> ## Documentation Index
> Fetch the complete documentation index at: https://docs-dev-docs-event-stream-action-templates.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.
> Learn how to add bot protection and detection to your native application that use Auth0.Swift, Auth0.Android, Lock.Swift, and Lock.Android.
# Add Bot Detection to Native Applications
You can add [Bot Detection](/docs/secure/attack-protection/bot-detection) to your native applications with little to no additional configuration depending on the SDK and authentication flow you are using.
## Auth0.swift and Auth0.Android
If you’re using Universal Login, Bot Detection is supported automatically by the following SDK versions:
* `Auth0.swift` version 1.28.0+
* `Auth0.Android` version 1.25.0+
If you’re not using Universal Login, Bot Detection is supported, but you need to configure your application accordingly:
* Your application must handle the `requires_verification` exception (which is thrown when a high-risk login attempt is detected) and then trigger a WebAuth flow to render a CAPTCHA verification step.
* When you trigger the WebAuth flow, you may pass the `login_hint` parameter to prevent the user from needing to type in their username again.
### Auth0.swift example
If your application performs database login/signup through the [Authentication API](https://auth0.com/docs/api/authentication), you must handle the `isVerificationRequired` error. This error indicates that the request was flagged as suspicious and an additional verification step is necessary to authenticate the user.
This verification step is web-based, so you need to use [Universal Login](/docs/authenticate/login/auth0-universal-login) to complete it.
```swift lines expandable theme={null}
Auth0
.authentication()
.login(usernameOrEmail: email,
password: password,
realmOrConnection: connection,
scope: scope)
.start { result in
switch result {
case .success(let credentials): // ...
case .failure(let error) where error.isVerificationRequired:
DispatchQueue.main.async {
Auth0
.webAuth()
.connection(connection)
.scope(scope)
.useEphemeralSession()
// ☝🏼 Otherwise a session cookie will remain
.parameters(["login_hint": email])
// ☝🏼 So the user doesn't have to type it again
.start { result in
// ...
}
}
case .failure(let error): // ...
}
}
```
In the case of signup, you can add [an additional parameter](/docs/authenticate/login/auth0-universal-login) to make the user land directly on the signup page:
`.parameters(["login_hint": email, "screen_hint": "signup"])`
Read [Auth0.swift Getting Started](https://github.com/auth0/Auth0.swift#getting-started) for details on how to set up Universal Login.
### Auth0.Android example
If your application performs database login/signup through the Authentication API, you must handle the `AuthenticationException#isVerificationRequired()` error. This error indicates that the request was flagged as suspicious and an additional verification step is necessary to log the user in.
This verification step is web-based, so you need to use [Universal Login](/docs/authenticate/login/auth0-universal-login) to complete it.
```swift lines expandable theme={null}
final String email = "username@domain.com";
final String password = "a secret password";
final String realm = "my-database-connection";
AuthenticationAPIClient authentication = new AuthenticationAPIClient(account);
authentication.login(email, password, realm)
.start(new BaseCallback() {
@Override
public void onFailure(AuthenticationException error) {
if (error.isVerificationRequired()){
Map params = new HashMap<>();
params.put("login_hint", email); // So the user doesn't have to type it again
WebAuthProvider.login(account)
.withConnection(realm)
.withParameters(params)
.start(LoginActivity.this, new AuthCallback() {
// You might already have an AuthCallback instance defined
@Override
public void onFailure(@NonNull Dialog dialog) {
// Error dialog available
}
@Override
public void onFailure(AuthenticationException exception) {
// Error
}
@Override
public void onSuccess(@NonNull Credentials credentials) {
// Handle WebAuth success
}
});
}
}
@Override
public void onSuccess(Credentials payload) {
// Handle API success
}
});
```
In the case of signup, you can add [an additional parameter](/docs/authenticate/login/auth0-universal-login) to make the user land directly on the signup page:
`params.put("screen_hint", "signup");`
Read [Auth0.Android Authentication with Universal Login SDK documentation](https://github.com/auth0/Auth0.Android#authentication-with-universal-login) for details on how to set up Universal Login.
## Lock.Swift and Lock.Android
If you’re using Universal Login, Bot Detection is supported automatically by the following SDK versions:
* `Lock.Swift` version 2.19.0+
* `Lock.Android` version 2.22.0+
If you’re not using Universal Login, Bot Detection is supported, but you need to configure your application accordingly:
* Your application must handle the `requires_verification` exception (which is thrown when a high-risk login attempt is detected) and then trigger a WebAuth flow to render a CAPTCHA verification step.
* When you trigger the WebAuth flow, you may pass the `login_hint` parameter to prevent the user from needing to type in their username again.
## Authentication API
If you’re using the Authentication API directly, Bot Detection is supported, but you need to configure your application accordingly:
* Your application must handle the `requires_verification` error (which is returned by the Authentication API when a high-risk login attempt is detected) and then trigger a WebAuth flow to render a CAPTCHA verification step.
## Learn more
* [Add Bot Detection to Custom Login Pages](/docs/secure/attack-protection/bot-detection/bot-detection-custom-login-pages)