SENTINEL
SENTINEL
Sentinel is Turnstile for APIs. Block 92% of automated attacks in
<50ms without CAPTCHAs.
Designed by security engineers to protect your auth, signup, and payment
endpoints.
Bots are cheaper to run than your infrastructure. Sentinel reverses the economics of API abuse.
Stop 100k+ fake accounts from being created using automated email rotators.
Identify automated login attempts using behavioral mismatch signals before they hit your DB.
Block bots disguised as users trying to scrape your proprietary data and pricing.
Prevent attackers from enumerating API keys or password reset tokens with high-velocity detection.
Brittle databases that fail against dynamic threats and automated infrastructure rotation.
A blunt instrument that degrades legitimate user experience while failing to stop sophisticated bots.
User-hostile challenges that are easily defeated by modern AI and low-cost labor farms.
Stop guessing. Get 99.9% verification accuracy in under 50ms.
A simple API check that validates requests based on infrastructure and behavioral identity.
User hits your API
In-memory signals (<50ms)
Immediate PASS/BLOCK
Async deep analytics
+35 bonus for verified sessions
Powered by RiskSignal Intelligence
OSI-LAYER-SIGNAL
TEMPORAL-SIGNAL
INTENT-SIGNAL
Sentinel Optional Challenge Architecture (SOCA)
You control when and how challenges appear
No database persistence required
Verified sessions get instant trust recovery
Works on desktop (click) and mobile (touch)
Unusual network activity detected.
This takes a few seconds
See how Sentinel renders a trust decision in real-time.
Primary trust decision endpoint
{
"target": "8.4.2.1",
"profile": "signup"
}Generate behavioral work challenge
{
"target": "8.4.2.1",
"duration": 3.0
}Verify and issue trust token
{
"target": "8.4.2.1",
"nonce": "..."
}const res = await sentinel.check(ip, { profile: 'signup' });
if (!res.allow) {
if (res.remediation?.recommended) {
return res.status(res.http_status).json({
action: "challenge",
challenge_url: "/verify"
});
}
return res.status(res.http_status).send(res.reason);
}Local IPs never blocked
X-Sentinel-Bypass for testing
Redact granular geo-data
20-minute LRU TTL, no persistence
How automated abuse is silently inflating your AWS bill and draining your SaaS runway.
READ_MANIFESTO →How AI broke traditional puzzles and why the best CAPTCHA alternative is behavioral trust.
READ_ARTICLE →Bringing the invisible challenge experience to pure backend and infrastructure layers.
READ_ARTICLE →How to defend against credential stuffing and automated login attacks using behavioral intent.
READ_ARTICLE →A founder's guide to stopping bot signups and fake users without killing conversion rates.
READ_ARTICLE →Sentinel scales from hobbyist infra to enterprise-grade API economies. Pay for authority, never for friction.
Basic Infra Protection
Production Forensic Decisions
Join developers protecting their APIs with clear, signal-based trust decisions.