Noxtica Documentation
Welcome to the Noxtica documentation. Noxtica is a bot-detection platform that helps you tell real visitors apart from automated and fraudulent traffic — so you can protect signups, logins, checkout, and the rest of your product.
What is Noxtica?
Noxtica looks at the many small signals every visitor’s browser and device naturally produce, then cross-checks them for consistency to spot bots, automation tools, and suspicious behavior. Real users leave a coherent picture; fakers leave contradictions.
Key Capabilities
- Device recognition: Build a stable, privacy-respecting picture of each visitor from a wide range of browser and device signals
- Bot detection: Catch automation, headless setups, and visitors pretending to be something they’re not by spotting the contradictions they leave behind
- Calibrated risk scoring: Get a 0-100 risk score, a confidence level, and a plain-language risk tier you can act on
- Real-time API: Look up a visitor’s risk from your backend in well under a tenth of a second
- Multi-tenant: Manage multiple sites and domains from a single account
Platform Components
| Component | Description |
|---|---|
| Collector SDK | A small JavaScript snippet you add to your website |
| Collector API | A globally distributed service that scores visitors instantly |
| Backoffice | Admin dashboard for analytics, API keys, and configuration |
| Server API | A simple API for looking up visitor risk from your backend |
Quick Start
1. Get Your Site Key
After signing up, log into the Backoffice and add your domain. You’ll receive a Site Key (pk_prod_...).
2. Add the Collector
Embed the collector on your website:
<script
src="https://collect.noxtica.com/collector/noxtica.js"
data-site-key="pk_prod_your_site_key_here"
data-auto-init
data-auto-check-once
async
></script>Content Security Policy
If your site uses a content-security-policy, you’ll need to allow Noxtica to load and run. The snippet below covers everything the collector needs — including its tamper-resistant runtime, the KHAN VM.
Content-Security-Policy:
default-src 'self';
script-src 'self' 'wasm-unsafe-eval' https://collect.noxtica.com;
connect-src 'self' https://collect.noxtica.com;If the policy is missing one of these, the collector keeps working but with weaker tamper protection. See the Getting Started → Content Security Policy section for the full reference and troubleshooting.
3. Receive Risk Scores
The collector hands you a risk assessment in real time:
document.addEventListener('noxtica:collected', function (e) {
console.log('Risk Score:', e.detail.score);
console.log('Risk Level:', e.detail.risk_level);
console.log('Flags:', e.detail.flags);
});4. Server-side Lookups (Optional)
For server-side decisions, create an API key and query devices:
curl -H "Authorization: Bearer sk_prod_your_api_key" \
"https://collect.noxtica.com/v1/device/DEVICE_ID"Guides
- Getting Started: Complete setup guide including SDK options and configuration
- Browser Runtime: How the SDK works in the browser, caching, events, and troubleshooting
- Backend Integration: Server-side API integration for visitor lookups
Risk Levels
Every visitor gets a plain-language risk level based on their score, so your team can act without reading the fine print:
| Score | Level | Meaning |
|---|---|---|
| 0-19 | minimal | Normal behavior, no red flags |
| 20-39 | low | Minor anomalies detected |
| 40-59 | medium | Some suspicious signals |
| 60-79 | high | Likely automation or spoofing |
| 80-100 | critical | Strong bot indicators |
Live Demo
Try fingerprinting yourself: Live Demo
Dashboard
Manage your account: Backoffice
At a Glance
- SDK Version: 3.2.0 (Schema: 2026-01-10)
- Deployment: Globally distributed for low latency everywhere
- Latency: Visitors scored in well under a tenth of a second
- Authentication: Handled automatically by the SDK — nothing to manage
- Default Collection Interval: 7 days (configurable)
Support
- Contact: Contact us for support or sales inquiries
- Demo Request: Request a demo to see Noxtica in action