Browser SDK
Embed yaan's invisible bot protection into your website with a single script tag.
The Browser SDK is the client-side component of yaan.
Quick Start
Add the following script tag to your HTML. Replace YOUR_SITEKEY with the sitekey from your dashboard.
<script type="module" src="https://leaf.yaan.ch/leaf.js?k=YOUR_SITEKEY"></script>
API Reference
window.apricot.verify()
| Property | Value |
|---|---|
| Returns | `Promise |
| Throws | If the sitekey is missing, the module fails to load, or a verification is already in progress |
Only one verification can run at a time. Calling verify() while another is pending will reject immediately with an error.
Token Lifecycle
- Tokens are single-use. Each call to
verify()produces a fresh token. - Tokens expire after 5 minutes. Validate them promptly on your backend.
- Replayed tokens (same nonce used twice) are automatically rejected.
Sitekey
The k query parameter on the script URL is your sitekey (starts with sk_). You can find it in the application detail page of your dashboard.
Never expose your client secret (starts with cs_) in the browser. The client secret belongs on your backend only.