How to Integrate with BotGuard if you are a Hosting Provider.

At BotGuard, we help our partner hosting companies solve problems with bots and malicious traffic attacking their clients’ web resources. Many of our partners use commercial and free hosting control panel software, such as CPanel or Plesk, to provide their clients with website management capabilities. For many such panels, we have developed extension modules (“plug-ins”) that automate bot traffic management services for the hosting companies’ systems. We already have such plug-ins for WHM / CPanel, DirectAdmin, Plesk, and even for the WHMCS billing system when it is used separately, without a hosting panel.

BotGuard is a SaaS (or more precisely SECaaS, security as a service) working with partners based on the white label model. Therefore, we usually do not provide the end users of our hosting partners with direct registration and use of our service via botguard.net. All the key features (i.e., registering a website, viewing protection statistics and managing protection rules) are provided via our partners’ control panels. But what if you use your own home built user management system to serve your end-customers, especially, as many hosting companies consider their own home-made hosting panels as a competitive advantage? In these case you cannot use ready-made extension modules.

Botguard is excited to present a solution for such cases. Please, welcome the BotGuard Partner API. This programmatic interface provides the ability to manage clients’ web resources through one partner account, while delegating the administration of specific websites to the host’s end-customers. This API enables the developers of home-built hosting management systems to integrate a bot traffic management service with ease, making it possible to expand the range of services provided by adding “Security as a Service” to your clients.

The BotGuard Partner API is a RESTful-based API utilizing the commonly accepted practice of calling functions over HTTP along with a JSON format data exchange. This allows you the effortless implementation of BotGuard service support in conjunction with almost any development tool and programming language. To make it even easier, you have access to our PHP API wrapper, which performs the Partner API calls on the most widely used programming language for the web.

Please review the BotGuard Partner API documentation page at https://app.swaggerhub.com/apis-docs/botguard/partner_api/1.0.0-oas3

The API currently provides the following resources:

• registering an end-user website with the hosting partner’s BotGuard account.
• website deletion (deregistration).
• viewing and changing the state of the website.
• displaying a list of events and accessing the interface for configuring bot management rules.

These functions must be called in case of certain events in your own hosting control panel. Typically, enabling any hosting service for a user looks as follows:

Step 1. The user selects a service from the list of services provided by the host.

Step 2. The user orders the service.

Step 3. The user pays for the service

Step 4. The user waits for confirmation of receipt of payment.

Step 5. The user examines the parameters of the provided service and makes settings.

Step 6. The user starts using the service.

And, unfortunately, sooner or later the hosting partner may face:

Step 7. А delay in recurring payment from the user.

Step 8. А service cancellation.

In order to provide a user with a bot traffic management service, you need to add a call to the appropriate BotGuard Partner API functions using the above mentioned key entry points in your hosting management system.

After steps 3 or 4 you must call your client’s website registration function (“POST / website”). As a result, the client’s domain will be added to your partner account, and the servers will be automatically prepared to serve it.

Before the protection is enabled for a specific website, the web server that hosts the client’s website must be integrated with BotGuard by installing the BotGuard module for Apache or NGINX. Sometimes this is done by the hosting support team, and sometimes by the client on their own. In the latter case, the client must be provided with integration instructions and the server addresses to be used during integration. To find the addresses, use the API function (“GET / website / {domain}”).

In order to allow the client access to the parameters of the service provided, you need to add links to the Protection event viewer page and the Protection rule editor page, “… / events / {domain}” and “… / settings / {domain} / edit”, respectively. Instead of links, you can use an iframe to seamlessly integrate these interfaces into your hosting panel system.

If it is necessary to suspend the service (e.g.. in case of payment delay), it is necessary to call the function (“PUT / website / {domain}”) to change the status of the client’s site. Conversely, when it is necessary to resume the service, the same function is used with a different status parameter.

If the client has decided to refuse to use the service, it is necessary to call the site deletion (deregistration) function “DELETE / website / {domain}”.

Using this small set of functions, you can easily manage your partner account resources programmatically.

See how these functions are used in practice in our WHMCS billing module. It’s really simple!

Note: For security reasons, any BotGuard Partner API call requires an Authentication Key (“API Key”), which you must keep secure. You can get the API Key from the Resources page of your BotGuard partner account.

Don’t have a partner account? Drop us a message at partner@botguard.net.

Do you have any suggestions or questions? Please add a comment to this post.