changelog
What's new in Crytify
Updates, fixes, and new features — newest first.
Python SDK released
Single-file crytify.py with native support for Flask, Django, and FastAPI. Zero dependencies beyond the standard library. Drop-in decorator @crytify_gate for Flask routes, Django middleware class, and Starlette ASGI middleware factory.
Webhook delivery system
Register HTTPS endpoints and receive real-time signed event payloads for request.blocked, request.challenged, key.revoked, and credits.low. Each delivery is signed with HMAC-SHA256 and logged with the HTTP response code.
Two-factor authentication (TOTP)
Secure your account with any authenticator app — Google Authenticator, Authy, 1Password, or any RFC 6238-compatible app. Enable from Settings → Security. Eight single-use backup codes are generated on setup.
CSV export for Requests and Audit Logs
Download filtered request logs and audit trails as CSV from the dashboard. Useful for compliance reviews, internal reporting, and feeding data into your own analytics stack.
CSRF protection hardened
CSRF tokens are now enforced globally on all non-API routes. API and payment webhook routes remain token-exempt as expected.
Auth route brute-force protection
Login, register, forgot-password, and email resend routes are now rate-limited by IP — 10 attempts per 5-minute window on login, 15 on other auth routes.
Node.js SDK released
Express middleware factory and Next.js Edge Runtime support. Fail-open by default with configurable failClosed option. Available via npm as @crytify/sdk.
Abuse reporting page
Anyone can report misuse of the Crytify API at /abuse. Reports generate an audit log entry and trigger an admin alert email.
Custom 404, 500, and 400 error pages
Branded error pages replacing the default CodeIgniter views. Consistent with the main design system — dark background, Crytify logo, helpful CTAs.
Health endpoint
GET /health returns JSON status with DB connectivity check. Returns 200 when healthy, 503 when degraded. Excluded from robots.txt indexing.
Hosted challenge page
CHALLENGE-decision requests are redirected to /challenge/{token} — a Crytify-hosted proof-of-work / JS challenge page that bounces the visitor back to the original URL on pass.
Rules engine (IP + UA)
Per-organization allow/block rules on IP ranges, user-agent substrings, and countries. Rules are evaluated before detector scoring, allowing overrides for known internal IPs and specific bots.
Live traffic feed (SSE)
Dashboard live traffic view streams the last 50 requests in real-time via Server-Sent Events, updating every 3 seconds without page refresh.
Crytify launches in private beta
Bot detection API, dashboard, 19 scoring detectors, credit billing, and Stripe/Xendit payment integration. Invite-only access during the beta period.