# Foil ## Docs - [Android SDK](https://usefoil.com/docs/android-sdk.md): Add the Foil Android SDK to your Kotlin app from Maven Central, configure it in Application.onCreate(), and hand sealed sessions to your backend to verify. - [Create an organization API key](https://usefoil.com/docs/api-reference/api-keys/create-an-organization-api-key.md): Requires the `api_keys:manage` secret-key scope. - [List organization API keys](https://usefoil.com/docs/api-reference/api-keys/list-organization-api-keys.md): Requires the `api_keys:read` secret-key scope. - [Revoke a organization API key](https://usefoil.com/docs/api-reference/api-keys/revoke-a-organization-api-key.md): Requires the `api_keys:manage` secret-key scope. - [Rotate a organization API key](https://usefoil.com/docs/api-reference/api-keys/rotate-a-organization-api-key.md): Requires the `api_keys:manage` secret-key scope. - [Update an organization API key](https://usefoil.com/docs/api-reference/api-keys/update-an-organization-api-key.md): Requires the `api_keys:manage` secret-key scope. - [Authentication](https://usefoil.com/docs/api-reference/authentication.md): Authenticate Foil API requests with publishable and secret keys, including Bearer token usage, key scopes, environments, rotation, and revocation. - [Errors](https://usefoil.com/docs/api-reference/errors.md): Handle Foil API errors with the structured JSON envelope, stable error codes, HTTP status codes, retry semantics, and request IDs for support. - [List events](https://usefoil.com/docs/api-reference/events/list-events.md): List organization events. Requires Authorization: Bearer sk_* with the webhooks:read scope. - [Retrieve an event](https://usefoil.com/docs/api-reference/events/retrieve-an-event.md): Retrieve one organization event and its webhook delivery attempts. Requires Authorization: Bearer sk_* with the webhooks:read scope. - [Visitor fingerprints API](https://usefoil.com/docs/api-reference/fingerprints.md): List and retrieve durable visitor fingerprints with the Foil API, including lifecycle data, anchors, and recent linked sessions for correlation. - [Dashboard login API](https://usefoil.com/docs/api-reference/gate-login.md): Create dashboard login sessions with a Gate agent token and consume one-time login codes from your backend to sign developers in without a password. - [Service registry](https://usefoil.com/docs/api-reference/gate-registry.md): List and look up publicly discoverable Gate services in the public registry that powers npx signup, including service IDs, env vars, and SDK metadata. - [Gate services API](https://usefoil.com/docs/api-reference/gate-services.md): Create, update, and disable organization-owned Gate services with a secret key, including service IDs, branding, env vars, and registry visibility. - [Signup sessions](https://usefoil.com/docs/api-reference/gate-sessions.md): Create, poll, approve, and cancel Gate signup sessions for agentic signup, then acknowledge one-time encrypted credential delivery to the CLI. - [Agent tokens API](https://usefoil.com/docs/api-reference/gate-tokens.md): Verify and revoke Gate-issued agent tokens with your secret key, checking token validity, status, and expiry from your own API middleware. - [Acknowledge Gate delivery receipt](https://usefoil.com/docs/api-reference/gate/acknowledge-gate-delivery-receipt.md): Requires Authorization: Bearer gtpoll_.... - [Consume a Gate dashboard login code](https://usefoil.com/docs/api-reference/gate/consume-a-gate-dashboard-login-code.md): Requires Authorization: Bearer sk_* with the gate:login_sessions:consume scope. - [Create a Gate dashboard login session](https://usefoil.com/docs/api-reference/gate/create-a-gate-dashboard-login-session.md): Requires Authorization: Bearer agt_.... - [Create a Gate service for the authenticated organization](https://usefoil.com/docs/api-reference/gate/create-a-gate-service-for-the-authenticated-organization.md): Requires Authorization: Bearer sk_* with the gate:services:manage scope. - [Create a Gate signup session](https://usefoil.com/docs/api-reference/gate/create-a-gate-signup-session.md) - [Disable a Gate service for the authenticated organization](https://usefoil.com/docs/api-reference/gate/disable-a-gate-service-for-the-authenticated-organization.md): Requires Authorization: Bearer sk_* with the gate:services:manage scope. This is a soft delete that sets status=disabled. - [Get a Gate service](https://usefoil.com/docs/api-reference/gate/get-a-gate-service.md) - [Get one Gate service for the authenticated organization](https://usefoil.com/docs/api-reference/gate/get-one-gate-service-for-the-authenticated-organization.md): Requires Authorization: Bearer sk_* with the gate:services:read scope. - [List Gate services](https://usefoil.com/docs/api-reference/gate/list-gate-services.md) - [List Gate services for the authenticated organization](https://usefoil.com/docs/api-reference/gate/list-gate-services-for-the-authenticated-organization.md): Requires Authorization: Bearer sk_* with the gate:services:read scope. - [Poll a Gate signup session](https://usefoil.com/docs/api-reference/gate/poll-a-gate-signup-session.md): Requires Authorization: Bearer gtpoll_.... - [Revoke a Gate agent token](https://usefoil.com/docs/api-reference/gate/revoke-a-gate-agent-token.md): Requires Authorization: Bearer sk_* with the gate:agent_tokens:revoke scope. - [Update a Gate service for the authenticated organization](https://usefoil.com/docs/api-reference/gate/update-a-gate-service-for-the-authenticated-organization.md): Requires Authorization: Bearer sk_* with the gate:services:manage scope. - [Verify a Gate agent token](https://usefoil.com/docs/api-reference/gate/verify-a-gate-agent-token.md): Requires Authorization: Bearer sk_* with the gate:agent_tokens:verify scope. - [API introduction](https://usefoil.com/docs/api-reference/introduction.md): Explore the Foil API: base URLs, the v1 REST surface for sessions, fingerprints, Gate, and organizations, plus conventions shared by every endpoint. - [Organizations API](https://usefoil.com/docs/api-reference/organizations.md): Manage Foil organizations and API keys over REST: create organizations, provision publishable and secret keys, set scopes, and rotate or revoke keys. - [Create an organization](https://usefoil.com/docs/api-reference/organizations/create-an-organization.md): Requires the `organizations:create` secret-key scope. - [Retrieve one organization](https://usefoil.com/docs/api-reference/organizations/retrieve-one-organization.md): Requires the `organizations:read` secret-key scope. - [Update a organization](https://usefoil.com/docs/api-reference/organizations/update-a-organization.md): Requires the `organizations:update` secret-key scope. - [Pagination](https://usefoil.com/docs/api-reference/pagination.md): Paginate Foil API list endpoints with cursor-based pagination, including limit and cursor parameters, filters, and SDK auto-pagination helpers. - [Rate limits](https://usefoil.com/docs/api-reference/rate-limits.md): Understand Foil API rate limits per organization and key type, read X-RateLimit response headers, handle 429 errors, and retry with Retry-After. - [Sessions API](https://usefoil.com/docs/api-reference/sessions.md): Retrieve and list scored Foil sessions with a secret key, including the verdict, risk score, decision detail, and signals, plus your own user ID linkage. - [List sessions](https://usefoil.com/docs/api-reference/sessions/list-sessions.md): Requires the `sessions:list` secret-key scope. - [Retrieve one session](https://usefoil.com/docs/api-reference/sessions/retrieve-one-session.md): Requires the `sessions:read` secret-key scope. - [Versioning](https://usefoil.com/docs/api-reference/versioning.md): Learn how Foil API versioning works under /v1/, which changes are additive versus breaking, and how deprecations, sunsets, and SDK releases ship. - [List visitor fingerprints](https://usefoil.com/docs/api-reference/visitor-fingerprints/list-visitor-fingerprints.md): Requires the `fingerprints:list` secret-key scope. - [Retrieve one visitor fingerprint](https://usefoil.com/docs/api-reference/visitor-fingerprints/retrieve-one-visitor-fingerprint.md): Requires the `fingerprints:read` secret-key scope. - [Create a webhook endpoint](https://usefoil.com/docs/api-reference/webhooks/create-a-webhook-endpoint.md): Requires Authorization: Bearer sk_* with the webhooks:manage scope. The signing_secret is returned only in this response and rotation responses. - [Disable a webhook endpoint](https://usefoil.com/docs/api-reference/webhooks/disable-a-webhook-endpoint.md): Requires Authorization: Bearer sk_* with the webhooks:manage scope. - [List webhook endpoints](https://usefoil.com/docs/api-reference/webhooks/list-webhook-endpoints.md): Requires Authorization: Bearer sk_* with the webhooks:read scope. - [Rotate a webhook signing secret](https://usefoil.com/docs/api-reference/webhooks/rotate-a-webhook-signing-secret.md): Requires Authorization: Bearer sk_* with the webhooks:manage scope. The new signing_secret is returned only in this response. - [Send a test webhook](https://usefoil.com/docs/api-reference/webhooks/send-a-test-webhook.md): Requires Authorization: Bearer sk_* with the webhooks:manage scope. Enqueues a webhook.test delivery for the selected endpoint. - [Update a webhook endpoint](https://usefoil.com/docs/api-reference/webhooks/update-a-webhook-endpoint.md): Requires Authorization: Bearer sk_* with the webhooks:manage scope. Updating event_types replaces the endpoint subscriptions. - [Browser compatibility](https://usefoil.com/docs/browser-compatibility.md): Check Foil browser compatibility: supported Chrome, Edge, Firefox, and Safari versions, required APIs, and rollout guidance for webviews and embedded shells. - [Browser SDK](https://usefoil.com/docs/browser-sdk.md): Integrate the Foil browser SDK: import t.js, call start() with your publishable key, and get a sealed session handoff with getSession() at action time. - [Content Security Policy](https://usefoil.com/docs/content-security-policy.md): Configure Content Security Policy directives for the Foil browser SDK, including the script-src, connect-src, worker-src, and frame-src values you need. - [Detection categories](https://usefoil.com/docs/detection-categories.md): Learn how Foil scores sessions across environment, fingerprint, behavioral, timing, and anti-tamper detection categories to produce a verdict. - [Foil Gate](https://usefoil.com/docs/gate/add-gate.md): Add Foil Gate to your product so developers and their AI coding agents can sign up via npx signup. Register your service and implement one provisioning webhook. - [Agent tokens](https://usefoil.com/docs/gate/agent-tokens.md): Verify and manage Gate agent tokens in your API. Validate agt_ tokens with one HTTP call to Gate, cache results, and handle expiry and revocation. - [CLI reference](https://usefoil.com/docs/gate/cli-reference.md): Use the npx signup CLI to sign up for Gate services, log into dashboards, and list the registry. Full reference for commands, flags, and JSON output. - [Dashboard login](https://usefoil.com/docs/gate/dashboard-login.md): Let developers log into your dashboard with npx signup login. Add one route that verifies the one-time Gate login code and creates a session in your app. - [Gate webhook](https://usefoil.com/docs/gate/webhook.md): Implement the Foil Gate webhook to provision accounts when developers approve a CLI signup, return encrypted credentials, and handle retries idempotently. - [What is Gate?](https://usefoil.com/docs/gate/what-is-gate.md): Learn how Foil Gate enables agentic signup, letting AI coding agents create accounts and log in on behalf of developers with hosted consent and bot detection. - [Going to production](https://usefoil.com/docs/going-to-production.md): Take Foil to production safely: start in report-only mode, monitor verdicts, add soft challenges, then enable hard enforcement once signals look stable. - [How it works](https://usefoil.com/docs/how-it-works.md): See how Foil detects AI-controlled browsers and automation: 350+ signals across seven scoring categories, server-side scoring, and backend verification of sealed tokens. - [Start building with Foil](https://usefoil.com/docs/index.md): Detect AI agents, headless browsers, and automation with Foil. Verify sealed sessions on your backend and let developers sign up from the terminal with Gate. - [iOS SDK](https://usefoil.com/docs/ios-sdk.md): Add the Foil iOS SDK to your Swift app with Swift Package Manager, configure it at launch, and hand sealed sessions to your backend for verification. - [Security and privacy](https://usefoil.com/docs/privacy-and-data.md): Review what data Foil collects and never collects, how Foil encrypts data in transit and at rest, and the privacy disclosures your deployment needs. - [Quickstart](https://usefoil.com/docs/quickstart.md): Add Foil bot detection in 5 minutes. Load the browser client, request a sealed session handoff, verify it on your backend, and apply policy by verdict. - [Changelog](https://usefoil.com/docs/resources/changelog.md): Track the Foil changelog: version history and release notes for Foil server and browser SDKs, the Gate CLI and API, dashboard, and detection signals. - [Troubleshooting](https://usefoil.com/docs/resources/troubleshooting.md): Troubleshoot common Foil integration issues: null sessions, sealed token failures, inconclusive verdicts, Gate webhook 401s, and CLI errors, plus FAQs. - [Frontend JavaScript compatibility](https://usefoil.com/docs/runtime-instrumentation.md): Learn how frontend monitoring, analytics, session replay, and tag manager scripts affect Foil runtime signals, and validate your stack before enforcing. - [Server verification](https://usefoil.com/docs/server-verification.md): Verify Foil sealed tokens on your backend with a local check, no network call, then read the verdict and risk score to allow, challenge, or block actions. - [Testing your integration](https://usefoil.com/docs/testing.md): Test your Foil integration with test keys and simulated bot traffic from Playwright, Puppeteer, or Selenium, then confirm verdicts and enforcement paths. - [API abuse & scraping](https://usefoil.com/docs/use-cases/api-abuse.md): Stop API abuse and LLM scraping while allowing legitimate crawlers. Verify Foil sessions across API calls and split policy by attribution category. - [Checkout & payment](https://usefoil.com/docs/use-cases/checkout.md): Detect card testing and bot-driven checkout fraud. Feed Foil verdicts and manipulation scores into your fraud stack without slowing real purchases. - [KYC fraud reduction](https://usefoil.com/docs/use-cases/kyc.md): Reduce KYC fraud before your vendor runs. Use Foil to catch synthetic identities, identity farming, and anti-detect browsers at the verification step. - [Login & credential stuffing](https://usefoil.com/docs/use-cases/login.md): Block account takeover at login. Use Foil to detect credential stuffing, step up inconclusive sessions, and rate-limit by visitor fingerprint, not just IP. - [Promo & trial abuse](https://usefoil.com/docs/use-cases/promo-abuse.md): Stop promo abuse and free-trial farming. Use Foil's durable visitor fingerprint to catch repeat claims across account rotations, cookie clears, and incognito. - [Signup & account creation](https://usefoil.com/docs/use-cases/signup.md): Stop fake signups and automated account creation. Verify Foil sealed tokens at registration and block bots and AI agents before you create the account. - [User-generated content](https://usefoil.com/docs/use-cases/user-generated-content.md): Stop LLM spam and automated posting on user-generated content. Block AI-agent submissions at the composer and cap posting velocity per visitor fingerprint. - [Verdicts & scoring](https://usefoil.com/docs/verdicts-and-scoring.md): Understand Foil verdicts and risk scores, how human, bot, and inconclusive map to score ranges, and how to apply them in your backend policy. - [Webhooks](https://usefoil.com/docs/webhooks.md): Receive signed webhook events from Foil when sessions and Gate signups change state, verify HMAC signatures, and handle retries idempotently. ## OpenAPI Specs - [openapi](https://usefoil.com/docs/api-reference/openapi.json)