Available now — Free trial up to 30 days

Secure Your Inventory Against Bots & Scalpers.
Built for Ticketing & Flash Sales.

Traditional security fails when high-demand stocks vanish in seconds. RealNode establishes a definitive layer of hardware trust — securing your sales from automated hoarding while ensuring a frictionless checkout for real customers.

Start free trial
0
% uptime
0
Personal data stored
0
Minutes to integrate
$0
Billed for bot attacks

A scalable trust infrastructure

From silent traffic analysis to strict API protection, our SaaS adapts. It authenticates humans, blocks automation, manages quotas, and gives you full visibility without ever storing personal data.

Passive behavioral engine
Threat detection runs in the background. The vast majority of your visitors will never notice the protection.
Instant Human Verification — No Puzzles, No Friction
Users confirm their identity in one tap via TouchID, FaceID, or Windows Hello. Hardware-backed. Zero manual steps. Zero false positives for real customers.
Zero personal data
Your email is transformed into an unreadable hash as soon as it enters the system. We do not know your customers' identities.
Anti-Crash Infrastructure
Bots are intercepted at the network edge in under 2ms — protecting your servers from overload during peak sales. Circuit breakers ensure 99.9% uptime.
Live Threat Analytics
Real-time dashboard. Track live traffic and instantly distinguish legitimate humans from automation attempts — with full event history.
Emergency Master Code
Each user receives a single-use recovery code. Accessible only by the administrator. Vault plan only.
Real-time streaming (SSE)
Your security console updates instantly via Server-Sent Events. No need to refresh: see every visitor live.
Per-site isolation
A user banned on another site will never be blocked on yours. Each RealNode client is fully isolated.

Engineering digital trust

An independent laboratory building the infrastructure layer that separates real humans from automated systems — at hardware level.

Zero-Data by Design

No biometric data, no IP profiling, no persistent identity stored. Trust is established by hardware cryptography alone — GDPR-compliant by architecture.

Sub-2ms Server Validation

Attestation signatures are verified in-memory. No database round-trip on the critical path. Sub-2ms server-side, sub-200ms end-to-end — real users never wait; bots never pass.

Fail-Open Resilience

Automated circuit breakers ensure your platform stays open even if validation infrastructure experiences latency spikes. Sales are never interrupted.

Our Laboratory

EMKAY LABS — Independent Engineering

Born from the conviction that software-only anti-bot defenses have reached their limits, we develop hardware attestation protocols (FIDO2/WebAuthn) that make bot simulation physically impossible.

Contact our team Technical Whitepaper
From the Blog

Latest Technical Insights

All articles →
Architecture

The Myth of Client-Side Security: Why Modern Applications Should Trust Cryptography, Not JavaScript

The browser is an untrusted execution environment. A determined attacker can inspect, modify, or replace client-side code. Here's why the trust anchor must live on the server.

Read article →
Ticketing

Beyond CAPTCHAs: Exploring Hardware Attestation for High-Demand Ticket Sales

Modern scalper bots bypass CAPTCHAs in milliseconds. Hardware attestation shifts trust away from browser behavior and toward cryptographic proof — a fundamentally different threat model.

Read article →

More articles

Explore all technical articles on hardware security, FIDO2, and anti-bot architecture.

Select your security posture

RealNode seamlessly complements your existing Web Application Firewall (WAF). Block automated threats directly at the device level — without slowing down your legitimate traffic funnel.

Bot Protection is Always Free. We only count verified human interactions.
RN INSIGHT
The invisible observer
$49/month
Free trial: 30 days
  • 1,000 Verified Humans / month
  • (Bots and blocked attacks are 100% free)
  • No-CAPTCHA Invisible Protection
  • AI Bot Detection (Mouse & Keyboard kinetics)
  • Device Spoofing Prevention
  • Automatic honeypot
  • Real-time audit console (SSE)
  • Overage: +$0.02 per additional verified human
RN VAULT
The cryptographic fortress
$899/month
Free trial: 30 days
  • 50,000 Verified Humans / month
  • Multi-Site Centralized Management
  • Biometric Checkout (FaceID, TouchID, Passkeys)
  • Bank-Grade Hardware Security (Enclave)
  • Advanced forensic console
  • Automatic Server Crash Protection (Anti-DDoS)
  • Priority support
  • Overage: +$0.08 per additional verified human

RealNode Enterprise

Managing massive traffic volumes or global ticketing drops? Contact us for a custom deployment with unlimited quotas and dedicated integration support.

All plans: No credit card required to start (card required only after the trial) · Zero personal data stored · Technical support included

Need more time? The trial is unlimited on localhost and staging environments.

Your site is protected in under 10 minutes

No server configuration. No dependencies. Just JavaScript.

Using WordPress & WooCommerce? Skip the code. Protect your store in 2 clicks with our official plugin.
Download WordPress Plugin →
Using React or Next.js? Download the official B2B integration guide for your engineering team.
Using Custom HTML / Vanilla JS? Follow our detailed universal deployment manual.
1
Create your account
Visit our portal to select your plan (Insight, Sentinel, or Vault) and instantly receive your Public API Key (pk_live_...) for your frontend, and a Secret Key (sk_live_...) for your backend server. The free trial for your plan is activated immediately.
2
Add the SDK
Copy a single line into your HTML page. The script is asynchronous — it does not slow down your site and is transparent for SEO.
↳ See the "Installation" tab
3
The SDK starts automatically
The SDK automatically configures itself based on your subscribed plan. No additional parameters are required for standard execution. The analysis begins as soon as the page loads.
4
Protect an action
Add data-rn-protect to any button. The SDK intercepts the click, runs verification silently (or triggers biometrics for Vault), and fires the rn:verified event on success — with zero code change when upgrading plans.
Using React or Next.js? Use our dedicated React hooks & components instead of the HTML attribute.
↳ See the "Protect an action" tab
// Step 1: Configure your API key (before loading the SDK)
<script>
  window.RN_CONFIG = {
    apiKey: "pk_live_YOUR-PUBLIC-KEY-HERE"
    // Use your PUBLIC key (pk_live_...) here — safe for the browser.
    // No code change needed when you upgrade plans.
  };
</script>

// Step 2: Load the universal SDK (one line, once, forever)
<script type="module"
  src="https://api.emkaylabs.tech/rn-client.js">
</script>

// The unified SDK auto-configures based on your active plan:
// -> RN Insight  — Invisible passive telemetry, no user interaction
// -> RN Sentinel — AI-driven behavioral engine, silent challenge on doubt
// -> RN Vault    — FIDO2 cryptographic modal triggered on every action

Frequently Asked Questions

Everything you need to know about RealNode.

RealNode is a trust infrastructure that distinguishes real human users from automated bots — without ever asking your visitors to solve a CAPTCHA or perform a manual action. It works by combining three complementary signals: a unique hardware identifier (IDH) derived from the physical characteristics of the device, a passive behavioral analysis of micro-movements (mouse, keyboard, screen touch), and — for high-security plans — a cryptographic biometric attestation performed directly on the device's secure chip. All of this runs silently in the background in milliseconds.

No. The SDK is loaded asynchronously — it never blocks the rendering of your page. The behavioral analysis runs entirely in the background. For verified trusted users, the check completes in under 10ms and is completely transparent to the visitor. The SDK is lightweight (<20KB) and has no impact on your Lighthouse score or SEO.

Integration takes under 10 minutes and requires only 2 lines of code added to your HTML page. Step 1: declare your API key in a window.RN_CONFIG object. Step 2: load the universal SDK script. That's it — the SDK automatically detects your active plan server-side and configures itself accordingly. There is nothing to change in your code when you upgrade your plan. A full integration guide with copy-paste code examples is available in the "How it works" tab.

A billing unit is counted each time RealNode performs a security analysis for a unique device (IDH) on a specific protected event or page. The key rules are:

  • Unique per event: If the same user accesses 3 different protected events, that counts as 3 units — one per event.
  • Not per visit: If the same user returns to the same event 100 times in the same billing cycle, that still counts as only 1 unit for that event.
  • Outcome-independent: The count applies regardless of whether the device is classified as a trusted human, suspicious, or a bot, and regardless of whether the visitor ultimately completes a purchase.
  • Site-isolated: Each RealNode client site has its own completely independent quota. One site's usage never affects another.
The security analysis is delivered the moment the device accesses the protected resource, and that is when it is counted.

Your service is never interrupted. Once the included monthly quota is exhausted, additional usage is billed per unique user/event unit. The billing unit is 1 unique device (IDH) × 1 protected event — if the same user attends 3 events, that is 3 units. If the same user returns 100 times to the same event, that is still only 1 unit. RN Insight: +$0.02 per additional unit. RN Sentinel: +$0.05 per additional unit. RN Vault: +$0.08 per additional unit. Your administration console at app.realnode.emkaylabs.tech/dashboard lets you monitor your consumption in real time, and you receive a preventive alert before reaching your limit.

RealNode stores zero biometric data and zero readable personal information. Email addresses are immediately transformed into a SHA-256 cryptographic hash before any recording — it is mathematically impossible to reconstruct the original email from this hash. Biometric signals (fingerprint, FaceID) never leave the user's device; only a signed cryptographic attestation is transmitted. The only identifier persisted server-side is the anonymous hardware device hash (IDH). RealNode is GDPR-native by design.

The false positive rate is extremely low by design. On the RN Insight plan (100% passive), users are never blocked — the system only observes silently. On RN Sentinel, a transparent challenge is only triggered in genuinely ambiguous situations (less than 0.1% of legitimate traffic) and legitimate users are cleared in under 1.5 seconds. On RN Vault, the FIDO2 biometric enrollment is a one-time action — all subsequent visits and validations are instant, transparent, and frictionless, preserving your user conversion rates.

RN Insight ($49/mo — 1,000 unique users/month) is the invisible observer. It audits and scores all traffic passively without ever interrupting a visitor. Ideal for proving the financial impact of bots before activating any barrier.

RN Sentinel ($199/mo — 10,000 unique users/month) is the adaptive guardian. Traffic flows normally; the SDK only triggers a FIDO2 biometric challenge when a serious doubt is detected by the behavioral analysis. The right choice for ticketing and e-commerce platforms that need smart, targeted protection.

RN Vault ($899/mo — 50,000 unique users/month) is the cryptographic fortress. Biometric attestation is mandatory for every interaction on the protected route — no exceptions. Designed for flash sales, exclusive drops, and high-value asset transactions where zero tolerance is required.

RealNode is designed around a fail-open architecture by default: if our backend cannot be reached, the SDK gracefully steps aside and your site continues to function normally — no visitor is ever blocked because of us. For maximum-criticality events (RN Vault), administrators can optionally switch to a fail-closed mode from the console, which temporarily suspends the flow rather than opening it. Our infrastructure targets 99.9% uptime with automatic circuit breakers that isolate failures before they propagate.

Yes, completely freely. There is no long-term commitment. You can change your plan or cancel your subscription in one click from your administration console. The SDK requires zero code changes when you switch plans — it reads your current tier automatically from our servers at each page load. The change takes effect immediately.

The FIDO2/WebAuthn standard relies on each device's built-in secure hardware chip (Touch ID, Face ID, Windows Hello, or a security key). The biometric data never leaves the device — the chip performs the authentication internally and only sends a signed cryptographic proof to our server. The user experience is identical to unlocking their phone or approving a bank payment. For returning users, authentication is instant (under 200ms). It is far less intrusive than a CAPTCHA, requires no passwords, and produces no false positives for legitimate users.

Each device generates its own unique identifier (IDH) based on its hardware characteristics. A user recognized on their laptop is a distinct IDH from the same person using their phone — this is by design, for privacy. There is no cross-site tracking: a user's IDH on your platform is cryptographically isolated from that same device on any other RealNode client's platform. You receive a complete, isolated view of your own traffic only.

Yes, fully. RealNode is framework-agnostic. You load the SDK once via a standard <script> tag — it works identically in React, Vue, Angular, Next.js, Svelte, or plain HTML. Simply add data-rn-protect to any critical button and listen for the rn:verified event. In React, place this logic inside a useEffect() hook. The SDK persists the device session across client-side route changes without requiring a page reload.

This is the core security question — and our most robust guarantee. The Hardware Device Identifier (IDH) is derived from dozens of hardware-level signals that are extremely difficult to spoof consistently (GPU rendering, audio context, screen calibration data, and more). Unlike cookies or IP addresses, spoofing an IDH requires acquiring real hardware. On RN Vault, even a perfect IDH spoof is insufficient: the FIDO2 biometric attestation requires physical access to the specific device's secure hardware chip. There is no known software workaround for this.

Yes. Our published plans (RN Insight at $49/mo, RN Sentinel at $199/mo, RN Vault at $899/mo) are designed for self-service onboarding. For organizations requiring massive volumes, custom SLA guarantees, dedicated infrastructure, or contractual arrangements (escrow, SOC2 reports, legal riders), we offer custom Enterprise contracts. Contact us at realnode@emkaylabs.tech with your estimated volume and use case and we will respond within 24 hours with a tailored proposal.

Yes. Your API keys work on any domain or localhost environment without restriction. We recommend using your trial period to fully test the integration on staging before going live. The administration console shows all verifications in real time, allowing you to inspect exactly how each device is analyzed. There are no separate sandbox keys — your production keys work universally and trial usage is clearly distinguished in your billing dashboard.

When you cancel, your premium subscription remains active until the end of the current billing period. After that, your account transitions automatically to our Free access tier or is paused. Your API keys, configurations, security settings, and historical audit logs are preserved securely on our databases indefinitely. You can return and reactivate your subscription at any time without losing your configuration or history. If you require permanent and immediate deletion of all your account data, you can request it at any time by contacting our support team.

RealNode is specifically built for high-tension events. Before a major sale, we recommend: (1) Pre-warming your quota by upgrading to the appropriate tier for the event window. (2) Optionally enabling Fail-Closed mode from your admin console to ensure that if our backend is unreachable, the flow is suspended rather than opened. (3) Contacting us in advance — for events exceeding 100,000 concurrent sessions, we can pre-allocate dedicated infrastructure capacity. Flash sales are our core use case; we are optimized for exactly this scenario.

For standard behavioral detection and transaction quotas (Insight & Sentinel), RealNode does not use cookies; it stores an anonymous hardware-derived token locally within the user's browser (localStorage). For high-security biometric verification (Vault), a temporary first-party session cookie is utilized on your domain to secure the active biometric session. We do not use advertising, profiling, or cross-site tracking cookies. This functional usage is fully exempt from consent banners under ePrivacy rules.

Yes. Your account supports multiple domains under the same API key pair. Each domain is treated as an isolated tenant — a device trusted on site-a.com generates a completely different IDH than the same device on site-b.com, preventing cross-site correlation. Your administration console groups events and quota consumption by domain, giving you granular visibility per site. For complex multi-tenant architectures, the clientId parameter in RN_CONFIG allows further subdivision within a single domain.

Yes. Every security event (verification, quota consumption, device ban, recovery attempt, suspicious score) is written to an immutable append-only log in your administration console. You can filter by date range, device hash, trust level, or event type. Exports are available in JSON and CSV format directly from the dashboard. On RN Vault, forensic logs include the full attestation chain, making them legally admissible in dispute resolution or fraud investigations.

Technical support is available via email at realnode@emkaylabs.tech. We guarantee a response to all technical integration and platform questions in under 24 hours, ensuring smooth deployment. All documentation, integration guides, and API references are fully maintained.

Need deep technical specifications? Our private Backend Integration Guide and Architecture Whitepaper are available for engineering teams.

Didn't find your answer? Contact our team →

Let's discuss your project

A question about the plans, a demo request, or need help with integration? We answer quickly.

✉ realnode@emkaylabs.tech

Or fill out the form below

✓ Message sent! We will reply within 24 hours at realnode@emkaylabs.tech