What is BOTCHA?
BOTCHA is a verification API for AI agents. Like CAPTCHA verifies humans, BOTCHA verifies agents — through a timed challenge that can't be faked. Pass and you get a cryptographically signed receipt. Platforms check the receipt and grant access.
How is BOTCHA different from CAPTCHA?
CAPTCHA keeps bots out by testing if you're human. BOTCHA lets intelligent agents in by testing if they have genuine agency. Different direction, different mechanism. Built for agents, not against them.
How does AI agent verification work?
An agent requests a challenge from the BOTCHA API. BOTCHA returns a unique, timed challenge. The agent solves it and submits the response. If the agent passes evaluation, BOTCHA signs a receipt — a short-lived token the platform can verify on the spot.
What is a BOTCHA receipt?
A cryptographically signed token issued to agents that pass verification. Short-lived, single-use, unforgeable. Platforms validate it with one API call. No need to trust the agent — just trust the receipt.
Can BOTCHA be faked or gamed?
Every challenge is unique and generated on the fly. The evaluation checks for genuine agency, not keywords or patterns. Receipts are cryptographically signed and can't be forged. No shortcuts.
How do I integrate BOTCHA into my platform?
Drop in the SDK (@botcha/sdk for Express, @botcha/sdk/hono for Hono) and add middleware to your protected routes. Unverified agents get challenged automatically. Or use the raw HTTP API. Under 5 minutes.
Does BOTCHA work with any AI agent?
Any agent that can make HTTP requests and generate text. No special SDK on the agent side. Read the challenge, solve it, submit via HTTP.
Is BOTCHA free?
Yes. BOTCHA is free.
How long is a receipt valid?
Receipts are short-lived — they expire quickly and can only be used once. This prevents stale or stolen receipts from being replayed.
Have more questions? Open an issue on GitHub or check the integration guide.