossible to fake without an actual nervous system.

HARDEST TO SPOOF
🔄

SESSION CONSISTENCY SCORE

Cross-signal consistency check across the session. Behavioral drift, timing inconsistency, and signal gaps are weighted and flagged.

ENSEMBLE LAYER

INTEGRATION

Ship in
under an hour.

REST API. Webhook callbacks. Drop-in JS widget for the verification flow. Works with any backend stack.

01

EMBED THE WIDGET

Drop one script tag into your page. The NotBot widget handles the full verification UX — cognitive test and optional biological scan. No frontend build required.

02

RECEIVE A SESSION TOKEN

When verification completes, the widget emits a signed session token. Pass it to your backend for server-side validation.

03

VALIDATE SERVER-SIDE

One API call to validate the token. Response includes the Human Trust Score, signal breakdown, and confidence level. You decide the threshold.

04

CONTINUOUS SESSION MONITORING (OPTIONAL)

For exam and high-stakes use cases: stream live score updates via webhook. Get notified when trust drops below your threshold mid-session.

notbot-integration.js
JavaScript
Python
Response
// 1. Embed widget (frontend)
import { NotBot } from '@notbot/widget';

NotBot.init({
  apiKey: 'nb_live_xxxxxxxxxxxx',
  mode: 'cognitive+bio',   // or 'cognitive'
  onComplete: (token) => {
    // Pass token to your backend
    verifyOnServer(token);
  }
});

// 2. Validate server-side (Node.js)
const result = await fetch(
  'https://api.notbot.id/v1/verify',
  {
    method: 'POST',
    headers: {
      'Authorization': `Bearer ${API_KEY}`,
      'Content-Type': 'application/json'
    },
    body: JSON.stringify({ token })
  }
);

const { score, signals, verdict } = await result.json();

if (score < 70) {
  // Block or flag session
}

PRICING

Transparent.
Usage-based.

Pay per verification. No per-seat pricing. No lock-in. Enterprise contracts available for volume commitments.

// SANDBOX
₹0 / month
500 verifications/mo · no card required
  • Full API access (sandbox)
  • Cognitive verification (Phase 1)
  • JS widget + REST API
  • Webhook support
  • Community support
  • Biological verification
  • Continuous session monitoring
  • SLA guarantee
START FREE →
// ENTERPRISE
Custom
10,000+ verifications/mo · annual contract
  • Everything in Growth
  • Volume pricing (from ₹1/verification)
  • Custom signal tuning per use case
  • Dedicated account manager
  • 99.9% SLA + uptime guarantee
  • On-prem / VPC deployment option
  • Compliance documentation (DPDP/GDPR)
  • Direct Slack/WhatsApp support
CONTACT US →

Early access partners get locked-in pricing. Rates will increase after public launch. · All prices + GST


REGULATORY COVERAGE

The law is your
sales team.

Platforms that don't distinguish humans from AI bots are now legally exposed. NotBot API is the compliance layer that handles it.

🇮🇳
INDIA IT RULES 2026 — LIVE NOW

Mandatory AI labelling, identity disclosure protocols, and 3-hour deepfake removal obligations. Platforms that can't verify human vs. AI activity lose safe-harbour protection.

LIVE · FEB 2026
🇪🇺
EU AI ACT — ARTICLE 50

Users must be informed when interacting with AI systems. Deepfakes and AI-generated content require machine-readable markers. Fines up to €35M or 7% of global turnover.

ENFORCEMENT · AUG 2026
🔒
DATA PRIVACY — DPDP ACT

NotBot stores only derived feature vectors, never raw biometric data. Explicit consent flows built-in. Data residency in India (Mumbai). Audit logs available for enterprise customers.

PRIVACY-FIRST DESIGN
🌍
COUNCIL OF EUROPE AI CONVENTION

International treaty on AI transparency and human oversight, signed by the US, UK, EU and others. Platforms operating globally need human verification infrastructure now.

RATIFICATION 2026

Get early API access.
Lock in founding rates.

We're onboarding a small group of design partners before public launch. You get locked-in pricing, direct access to the founding team, and your use case shapes the roadmap.

REQUEST ACCESS →

// No spam · Response within 24 hours · notbot.id.founder@gmail.com

FAQ

Common
questions.

How is this different from Worldcoin / proof-of-personhood?
Worldcoin does one-time identity verification using iris scanning hardware. NotBot does continuous session verification — proving a human is actively present throughout an interaction, not just at sign-up. No hardware, no orb, works on any device. We're also B2B API-first; Worldcoin is consumer-first. Different use cases, different layers.
What happens to biometric data?
We store derived feature vectors (mathematical representations), never raw biometric data. The original keystrokes, video frames, and mouse movements are processed on-device or immediately discarded. Stored data is encrypted at rest, hosted in Mumbai (India), and deletable on request. Full compliance documentation available for enterprise customers.
What are the false accept and false reject rates?
We're in active pilot testing and will publish accuracy benchmarks before public launch. We prefer to show real numbers over marketing claims. Early testing shows FAR (false accept rate) below 4% for the cognitive ensemble. rPPG accuracy improves significantly with adequate lighting and a front-facing camera — we document device requirements clearly so you can set appropriate expectations for your users.
Can a sophisticated attacker spoof the system?
No single-signal system is unbreakable. Our defense is the ensemble — spoofing keystroke dynamics requires a different toolkit than spoofing rPPG, which requires a different toolkit than spoofing involuntary cardiac response. The cost of attacking all signals simultaneously makes it economically unviable for most threat models. We're transparent about this: NotBot raises the cost of attack, it doesn't make attack impossible. That's true of every security system.
Does biological verification (rPPG) work on all devices?
rPPG works on most modern front-facing cameras in adequate lighting. We run a pre-scan check before measurement — if conditions are insufficient, we fall back to cognitive-only verification with a clear user message. The system degrades gracefully; it doesn't fail silently.
What's the SLA and uptime guarantee?
Enterprise contracts include 99.9% uptime SLA with credits for downtime. Growth tier customers have best-effort SLA during early access. We'll publish a public status page before launch.