Core Components
Merchants (Publishers)
Publishers, websites, and API providers that want to license content & monetize bot traffic.| Component | Description |
|---|---|
| Websites | Websites you want to protect & monetize |
| Content | Specific URL patterns within a system that require licensing |
| License Plans | RSL licenses defining terms, permitted uses, and pricing |
| API Keys | Credentials for authenticating with Supertab Connect API |
Customers
Organizations or individuals operating bots that access web content.| Component | Description |
|---|---|
| Customer Systems | Individual bots, scrapers, or AI agents |
| Customer Keys | Public/private key pairs for authentication (ES256) |
Edge Processing Flow
What Happens at the Edge
- Detection: Identify automated traffic using CDN bot detection signals
- Verification: Validate RSL License Tokens using cached public keys
- Decision: Allow or block access based on token validity and your settings
- Logging: Record events for analytics and billing
Token Flow
For Customers (Getting a Token)
- Generate a client assertion JWT signed with your private key
- Exchange it at Supertab Connect’s
/rsl/tokenendpoint - Receive a license token valid for the requested resource
- Include the token in requests:
Authorization: License {token}
For Merchants (Verifying a Token)
- Edge SDK extracts the token from the Authorization header
- Verify signature using Supertab Connect’s public keys (cached)
- Check token claims (expiration, audience, issuer)
- Allow or deny access based on verification result
- Record usage event