Introduction
KaizoCore is a behavioral-biometric detection engine for bots and fraud — continuous liveness, not a one-shot fingerprint check.
KaizoCore protects checkout, login, and signup flows from bots and fraud — using continuous behavioral signal and server-attested crypto, not a fingerprint you check once and trust for the rest of the session.
One script tag, one API call
Drop KaizoCore's collector script on your site, then call POST /v1/decide
from your backend before a sensitive action. You get back ALLOW,
ALLOW_WATCH, SOFT_CHALLENGE, REVIEW, or BLOCK — usually in under a
second.
Choose your path
I'm integrating KaizoCore
Script tag, API call, response handling — start to finish in one page.
I want to understand the architecture
Why continuous liveness beats one-shot fingerprinting, and how every layer fits together.
I'm configuring an existing integration
Policy overrides, block/allow lists, webhooks, API keys.
I need the API reference
Full request/response schema for /v1/decide, event types, and score bands.
What makes KaizoCore different
Most bot detection is fingerprint-first: collect a stable set of browser signals once, hash them, and trust the hash for the rest of the session. The problem is that fingerprints are static, and static things get harvested and replayed by commodity anti-detect tools. KaizoCore treats liveness as continuous instead — see Why KaizoCore for the full reasoning, or jump straight to How it works for the architecture.
Is KaizoCore right for you?
KaizoCore is built for transactional endpoints — checkout, login, signup, payment — where a single bad decision has a clear cost (a scalped ticket, a fraudulent order, a credential-stuffed account). It is not a general-purpose WAF or a CDN-level rate limiter; it sits at the application layer, called explicitly from your backend at the moment a decision matters.
Support
This documentation is the primary reference. For anything not covered here, reach out through your KaizoCore dashboard.