> ## Documentation Index
> Fetch the complete documentation index at: https://docs.docketqa.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Anti-Bot Detection

> Solutions for bot detection systems including Clerk and IP allowlisting

## Docket IP Allowlist

To prevent our automated requests from being blocked, please allow-list the following IP addresses in your security systems.

If you have **Proxy** turned on in your Browser Settings, Docket will use a residential proxy from the region you've selected. In this case, you should allow-list the following IP addresses depending on the region:

| Region               | IPv4 Address     | IPv6 Address                       |
| :------------------- | :--------------- | :--------------------------------- |
| **US West**          | `209.71.96.165`  | `2a09:8280:e633::91:90e3:0`        |
| **US East**          | `204.93.227.70`  | `2605:4c40:40:e85c:0:3cca:61de:1`  |
| **Europe (UK)**      | `205.234.240.78` | `2605:4c40:94:cbfa:0:d88d:acca:1`  |
| **Asia (India)**     | `204.93.145.73`  | `2605:4c40:145:2420:0:f923:aa52:1` |
| **Embedded Browser** | `52.33.220.88`   | `n/a`                              |

These IPs should be allowlisted in:

* Firewalls
* Bot detection systems
* Rate limiting rules
* WAF configurations

## Clerk Bot Detection

If you see a Clerk bot detection page in one of your test failures, you have likely enabled Clerk Bot Detection turned on.

Docket's AI is running in a headless browser, which is often detected as a bot by Clerk. There are two ways to resolve this:

### 1. Disable Clerk Bot Detection on staging

Clerk does not have a granular way to allowlist User-Agent. The best way to resolve this is to disable Clerk Bot Detection on staging.

### 2. Create a simple API to return a session token to Docket

Clerk enables services to bypass bot detection by attaching a session token to the request. You can read more about it [here](https://clerk.com/docs/guides/development/testing/overview#testing-tokens).

If you want to test on production or keep Clerk bot detection on for staging, you can implement an API that returns a session token.

The API is necessary because session tokens are short-lived and require your Clerk tokens to generate, therefore only you can generate it.

Here is an example of how you can implement this API:

```javascript theme={null}
import { clerkClient } from "@clerk/clerk-express";

const clerk = clerkClient({
  secretKey: process.env.CLERK_SECRET_KEY,
}); 

app.post("/session", async (req, res) => {
  const { clerkToken } = req.body;
  const session = await clerk.sessions.create({
    userId: clerkToken,
  });
  res.json(session);
});
```

Once you have the API, you can add it in advanced settings.

<img src="https://mintcdn.com/docket-dcd24ade/qGlrz8CnGiXwbeZU/images/clerk-bot-detection.png?fit=max&auto=format&n=qGlrz8CnGiXwbeZU&q=85&s=1f631fafd44e3bf3ac18f296bc123367" alt="Clerk Bot Detection Configuration" width="2254" height="218" data-path="images/clerk-bot-detection.png" />
