Skip to main content

Arkose Labs bot protection

Community-contributed integration

This integration is community-maintained. Reference: ory/integrates/fraud-bot-protection/arkose-labs.

Arkose Labs is a bot-detection and fraud-prevention platform with adaptive enforcement challenges. It runs invisible risk scoring and escalates to interactive puzzles only when warranted.

How it works

  1. Registration / login UI embeds the Arkose Labs client SDK; the SDK runs scoring + an optional challenge and returns a one-time token.
  2. Form submits to Ory's flow with the token.
  3. An Ory Action on registration.before / login.before (with can_interrupt: true) calls your handler.
  4. Handler POSTs to Arkose https://customer-api.arkoselabs.com/api/v4/verify/ with the token + private key; checks solved == true.
  5. On fail, handler returns an error and the Ory flow blocks.

Notable

  • Two Arkose keys: Public Key (client SDK) and Private Key (server verify). Never expose Private.
  • Arkose tokens are one-time use — retrying verify with the same token returns not_valid.
  • Use a per-flow token; don't reuse across registration and login.

Resources

Ory Network

The largest Identity and Access Management network in the world. So you can get back to building your business.

Sign up for free