Getting Started

ZXERO protects your website from bots while allowing you to monetize legitimate automated access. Get started in minutes.

Installation

Add the ZXERO firewall script to your site's <head> section:

<script src="https://cdn.jsdelivr.net/npm/@zxero/firewall@2/dist/firewall.umd.js"
        data-site-key="YOUR_SITE_KEY"></script>

Replace YOUR_SITE_KEY with your actual site key from the dashboard.

How It Works

1. Detection: Our ML model analyzes browser fingerprints in real-time
2. Decision: Bots are blocked or shown a Stripe Checkout paywall
3. Verification: Paid access tokens are server-verified with HMAC signatures
4. Payout: You receive 90% of bot access fees automatically

Configuration

Customize ZXERO with data attributes:

• data-auto-check="true" - Automatically check on page load (default: true)
• data-debug="true" - Enable console logging (default: false)

Server-Side Verification

For sensitive operations, verify ZXERO decisions on your backend:

const crypto = require('crypto');

function verifyToken(token, secret) {
  const [header, payload, signature] = token.split('.');
  const data = header + '.' + payload;
  const expectedSig = crypto
    .createHmac('sha256', secret)
    .update(data)
    .digest('base64url');
  return signature === expectedSig;
}

Next Steps

• API Reference
• WordPress Plugin
• Rate Limiting