Integration guide

Two layers: a hosted script in <head> for human detection and in-browser payments, plus agentoll middleware on Node/Express for HTTP 402 on curl and agents.

Steps

Browser embed — Layer 1

The hosted script tag detects humans, classifies bots, and runs the payment wall with wallet UX in the browser.

Replace pub_xxxxxxxx with your publisher ID from registration.

<script
  src="https://agentoll-middleware-p5aon.ondigitalocean.app/v1/agent-toll.js"
  data-publisher-id="pub_xxxxxxxx"
  async
></script>

Important notes

• data-publisher-id is required — you get it at registration.
• data-api-base is optional — defaults to the script URL origin. Use for local dev (e.g. http://localhost:8787).
• Your page Origin must match the registered domain.
• The API key (atk_...) is not placed in HTML — save it for the server gate and stats API.

Verify the embed

• Open your site in Chrome — no payment wall for humans.
• Bot-like User-Agent or automated fetch — classify / payment flow triggers.
• API health: https://agentoll-middleware-p5aon.ondigitalocean.app/health

Server gate — Layer 2

Node/Express middleware via the agentoll package. Returns HTTP 402 for curl and unpaid agents. Always pair with the browser embed — humans and paying agents need the in-browser wallet UX.

Express example

const express = require('express');
const { createGate } = require('agentoll');

const app = express();

app.use(
  createGate({
    apiKey: process.env.AGENTOLL_API_KEY,
    publicOrigin: 'https://www.example.com'
  }).express()
);

app.get('/article', (req, res) => {
  res.send('<html>...</html>');
});

app.listen(3000);

publicOrigin can be set to your registered public URL if it differs from the request host.

Verify with curl

curl -sI "https://www.example.com/article" -H "User-Agent: curl/8"

Expect: HTTP 402 with a payment-required header.

Behavior

No DNS changes required. The server gate uses your API key with the hosted API — no self-hosted middleware.