changelog

What's new in Crytify

Updates, fixes, and new features — newest first.

new

Python SDK released

Single-file crytify.py with native support for Flask, Django, and FastAPI. Zero dependencies beyond the standard library. Drop-in decorator @crytify_gate for Flask routes, Django middleware class, and Starlette ASGI middleware factory.

new

Webhook delivery system

Register HTTPS endpoints and receive real-time signed event payloads for request.blocked, request.challenged, key.revoked, and credits.low. Each delivery is signed with HMAC-SHA256 and logged with the HTTP response code.

new

Two-factor authentication (TOTP)

Secure your account with any authenticator app — Google Authenticator, Authy, 1Password, or any RFC 6238-compatible app. Enable from Settings → Security. Eight single-use backup codes are generated on setup.

new

CSV export for Requests and Audit Logs

Download filtered request logs and audit trails as CSV from the dashboard. Useful for compliance reviews, internal reporting, and feeding data into your own analytics stack.

security

CSRF protection hardened

CSRF tokens are now enforced globally on all non-API routes. API and payment webhook routes remain token-exempt as expected.

security

Auth route brute-force protection

Login, register, forgot-password, and email resend routes are now rate-limited by IP — 10 attempts per 5-minute window on login, 15 on other auth routes.

new

Node.js SDK released

Express middleware factory and Next.js Edge Runtime support. Fail-open by default with configurable failClosed option. Available via npm as @crytify/sdk.

new

Abuse reporting page

Anyone can report misuse of the Crytify API at /abuse. Reports generate an audit log entry and trigger an admin alert email.

improved

Custom 404, 500, and 400 error pages

Branded error pages replacing the default CodeIgniter views. Consistent with the main design system — dark background, Crytify logo, helpful CTAs.

new

Health endpoint

GET /health returns JSON status with DB connectivity check. Returns 200 when healthy, 503 when degraded. Excluded from robots.txt indexing.

new

Hosted challenge page

CHALLENGE-decision requests are redirected to /challenge/{token} — a Crytify-hosted proof-of-work / JS challenge page that bounces the visitor back to the original URL on pass.

new

Rules engine (IP + UA)

Per-organization allow/block rules on IP ranges, user-agent substrings, and countries. Rules are evaluated before detector scoring, allowing overrides for known internal IPs and specific bots.

new

Live traffic feed (SSE)

Dashboard live traffic view streams the last 50 requests in real-time via Server-Sent Events, updating every 3 seconds without page refresh.

new

Crytify launches in private beta

Bot detection API, dashboard, 19 scoring detectors, credit billing, and Stripe/Xendit payment integration. Invite-only access during the beta period.