Choose a language:

Fortify your bot & abuse defenses with robust tools from Queue-it

Updated: 17 Apr 2024
green robot with green blocks

If bots and abuse plague your sales and registrations, you may need stricter regulation of who can access your waiting rooms (and consequently your website). Queue-it’s Abuse and Bot Protection includes three sophisticated tracking and identification mechanisms to help you increase transparency, promote fairness, and limit abuse.

Use Cases

In some cases, it’s valuable to have stricter control over who can enter a waiting room and/or how many positions they can have in the queue.

For instance, to promote fairness and limit abuse, you may want to tightly regulate access if you are:

  • Selling high-value products
  • Selling products with high resale potential, like sneakers
  • Offering products to only a small number of people
  • Wishing to control visitor flow, such as ensuring that all visitors have been on a landing page before entering the waiting room

In these situations, it would be helpful to ensure that visitors have logged into your system, or have received a personalized VIP link via email, before they can access the waiting room.



To give you fine-tuned control over access to your waiting rooms, Queue-it has introduced three features: custom data, visitor identification keys, and queue tokens.


Custom Data

This feature lets you store data on a Queue ID, for instance a venue, date, or session ID. That data can then be retrieved by a REST API.


Visitor Identification Keys

Put simply, this feature is a token that can identify a given visitor. The visitor identification key could be an account ID, email address, or promo code.

You have the option to enforce uniqueness, so that each ID is only allowed one place in the waiting room.


Queue Tokens

Think of the queue token as a vehicle for transmitting custom data and/or visitor identification keys between your application and Queue-it. The token is signed and encrypted so that it can’t be altered as it’s passed from one system to another.

If you choose to make this required, no one can enter the waiting room without the queue token, giving you complete control over who accesses the waiting room.


Here’s how some companies we work with put these tools into practice.


Administering bank loans

We worked with a British bank who needed help coping with crushing demand for loans they were administering. They wanted to control access to their waiting room by limiting each customer to one place in the queue.

They did this by generating a unique link and emailing it to each customer. Each link housed a queue token which included a unique visitor identification key that would grant just one place in line. So, if a visitor tried sharing their link, they would lose their chance to enter the waiting room. Once it was the visitors’ turn and they exited the waiting room, the bank could verify they had been through the waiting room.

An additional benefit of this approach was that the bank didn’t need to scale their authorization and login systems to manage access to their site.

Queue token use case for administering bank loans


Selling concert tickets

We worked with an international ticketing company to help them block bots and abuse by working with their existing fan verification program.

Visitors signed into their account, which was vetted in advance by the ticketing company. The company had a vetted user base that could later be verified against with the Queue Token.  

Then, each logged-in visitor was allowed one place in the waiting room for a given concert, giving everyone a fair chance and mitigating bot purchases. For VIP fans, the ticketing company could give priority access to tickets by sending them through a faster VIP waiting room.  

Once visitors exited the waiting room the company could either call Queue-it’s API to prevent an unauthorized purchase, or they could verify afterwards that all purchases were made by visitors who’d been through the waiting room.


Offering limited-edition footwear

We worked with a U.S. footwear retailer who received heavy traffic to their site during high-profile footwear releases. To add transparency to their visitor flow, they wanted to require a session ID for each visitor. This meant that the waiting room should only be available to visitors who start from their own website, as opposed to for instance clicking a shared link on social media.

In this case, the retailer used Queue-it’s Custom Data to store the Session ID, giving them full insight into the customer flow from landing page to purchase.

Queue token use case for releasing footwear


How To

You should know that with these sophisticated abuse and bot protection measures, there is no one-size-fits-all approach. Each implementation depends on your system setup and goals.

Contact your Queue-it support representative at to determine the best way for you to use these powerful tools.


Key Takeaway

If your company suffers from bots and abuse, the problem may feel like an arms race. Bad actors are working hard every day to attack websites across the globe. The tools used constantly evolve, traffic patterns and sources shift, and next-generation bots mimic human behavior. You’re constantly pushed to stay one step ahead.

Queue-it’s advanced, multi-pronged mitigation tools including custom data, visitor identification keys, and queue tokens, can be powerful measures in your battle against bots and abuse.

For more information on how you can use Queue-it’s Abuse and Bot Protection features, contact your Queue-it support representative at

Learn how Queue-it helps you serve genuine customers by blocking bots