search

Overview

OpenBotAuth provides official SDKs for integrating signature verification directly into your applications. Both SDKs follow the same design principles:

  • No local cryptography - All verification is delegated to the OpenBotAuth verifier service

  • Middleware support - Drop-in middleware for popular frameworks

  • Observe mode - Non-blocking verification for gradual rollout

  • Security-first - Sensitive headers are never forwarded

hashtag
Available SDKs

SDK
Package
Frameworks

Node.js / TypeScript

@openbotauth/verifier-clientarrow-up-right

Express, Next.js

Python

openbotauth-verifierarrow-up-right

FastAPI, Flask, Starlette

hashtag
When to Use SDKs

Use the SDK approach when:

  • You want fine-grained control over verification logic

  • You need to integrate with your existing authentication/authorization

  • You want to make policy decisions in your application code

  • You're building a Node.js or Python application

hashtag
Alternative: Proxy

If you prefer a zero-code approach or use a different language/framework, consider the OpenBotAuth Proxy which sits in front of any HTTP backend.

hashtag
Core Concepts

hashtag
Verification Flow

hashtag
Middleware Modes

Both SDKs support two middleware modes:

Mode
Behavior

observe (default)

All requests pass through; verification result attached to request

require-verified

Protected paths return 401 if verification fails

hashtag
Request State

After middleware processing, verification state is attached to the request:

Previousregistry-signer PackageNextNode.js / TypeScript

Last updated