RyeBot is and how to allowlist it.
Developers integrating with our API to add shopping functionality to their apps do not need to allowlist
RyeBot.What is RyeBot?
RyeBot is Rye’s web agent that performs checkout flows on behalf of shoppers.
Allowlisting RyeBot ensures it can access your ecommerce site without being blocked by security measures, helping provide a smooth shopping experience for users relying on Rye’s services.
How can I identify RyeBot?
To help website owners identify this bot on their websites, we provide an identification detail as part of our access requests (“RyeBot/1.0”) in the user-agent string. Such identification detail may look like the following:
Vercel
If you are using Vercel, no additional configuration is needed to allowRyeBot to access your site. Vercel has added RyeBot to their Verified Bot Directory, and Vercel’s system automatically permits our requests by default.
HUMAN
RyeBot is a trusted AI Agent in HUMAN’s Known Bots & Crawlers. After allowing RyeBot in HUMAN, no custom signature verification is required because HUMAN handles the verification for you.
To allow it in Sightline:
- In your HUMAN console, go to Policies → Traffic Policy Settings → Known Bots & Crawlers.
- Search for
RyeBot. - Change the rule to ON and set the rule response to Allow.
- In your HUMAN console, open Policies → AI Agents Permissions.
- Search for
RyeBot. - Grant the “Checkout” permission.
Other CDNs
If you are using another CDN that has not already verifiedRyeBot, you can still trust RyeBottraffic by checking the request headers:
- Verify the
Signature-Agentheader exactly matches"https://rye.xyz", including the quotation marks. - Fetch the public key associated with the signature from our well-known endpoint.
- Verify the authenticity of the
Signatureheader based on RFC 9421.