ZeroBot ZeroBot API Reference
Docs Dashboard Get Started

ZeroBot REST API

Programmatically manage authorized domains, custom rules, traffic logs, IP allow/blocklists, and your shortener links. Test any endpoint live from this page — paste your license key in the top bar, fill in the parameters, and click Send Request.

v3 Stable <100ms p50 Bearer Auth JSON in/out CORS Enabled Live Tester

Quick Start

  1. Grab your license key from your dashboard and paste it into the key field at the top right — it's saved locally and reused for every test on this page.
  2. Send it as Authorization: Bearer YOUR_LICENSE_KEY on every API request, or use the X-License-Key header / ?license= query parameter.
  3. All responses use the same envelope: { "status": "ok", "data": ..., "meta": ... }.
  4. Errors return { "status": "error", "message": "..." } with a matching HTTP status code.
  5. Lists are paginated via ?page=1&per_page=25.

Open AntiBot Check

GET /v3/openapi

Lightweight external API for IP intelligence and bot detection. Pass an IP and optionally a domain and User-Agent. Returns IP classification (VPN, Tor, Datacenter), ISP, geolocation, and a bot verdict — without requiring custom rules.

Parameters
licenseREQUIRED string Your account license key.
ipREQUIRED string IP address to check.
domainREQUIRED string An authorized domain on your account. Required.
useragent string Visitor User-Agent string for bot pattern detection.
vpn integer 1 = block VPN (default), 0 = allow.
datacenter integer 1 = block datacenter (default), 0 = allow. 
curl https://zerobot.info/v3/openapi -G --data-urlencode "license=YOUR_LICENSE_KEY" --data-urlencode "ip=185.220.101.1" --data-urlencode "domain=https://example.com" \
     -H "Authorization: Bearer YOUR_LICENSE_KEY"
const res = await fetch("https://zerobot.info/v3/openapi?" +
  new URLSearchParams({
    license: "YOUR_LICENSE_KEY",
    ip:      "185.220.101.1",
    domain:  "https://example.com"
  }));
const data = await res.json();
r = requests.get("https://zerobot.info/v3/openapi", params={
    "license": "YOUR_LICENSE_KEY",
    "ip":      "185.220.101.1",
    "domain":  "https://example.com"
})
Try it
GET /v3/openapi
200 Example response
{
  "username": "aBcDeFgHiJk...",
  "asn":      "AS15169",
  "country_name": "United States",
  "isp":      "Google LLC",
  "is_bot":   false,
  "reason":   "ISP",
  "risk_score": 0,
  "vpn":      false,
  "tor":      false,
  "datacenter": false
}

Account stats & usage

GET /v3/account/stats

Returns the authenticated user's account info, plan, quota, lifetime/24h/7d traffic counters, and resource counts (domains, rules, whitelist, blacklist, links). The fastest way to power a "Status" widget in your own app.

Errors
401 Invalid or missing license key.
402 Plan expired — renew to continue.
403 Account suspended or unverified.
429 Quota exhausted. 
curl https://zerobot.info/v3/account/stats \
     -H "Authorization: Bearer YOUR_LICENSE_KEY"
const res = await fetch("https://zerobot.info/v3/account/stats", {
  headers: { "Authorization": "Bearer YOUR_LICENSE_KEY" }
});
const { data } = await res.json();
r = requests.get("https://zerobot.info/v3/account/stats",
  headers={"Authorization": "Bearer YOUR_LICENSE_KEY"})
Try it
GET /v3/account/stats
200 Example response
{
  "status": "ok",
  "data": {
    "account": {
      "username":  "yourname",
      "plan":      "Premium",
      "days_left": 287
    },
    "quota": { "remaining": "unlimited" },
    "lifetime": { "bots_blocked": 1001399, "humans_passed": 511864 },
    "last_24h": { "bots": 1240, "humans": 8765 },
    "resources": { "authorized_domains": 5, "custom_rules": 12 }
  }
}

List authorized domains

GET /v3/account/domains

Returns a paginated list of all domains authorized for your account.

Parameters
page integer Page number, default 1.
per_page integer Items per page (1-100), default 25. 
curl https://zerobot.info/v3/account/domains \
     -H "Authorization: Bearer YOUR_LICENSE_KEY"
fetch("https://zerobot.info/v3/account/domains", {
  headers: { "Authorization": "Bearer YOUR_LICENSE_KEY" }
})
requests.get("https://zerobot.info/v3/account/domains",
  headers={"Authorization": "Bearer YOUR_LICENSE_KEY"})
Try it
GET /v3/account/domains

Add an authorized domain

POST /v3/account/domains

Adds a domain to your authorized domains. Once added, you can attach rules and traffic will be tracked.

Parameters
domainREQUIRED string Domain to add (protocol stripped automatically).
Errors
400 Invalid domain format.
409 Domain already authorized. 
curl -X POST https://zerobot.info/v3/account/domains \
     -H "Authorization: Bearer YOUR_LICENSE_KEY" \
     -H "Content-Type: application/json" \
     -d '{"domain":"example.com"}'
fetch("https://zerobot.info/v3/account/domains", {
  method: "POST",
  headers: {
    "Authorization": "Bearer YOUR_LICENSE_KEY",
    "Content-Type": "application/json"
  },
  body: JSON.stringify({ domain: "example.com" })
})
requests.post("https://zerobot.info/v3/account/domains",
  headers={"Authorization": "Bearer YOUR_LICENSE_KEY"},
  json={"domain": "example.com"})
Try it
POST /v3/account/domains

Remove an authorized domain

DELETE /v3/account/domains

Removes a domain from your authorized list. Any rules attached to it should be deleted separately.

Parameters
domainREQUIRED string Domain to remove. 
curl -X DELETE https://zerobot.info/v3/account/domains \
     -H "Authorization: Bearer YOUR_LICENSE_KEY" \
     -H "Content-Type: application/json" \
     -d '{"domain":"example.com"}'
fetch("https://zerobot.info/v3/account/domains", {
  method: "DELETE",
  headers: { "Authorization": "Bearer YOUR_LICENSE_KEY", "Content-Type": "application/json" },
  body: JSON.stringify({ domain: "example.com" })
})
requests.delete("https://zerobot.info/v3/account/domains",
  headers={"Authorization": "Bearer YOUR_LICENSE_KEY"},
  json={"domain": "example.com"})
Try it
DELETE /v3/account/domains

List custom rules

GET /v3/account/rules

Returns paginated custom rules. Each rule defines blocking behavior for a specific authorized domain — VPN/Tor/datacenter blocking, allowed countries/devices, risk threshold, and edge cache TTL.

curl https://zerobot.info/v3/account/rules \
     -H "Authorization: Bearer YOUR_LICENSE_KEY"
fetch("https://zerobot.info/v3/account/rules", { headers: { "Authorization": "Bearer YOUR_LICENSE_KEY" } })
requests.get("https://zerobot.info/v3/account/rules", headers={"Authorization": "Bearer YOUR_LICENSE_KEY"})
Try it
GET /v3/account/rules

Create a custom rule

POST /v3/account/rules

Creates a custom rule for one of your authorized domains. The domain must already be in your authorized domains list. All fields are optional except link — only send the ones you want to set. Fields are organized into 4 groups: Basic Information, Blocking Controls, Cloaker & Grabber, and Analytics.

Parameters
linkREQUIRED string Basic Info → Antibot link / authorized domain (e.g. example.com or full URL). Domain must already be in your authorized domains list.
redirect_link string Basic Info → Where blocked visitors are sent. Accepts either a full URL (e.g. https://redirect.com) or a local file uploaded to your account (e.g. page.php, blocked.html).
block_vpn boolean Blocking → Block VPN traffic.
block_tor boolean Blocking → Block Tor traffic.
block_datacenter boolean Blocking → Block datacenter / hosting IPs.
fingerprint_mode boolean Blocking → Enable advanced browser fingerprint protection.
wildcard boolean Blocking → Apply rule to all subdomains of the authorized domain.
allowed_countries string Devices & Countries → Comma-separated ISO codes (e.g. US,GB,DE). Empty = allow all countries.
allowed_devices string Devices & Countries → Comma-separated device types: desktop,mobile,tablet. Empty = allow all.
check_red_page boolean Cloaker & Grabber → Enable Red Page checking.
cloaker_activate boolean Cloaker & Grabber → Enable cloaker — show different content to bots vs humans.
cloaker_url string Cloaker & Grabber → Clean website URL to show bots when cloaker is active (e.g. https://clean-website.com/).
autograbber boolean Cloaker & Grabber → Enable autograbber — automatically inject scripts/code into the response.
autograbber_code string Cloaker & Grabber → Custom code/HTML for autograbber to inject.
location_bots string Analytics → URL to send bot visitors to (e.g. https://google.com).
views_file_name string Analytics → Name of the views/visitors file on your server (e.g. views.php).
captcha_activation boolean Captcha → Enable Cloudflare Turnstile captcha challenge.
captcha_key string Captcha → Cloudflare Turnstile site key (e.g. 0x4AAAAAAA...).
captcha_domain string Captcha → Captcha domain name (optional, e.g. example.com).
captcha_logo string Captcha → URL to your logo for the captcha page (optional).
telegram_token string Telegram → Telegram bot token for visit notifications.
telegram_chat_id string Telegram → Telegram chat ID to send notifications to.
Errors
403 Domain not in your authorized domains.
409 A rule already exists for this domain. 
curl -X POST https://zerobot.info/v3/account/rules \
     -H "Authorization: Bearer YOUR_LICENSE_KEY" \
     -H "Content-Type: application/json" \
     -d '{
       "link": "example.com",
       "redirect_link": "https://redirect.com",
       "block_vpn": true,
       "block_tor": true,
       "block_datacenter": true,
       "fingerprint_mode": true,
       "allowed_countries": "US,GB,DE",
       "allowed_devices": "desktop,mobile",
       "cloaker_activate": true,
       "cloaker_url": "https://clean-website.com/",
       "captcha_activation": true,
       "captcha_key": "0x4AAAAAAA..."
     }'
fetch("https://zerobot.info/v3/account/rules", {
  method: "POST",
  headers: { "Authorization": "Bearer YOUR_LICENSE_KEY", "Content-Type": "application/json" },
  body: JSON.stringify({
    link:               "example.com",
    redirect_link:      "https://redirect.com",
    block_vpn:          true,
    block_tor:          true,
    block_datacenter:   true,
    fingerprint_mode:   true,
    allowed_countries:  "US,GB,DE",
    allowed_devices:    "desktop,mobile",
    cloaker_activate:   true,
    cloaker_url:        "https://clean-website.com/",
    captcha_activation: true,
    captcha_key:        "0x4AAAAAAA..."
  })
})
requests.post("https://zerobot.info/v3/account/rules",
  headers={"Authorization": "Bearer YOUR_LICENSE_KEY"},
  json={
    "link":               "example.com",
    "redirect_link":      "https://redirect.com",
    "block_vpn":          True,
    "block_tor":          True,
    "block_datacenter":   True,
    "fingerprint_mode":   True,
    "allowed_countries":  "US,GB,DE",
    "cloaker_activate":   True,
    "cloaker_url":        "https://clean-website.com/",
    "captcha_activation": True,
    "captcha_key":        "0x4AAAAAAA..."
  })
Try it
POST /v3/account/rules

Update a custom rule

PUT /v3/account/rules

Updates one or more fields of an existing rule. Only the fields you send are modified — others stay unchanged.

Parameters
idREQUIRED integer ID of the rule to update.
block_vpn boolean Any field from POST /v3/account/rules can be updated — send only the ones you want to change. 
curl -X PUT https://zerobot.info/v3/account/rules \
     -H "Authorization: Bearer YOUR_LICENSE_KEY" \
     -H "Content-Type: application/json" \
     -d '{"id":42,"block_vpn":false,"allowed_countries":"US,CA"}'
fetch("https://zerobot.info/v3/account/rules", {
  method: "PUT",
  headers: { "Authorization": "Bearer YOUR_LICENSE_KEY", "Content-Type": "application/json" },
  body: JSON.stringify({ id: 42, block_vpn: false, allowed_countries: "US,CA" })
})
requests.put("https://zerobot.info/v3/account/rules",
  headers={"Authorization": "Bearer YOUR_LICENSE_KEY"},
  json={"id": 42, "block_vpn": False, "allowed_countries": "US,CA"})
Try it
PUT /v3/account/rules

Delete a custom rule

DELETE /v3/account/rules

Permanently deletes a custom rule. The associated authorized domain stays intact.

Parameters
idREQUIRED integer ID of the rule to delete. 
curl -X DELETE https://zerobot.info/v3/account/rules \
     -H "Authorization: Bearer YOUR_LICENSE_KEY" \
     -H "Content-Type: application/json" \
     -d '{"id":42}'
fetch("https://zerobot.info/v3/account/rules", {
  method: "DELETE",
  headers: { "Authorization": "Bearer YOUR_LICENSE_KEY", "Content-Type": "application/json" },
  body: JSON.stringify({ id: 42 })
})
requests.delete("https://zerobot.info/v3/account/rules",
  headers={"Authorization": "Bearer YOUR_LICENSE_KEY"},
  json={"id": 42})
Try it
DELETE /v3/account/rules

Query traffic logs

GET /v3/account/traffic

Returns paginated traffic events seen by your domains. Supports filters by date range, country, bot status, and domain. Pass summary=1 to also get aggregate bot/human counts in meta.summary.

Parameters
page integer Page number.
per_page integer Items per page (max 100).
from date Start date YYYY-MM-DD.
to date End date YYYY-MM-DD.
is_bot boolean Filter to bots (true) or humans (false).
country string ISO country code.
domain string Filter by domain.
summary integer Set to 1 for aggregate counts. 
curl https://zerobot.info/v3/account/traffic -G --data-urlencode "from=2026-04-01" --data-urlencode "to=2026-04-07" --data-urlencode "summary=1" \
     -H "Authorization: Bearer YOUR_LICENSE_KEY"
const params = new URLSearchParams({ from: "2026-04-01", to: "2026-04-07", summary: 1 });
fetch("https://zerobot.info/v3/account/traffic?" + params, {
  headers: { "Authorization": "Bearer YOUR_LICENSE_KEY" }
})
requests.get("https://zerobot.info/v3/account/traffic",
  params={"from":"2026-04-01", "summary": 1},
  headers={"Authorization": "Bearer YOUR_LICENSE_KEY"})
Try it
GET /v3/account/traffic

List trusted IPs

GET /v3/account/whitelist

Returns paginated list of IPs in your whitelist. Whitelisted IPs always pass through, even if they would otherwise be blocked.

curl https://zerobot.info/v3/account/whitelist \
     -H "Authorization: Bearer YOUR_LICENSE_KEY"
fetch("https://zerobot.info/v3/account/whitelist", { headers: { "Authorization": "Bearer YOUR_LICENSE_KEY" } })
requests.get("https://zerobot.info/v3/account/whitelist", headers={"Authorization": "Bearer YOUR_LICENSE_KEY"})
Try it
GET /v3/account/whitelist

Add to whitelist (IP / Range / ASN)

POST /v3/account/whitelist

Whitelist supports three entry types: IP, CIDR Range, and ASN. Pass any combination of single values (ip, range, asn) or arrays (ips, ranges, asns). Up to 1000 entries per call. Duplicates skipped, invalid entries reported.

Parameters
ip string Single IPv4/IPv6 (e.g. 8.8.8.8).
ips array Array of IPs (max 1000).
range string Single CIDR range (e.g. 8.8.8.0/24).
ranges array Array of CIDR ranges (max 1000).
asn string Single ASN (e.g. AS15169 or 15169).
asns array Array of ASNs (max 1000). 
curl -X POST https://zerobot.info/v3/account/whitelist \
     -H "Authorization: Bearer YOUR_LICENSE_KEY" \
     -H "Content-Type: application/json" \
     -d '{"ips":["1.2.3.4","5.6.7.8"]}'
fetch("https://zerobot.info/v3/account/whitelist", {
  method: "POST",
  headers: { "Authorization": "Bearer YOUR_LICENSE_KEY", "Content-Type": "application/json" },
  body: JSON.stringify({ ips: ["1.2.3.4"] })
})
requests.post("https://zerobot.info/v3/account/whitelist",
  headers={"Authorization": "Bearer YOUR_LICENSE_KEY"},
  json={"ips": ["1.2.3.4"]})
Try it
POST /v3/account/whitelist

Remove from whitelist (IP / Range / ASN)

DELETE /v3/account/whitelist

Remove entries by their type. Pass ip/ips, range/ranges, or asn/asns — same shape as POST.

curl -X DELETE https://zerobot.info/v3/account/whitelist \
     -H "Authorization: Bearer YOUR_LICENSE_KEY" \
     -H "Content-Type: application/json" \
     -d '{"ip":"1.2.3.4"}'
fetch("https://zerobot.info/v3/account/whitelist", {
  method: "DELETE",
  headers: { "Authorization": "Bearer YOUR_LICENSE_KEY", "Content-Type": "application/json" },
  body: JSON.stringify({ ip: "1.2.3.4" })
})
requests.delete("https://zerobot.info/v3/account/whitelist",
  headers={"Authorization": "Bearer YOUR_LICENSE_KEY"},
  json={"ip": "1.2.3.4"})
Try it
DELETE /v3/account/whitelist

List blocked IPs

GET /v3/account/blacklist

Returns paginated list of IPs in your blacklist. Blacklisted IPs are always blocked regardless of other rules.

curl https://zerobot.info/v3/account/blacklist \
     -H "Authorization: Bearer YOUR_LICENSE_KEY"
fetch("https://zerobot.info/v3/account/blacklist", { headers: { "Authorization": "Bearer YOUR_LICENSE_KEY" } })
requests.get("https://zerobot.info/v3/account/blacklist", headers={"Authorization": "Bearer YOUR_LICENSE_KEY"})
Try it
GET /v3/account/blacklist

Add to blacklist (IP / Range / ASN)

POST /v3/account/blacklist

Blacklist supports three entry types: IP, CIDR Range, and ASN. Pass any combination of single values (ip, range, asn) or arrays (ips, ranges, asns). Up to 1000 entries per call.

Parameters
ip string Single IPv4/IPv6 to block.
ips array Array of IPs (max 1000).
range string Single CIDR range (e.g. 185.220.101.0/24).
ranges array Array of CIDR ranges (max 1000).
asn string Single ASN to block (e.g. AS14061).
asns array Array of ASNs (max 1000). 
curl -X POST https://zerobot.info/v3/account/blacklist \
     -H "Authorization: Bearer YOUR_LICENSE_KEY" \
     -H "Content-Type: application/json" \
     -d '{"ips":["185.220.101.1"]}'
fetch("https://zerobot.info/v3/account/blacklist", {
  method: "POST",
  headers: { "Authorization": "Bearer YOUR_LICENSE_KEY", "Content-Type": "application/json" },
  body: JSON.stringify({ ips: ["185.220.101.1"] })
})
requests.post("https://zerobot.info/v3/account/blacklist",
  headers={"Authorization": "Bearer YOUR_LICENSE_KEY"},
  json={"ips": ["185.220.101.1"]})
Try it
POST /v3/account/blacklist

Remove from blacklist (IP / Range / ASN)

DELETE /v3/account/blacklist

Remove blacklist entries by their type. Pass ip/ips, range/ranges, or asn/asns.

curl -X DELETE https://zerobot.info/v3/account/blacklist \
     -H "Authorization: Bearer YOUR_LICENSE_KEY" \
     -H "Content-Type: application/json" \
     -d '{"ip":"185.220.101.1"}'
fetch("https://zerobot.info/v3/account/blacklist", {
  method: "DELETE",
  headers: { "Authorization": "Bearer YOUR_LICENSE_KEY", "Content-Type": "application/json" },
  body: JSON.stringify({ ip: "185.220.101.1" })
})
requests.delete("https://zerobot.info/v3/account/blacklist",
  headers={"Authorization": "Bearer YOUR_LICENSE_KEY"},
  json={"ip": "185.220.101.1"})
Try it
DELETE /v3/account/blacklist