Janus
API Reference

API Endpoints

Complete API reference for Janus.

Public (used by SDK)

Request a proof-of-work challenge.

Headers: X-Site-Key (required)

Response:

{
  "challengeId": "uuid",
  "challenge": "hmac-hash",
  "difficulty": 4,
  "mode": "invisible",
  "algorithm": "SHA-256",
  "expiresAt": "2026-03-22T10:05:00.000Z"
}

Submit a solved challenge with collected signals.

Headers: X-Site-Key (required)

Body:

{
  "challengeId": "uuid",
  "nonce": "48291",
  "solveTimeMs": 1847,
  "fingerprint": { "canvas": "...", "webgl": "..." },
  "behaviorData": { "mouseMovements": 23, "keystrokes": 5 }
}

Response:

{
  "success": true,
  "token": "signed-token",
  "riskScore": 15,
  "action": "allow",
  "expiresAt": "2026-03-22T10:10:00.000Z"
}

Server-side validation

See Siteverify for the full token validation reference.

Dashboard (authenticated)

Operational

GET /health

Liveness check. Always returns 200 with status: ok.

GET /ready

Readiness check. Verifies DB + Redis connectivity.

GET /metrics

Prometheus text format. Counters persist across restarts.

GET /docs

OpenAPI/Swagger UI. Available in non-production environments.

Introduction

Janus is a self-hosted bot detection platform — an open-source alternative to Cloudflare Turnstile and reCAPTCHA.

Siteverify

Server-side token validation endpoint.

On this page

Public (used by SDK)Server-side validationDashboard (authenticated)Operational