GET /v1/verified-bots/export
Export the full verified-bot allowlist (CIDR and rDNS rules) as a flat JSON list. Business and Owner-lifetime plans only.
curl https://api.botect.ai/v1/verified-bots/export \
-H "Authorization: Bearer YOUR_ACCOUNT_TOKEN"
const res = await fetch('https://api.botect.ai/v1/verified-bots/export', {
headers: { Authorization: `Bearer ${process.env.BOTECT_TOKEN}` },
});
const { data, meta } = await res.json();
import os, requests
r = requests.get(
"https://api.botect.ai/v1/verified-bots/export",
headers={"Authorization": f"Bearer {os.environ['BOTECT_TOKEN']}"},
)
payload = r.json()
{
"data": [
{
"name": "Googlebot",
"category": "search",
"match_method": "ip_cidr",
"match_value": "66.249.64.0/19"
},
{
"name": "GPTBot",
"category": "ai_crawler",
"match_method": "ip_cidr",
"match_value": "20.171.206.0/24"
},
{
"name": "Applebot",
"category": "search",
"match_method": "rdns_suffix",
"match_value": ".applebot.apple.com"
}
],
"meta": { "count": 3 }
}
{
"error": "Feature not available",
"message": "Your plan does not include the 'verified-bots-export' feature.",
"code": "FEATURE_NOT_AVAILABLE"
}
Returns the complete active verified-bot allowlist — every CIDR range and reverse-DNS suffix Botect uses to recognize legitimate crawlers, monitors, and previewers. The list is a global catalog: every subscriber sees the same rules, not a per-account subset.
Use it to mirror Botect's allowlist into your own edge (WAF, CDN, firewall) or to audit which operators are recognized.
GET https://api.botect.ai/v1/verified-bots/export
Authentication
Account API token via Authorization: Bearer <token>. This endpoint is gated on two things:
- The token must carry the
projects:readability. - The account's plan must include the
verified-bots-exportfeature — currently the Business and Owner-lifetime plans.
See Authentication and Plans & quotas.
Example
Response fields
The response is a list under data, with a meta.count total. Each entry is one allowlist rule:
Googlebot, GPTBot, UptimeRobot).search, ai_crawler, ai_search, monitoring, seo. Surfaced on verdicts as verified_bot_category.ip_cidr (the client IP falls inside the CIDR range) or rdns_suffix (forward-confirmed reverse DNS ends with the suffix).66.249.64.0/19) for ip_cidr, or a hostname suffix (e.g. .googlebot.com) for rdns_suffix.The internal binary range bounds Botect uses to index ip_cidr rules are not exposed — match_value is the canonical, human-readable identity.
Errors
| Status | code | When |
|---|---|---|
401 | UNAUTHENTICATED | Missing / bad account token |
402 | NO_ACTIVE_SUBSCRIPTION | Valid token, but the account has no active subscription |
403 | FEATURE_NOT_AVAILABLE | The account's plan does not include verified-bots-export (upgrade to Business) |
403 | INSUFFICIENT_TOKEN_ABILITY | The token is not scoped with the projects:read ability |