The author Simon MJ Garrett
Sat Oct 12 2024
botpoisonform protectionblog
Main hero image

Installing Botpoison in Less Than Ten Minutes — Clean Form Protection with Little Fuss

Protecting forms from spam and bots is a critical part of any website’s security strategy. Traditional CAPTCHA services are a popular choice, but they often frustrate users with image recognition tasks, puzzles, or hard-to-read text. This inconvenience leads to user frustration, reducing form completion rates and impacting your site’s overall experience. Enter Botpoison—a modern, frictionless, and developer-friendly solution for protecting your forms from bots without annoying users.

In this post, I’ll guide you through installing Botpoison in less than ten minutes, explaining why it’s a fantastic alternative to CAPTCHAs and showing how you can easily integrate it into your site to block spam without sacrificing usability.

Why Botpoison?

Botpoison is different from traditional anti-bot solutions in several key ways:

  1. Invisible to Users: Unlike traditional CAPTCHAs that add friction by asking users to solve challenges, Botpoison operates silently in the background, making it completely transparent to the end user.
  2. Developer-Friendly: Botpoison offers an easy-to-use API that integrates seamlessly with any form. Whether you’re using a contact form, login page, or newsletter signup, adding Botpoison is straightforward.
  3. Privacy-Focused: Many CAPTCHA services rely on extensive tracking or invasive data collection. Botpoison takes a privacy-conscious approach, limiting data collection to only what’s necessary to detect and prevent bots.
  4. Minimal Setup: Botpoison is easy to install and integrates with just a few lines of code.

With these advantages in mind, let’s dive into how you can install and configure Botpoison on your website.

Step 1: Sign Up for a Botpoison Account

Before you can start using Botpoison, you’ll need an account. Head over to the Botpoison website and sign up. The process is quick and straightforward, and you’ll get access to a dashboard where you can manage your API keys and track activity.

Once you’ve signed up, log in to your Botpoison account and create an API key. This key will allow your website to communicate with Botpoison’s API, enabling the form protection.

Finding Your API Key

After logging in, navigate to the API Keys section in your dashboard. There, you’ll find your API key, which you will need to include in your website’s code to integrate Botpoison.

Step 2: Add Botpoison to Your Website

Now that you have your API key, it’s time to integrate Botpoison with your website. Botpoison can be easily added to any form using a small piece of JavaScript.

Example Form

Let’s say you have a simple HTML contact form like this:

<form action="/submit-form" method="POST">
  <input type="text" name="name" placeholder="Your Name" required>
  <input type="email" name="email" placeholder="Your Email" required>
  <textarea name="message" placeholder="Your Message" required></textarea>
  <button type="submit">Send Message</button>
</form>

To protect this form with Botpoison, all you need to do is include their JavaScript in the form and pass the necessary API key.

Adding Botpoison JavaScript

In the <head> section of your HTML, add the Botpoison script:

<script src="https://cdn.botpoison.com/botpoison.js" async></script>

Now, modify your form to include the Botpoison API key and a hidden field to capture the token generated by Botpoison. Here’s the updated form:

<form action="/submit-form" method="POST" id="contact-form">
  <input type="text" name="name" placeholder="Your Name" required>
  <input type="email" name="email" placeholder="Your Email" required>
  <textarea name="message" placeholder="Your Message" required></textarea>
  
  <!-- Hidden field for Botpoison token -->
  <input type="hidden" name="botpoison-token" id="botpoison-token">

  <button type="submit">Send Message</button>
</form>

<script>
  botpoison({
    publicKey: 'your-public-api-key', // Replace with your Botpoison API key
    form: document.getElementById('contact-form'),
    field: document.getElementById('botpoison-token')
  });
</script>

With this small change, your form is now protected by Botpoison. The script automatically communicates with Botpoison’s API, generating a token that verifies the legitimacy of the form submission. If a bot tries to submit the form, the request is flagged, and you can decide how to handle it.

Step 3: Handle Form Submission on the Server

On the backend, you’ll need to verify the token that Botpoison generates for each form submission. This verification ensures that the form is being submitted by a human, not a bot.

Here’s an example of how you might verify the Botpoison token in Node.js using the popular axios library for HTTP requests:

const axios = require('axios');

app.post('/submit-form', async (req, res) => {
  const botpoisonToken = req.body['botpoison-token'];

  // Verify the Botpoison token
  try {
    const response = await axios.post('https://api.botpoison.com/v1/verify', {
      secretKey: 'your-secret-api-key', // Replace with your secret API key
      token: botpoisonToken
    });

    if (response.data.success) {
      // Proceed with form submission processing
      console.log('Form submission verified.');
      res.send('Form submitted successfully.');
    } else {
      // Handle failed verification (likely a bot)
      console.error('Bot detected.');
      res.status(403).send('Bot detected, form submission blocked.');
    }
  } catch (error) {
    console.error('Error verifying Botpoison token:', error);
    res.status(500).send('Error processing form.');
  }
});

In this example, the server verifies the Botpoison token by sending it to Botpoison’s API along with your secret API key. If the response indicates that the form submission is legitimate, you can process the form data as usual. If the token fails verification, the server can reject the request, preventing bots from spamming your forms.

Step 4: Test Your Integration

Once you’ve set up Botpoison on both the client and server sides, it’s important to test your integration to ensure everything works as expected.

  1. Submit the form: Go to your website and submit the form with valid data. If the submission goes through and you see the success message, everything is working correctly.
  2. Simulate bot behavior: Try submitting the form with automated tools or missing the Botpoison token. This should trigger the bot detection logic, and the server should block the submission.

By testing both normal and bot-like submissions, you can verify that Botpoison is properly protecting your forms.

Step 5: Monitor Activity in the Dashboard

Once Botpoison is integrated, you can monitor form submissions, blocked requests, and overall activity through the Botpoison dashboard. This real-time data gives you insight into how effectively Botpoison is preventing spam and bot traffic on your site.

Conclusion

In less than ten minutes, you can add robust, invisible bot protection to your forms using Botpoison. With just a small snippet of JavaScript and a quick backend integration, Botpoison helps you safeguard your site from bots while maintaining a seamless user experience.

No more CAPTCHA frustration, no invasive tracking—just clean, simple form protection. Plus, the quick setup and developer-friendly API make it a great choice for anyone looking for an anti-bot solution that requires little fuss.

If you’re looking for a modern, privacy-conscious approach to blocking bots, Botpoison is an excellent tool to consider. Give it a try, and see how easy it is to keep your forms spam-free!