Janus

Introduction

Janus is a self-hosted bot detection platform — an open-source alternative to Cloudflare Turnstile and reCAPTCHA.

Janus protects your forms, logins, and APIs from bots using proof-of-work challenges, browser fingerprinting, behavioral analysis, and cross-signal validation. You deploy it on your own infrastructure and keep full control.

Dashboard Demo

Open Source & Self-Hosted

All data stays on your servers. No third-party scripts, no cookies, no tracking. ~5KB SDK with zero browser dependencies.

How it works

How It Works

Challenge

The SDK requests a proof-of-work challenge from your server. The challenge is HMAC-bound to the site, IP, and timestamp.

Collect signals

While the PoW solver runs in a Web Worker, the SDK collects fingerprints (canvas, WebGL, audio, fonts), behavioral signals (mouse, keyboard, scroll), and automation markers (webdriver, headless).

Score

All signals are submitted to your server. The risk scoring engine combines 20+ signals into a score from 0 (human) to 100 (bot). Plugins can add custom scoring logic.

Verify

The server returns a signed token. Your backend validates it with a single API call to /api/v1/siteverify.

Quickstart

Get running in 5 minutes with Docker Compose

React

useJanus() hook and JanusWidget component

Next.js

Client components + server-side verification

Express

One-line janusVerify() middleware

API Reference

All endpoints and response formats

Plugin System

Extend risk scoring with custom logic

Architecture

System Architecture

Data model

Data Model

Project structure

challenge/
verification/
geoip/
plugins/
alerting/
webhooks/
sdk/
react/
nextjs/
express/

API Endpoints

Complete API reference for Janus.

On this page

How it worksChallengeCollect signalsScoreVerifyQuick linksArchitectureData modelProject structure