getting started

Integration guide

Platform-by-platform setup instructions for Next.js, Express, Laravel, and more.

This guide walks through integration for the most common server environments. All examples assume you have already added the client snippet and retrieved a token.

Next.js (App Router)

ts
// app/api/contact/route.ts
import { sentinel } from "@botardo/server";
import { NextResponse } from "next/server";

export async function POST(req: Request) {
  const token = req.headers.get("x-bot-token") ?? "";
  const { score, confidence } = await sentinel.verify(token);

  if (score > 75) {
    return NextResponse.json({ error: "blocked" }, { status: 403 });
  }

  // process the form...
  return NextResponse.json({ ok: true });
}

Express / Node.js

ts
import express from "express";
import { sentinel } from "@botardo/server";

const app = express();
app.use(express.json());

app.post("/contact", async (req, res) => {
  const token = req.headers["x-bot-token"] as string ?? "";
  const { score } = await sentinel.verify(token);

  if (score > 75) return res.status(403).json({ error: "blocked" });
  // process...
  res.json({ ok: true });
});

PHP / Laravel

php
use Botardo\Sentinel;

Route::post('/contact', function (Request $request) {
    $result = Sentinel::verify($request->header('x-bot-token'));

    if ($result->score > 75) {
        abort(403);
    }

    // process...
});
**Note:** The PHP SDK is available via Composer: `composer require botardo/server`.

Token location

If the x-bot-token header is not available (e.g. HTML form <form method="post">), Botardo falls back to injecting a hidden field named _bt. Read it from the form body:

ts
const token = req.body["_bt"] ?? req.headers["x-bot-token"] ?? "";
How scoring worksFAQ