Best Cloaking helps you stop bots, reviewers, VPN/proxy traffic & spy tools so real users see the offer that converts. 24/7 support at Contact@BestCloaking.com · +4415784236.

Get a Demo
Sign In Request Demo

Developer Documentation

Secure traffic protection • Rule engine • Analytics

Last updated: November 30, 2025

Best Cloaking helps advertisers and agencies protect campaigns with traffic filtering, bot/VPN detection, and rule-based routing — while complying with applicable platform policies and laws. This documentation covers quickstart, API, SDKs, dashboard setup, and best practices.

Compliance first: Use Best Cloaking only for legitimate security, analytics, and quality-control purposes. Do not use our service to deceive platforms, commit fraud, or violate any policy.

A) Client Setup — End-to-End

Step 1 — Sign up

Open the dashboard and create your account.

  1. Enter First/Last name and Email (or choose Sign up with Google / X).
  2. Create a strong password. We recommend a password manager and enabling 2FA if available.
  3. Click Sign Up.
Sign up form
Create your account with email or SSO.
Use a work email so your team can be added to the same workspace later.

Step 2 — Confirm your email

Check your inbox for our verification message and click the link to activate your account.

  • If you don’t see it, check Spam / Promotions.
  • Links expire for security; request a new one if needed.

Step 3 — Trial (7 days)

New accounts start with a 7-day trial that includes 1 Flow. This lets you build and test a complete setup.

  • Trial banner shows remaining days.
  • When you reach your Flow limit (1/1), you can upgrade to add more.
Trial status / 7 days left

Step 4 — Subscription & Payment

When you’re ready (or the trial ends), choose a plan and activate billing.

4.1 Choose a plan

Go to Subscription and compare plans. Starter includes 1 Flow / 10k visits/month.

4.2 Review & Subscribe

Confirm billing cycle and proceed to payment.

Review & Subscribe
4.3 Payment

Send the exact amount to the address shown. We match automatically when the network confirms.

Payment pending Payment paid
Once paid, your subscription activates automatically.
4.4 Payment history
Payment history

Step 5 — Create your Flow

Go to Flows → New Flow and fill the form:

  • Flow name & Purpose — internal labels for your team.
  • Domain — hostname only (e.g., promo.example.com).
  • White URL — where filtered/QA users go.
  • Offer URL — where qualified visitors land.
  • Default actionWhite is safest during testing.
  • Integration — pick tech stack and platform (informational at creation).
Create Flow empty Create Flow filled
Verify both URLs load and tracking pixels fire before moving on.

Step 6 — Add Rules (Targeting & Protection)

Rules decide who reaches the Offer vs who goes to the White page (or gets blocked). Start conservative, then tighten.

6.1 Filtration toggles
  • Cloaking — master smart-filtering switch; suspicious traffic goes to White (or blocked if you set Block elsewhere).
  • Block IP — denylist single IPs or ranges.
  • Block VPN/Proxy — filter known VPN/proxy IP space (reduces fraud; can affect some legit users).
  • Block IPv6 — rarely needed; use only if your stack lacks IPv6 support.
  • Block without ISP — blocks requests where ISP/ASN is missing (catches some bots).
  • Block without Referrer — blocks direct/blank referrers; useful when traffic should only come from ads or partners.
  • Clicks from one IP/day — rate limit repeated clicks per IP (e.g., 3).
  • Clicks before filtering — grace clicks before strict filtering (handy during warm-up).
6.2 Audience targeting
  • Countries — allowlist only markets you target (e.g., FR for France-only).
  • Devices — Mobile / Desktop / Tablet. For app installs, select Mobile and match OS.
  • Operating Systems — Android, iOS, Windows, etc.
  • Browsers — Chrome, Safari, Firefox; optionally exclude fringe browsers seen in abuse.
  • Languages — browser language (e.g., fr-FR).
  • Time Zones — useful for day-parting or regional promos (e.g., Europe/Paris).
  • Connection Type — Cellular/Corporate/Satellite. Cellular narrows to mobile networks only.
6.3 Advanced
  • Referrer FilterAllow only specific domains (safelist) or Block listed. Option to Block empty referrers. Example allowlist: google.com, facebook.com.
  • UTM Filter — require parameters like gclid, utm_source; missing values send users to White/Block (per your default/other toggles).
Rules screen
If qualified visitors are being filtered, gradually loosen rules and retest each layer (VPN/Proxy, Referrer/UTM, Geo/Device).
Click Save Rules when done.

Step 7 — Activate & Monitor

New flows start Paused. Toggle to Active, then watch Hits, Filtered, and Ratio in the flows list.

Flows empty Flows active
  • Stats icon → insights/logs; validate routing and suspicious patterns.
  • Edit rules anytime; use Pause to test safely.
  • Bar shows plan Flow limit (e.g., 1/1). Upgrade to add more flows.

Step 8 — Integration (API / SDK)

Protect pages by checking visitors before rendering your offer. Typical order:

  1. Server receives request to a protected route.
  2. Server calls /api/v1/check-visitor with IP, UA, headers, and path.
  3. Act on the decision: allow (render offer), challenge (light gate), or block/white.
<?php
// Laravel example (Server-side)
$resp = Http::withToken(env('CM_API_KEY'))
  ->post('https://api.example.com/api/v1/check-visitor', [
    'ip' => request()->ip(),
    'user_agent' => request()->userAgent(),
    'headers' => [
      'accept-language' => request()->header('accept-language'),
      'x-forwarded-for' => request()->header('x-forwarded-for'),
    ],
    'path' => request()->path(),
    'referrer' => request()->headers->get('referer'),
  ]);

$data = $resp->json();
switch ($data['decision'] ?? 'allow') {
  case 'allow':
    // render offer
    break;
  case 'challenge':
    // lightweight challenge page or fallback
    break;
  default:
    // route to White URL
}

// Client hint (optional, never rely on client-only)
(function(){
  window.cm = window.cm || {};
  cm.hints = {
    tz: Intl.DateTimeFormat().resolvedOptions().timeZone,
    lang: navigator.language,
    dpr: window.devicePixelRatio || 1
  };
})();
Wire post-conversion POST /api/v1/events to improve quality scoring and reporting.

QA & Troubleshooting

  • No traffic recorded → DNS not pointed yet, caching delay, or Flow still Paused.
  • Everyone goes to White → rules too strict; relax VPN/Proxy, Referrer/UTM, or Geo/Device.
  • High false positives → lower strictness; safelist known IPs/ASNs/referrers.
  • Blank/403 → Default is Block with no matching rules; use White until finalized.

B) API Quickstart

  1. Create an API key: Dashboard → Settings → API Keys.
  2. Choose integration: Server (PHP/Laravel), Node, or via our JS snippet.
  3. Send a check: Pass IP, UA, and headers to /api/v1/check-visitor before rendering.
  4. Act on decision: Allow, challenge, or redirect using your own business logic.
# Example curl
curl -X POST https://api.example.com/api/v1/check-visitor \
  -H "Authorization: Bearer <API_KEY>" \
  -H "Content-Type: application/json" \
  -d '{
    "ip":"203.0.113.12",
    "user_agent":"Mozilla/5.0 ...",
    "headers":{"accept-language":"en-US,en;q=0.9"},
    "path":"/landing",
    "referrer":"https://example.com/ad"
  }'

{
  "request_id": "req_9R7k1...",
  "decision": "allow",
  "signals": {"vpn": false,"proxy": false,"automation": false,"risk_score": 7},
  "ttl": 300
}

Authentication

Authenticate using a Bearer token in the Authorization header. Rotate keys regularly and store in server-side secrets.

Core API Endpoints

  • POST /api/v1/check-visitor — real-time decision.
  • POST /api/v1/bulk-check — batch (≤100).
  • GET /api/v1/decisions/{request_id} — retrieve decision.
  • POST /api/v1/events — post-conversion/quality events.

Webhooks

POST /webhooks/traffic
{
  "type":"decision.created",
  "id":"wh_abc123",
  "created":1738531200,
  "data":{"request_id":"req_9R7k1","decision":"challenge","signals":{"vpn":true,"risk_score":82}},
  "signature":"t=...,v1=..."
}

SDKs

  • PHP / Laravel middleware
  • Node / Express middleware
  • Client JS snippet for non-sensitive hints

Testing & Sandbox

  • Use CM-SANDBOX: true header to avoid skewing production.
  • Test IP overrides & UA simulators in Tools → Test Console.
  • Replay by request_id to debug.

Rate Limits & Errors

  • Default: 600 req/min/project (burst 1200).
  • HTTP 429: backoff with jitter; honor Retry-After.
  • Common: 401 invalid key, 400 malformed body, 422 missing fields.

Security

  • HTTPS only. Rotate keys quarterly.
  • Admin IP allowlisting available.
  • Decisions are hashed & signed server-side.

Privacy & Consent

Some jurisdictions require consent for non-essential identifiers. See our Privacy Policy and Cookie Policy. Configure consent mode to restrict analytics until consent.

Support

Email Contact@BestCloaking.com or use dashboard chat (24/7). For SLA, see your plan.

Need a hand?

Talk to a Solutions Engineer

We’ll help you integrate Best Cloaking in minutes.

Request Demo Contact Support
Cookie
We use cookies to improve your experience, analyze traffic, and for marketing. See our Privacy Policy.
Customize

Cookie Preferences

Choose which cookies to allow. You can change this anytime.

cookies.title
We use cookies to improve your experience, analyze traffic, and for marketing. See our Privacy Policy.
Customize

Cookie Preferences

Choose which cookies to allow. You can change this anytime.