Beating Sneaker Bots, Ticket Bots, Scalpers and Touts

Beating Sneaker Bots, Ticket Bots, Scalpers and Touts

It's a competitive world out there, and people are always trying to find ways to gain advantage. Here's how to protect your site from ticket bots with Queue-Fair when someone tries to cross the line.

As far as your busy onsales are concerned, you might think the more orders the better, but you might also have a problem with certain individuals buying more of your product than you consider fair use. Even though it may not yet be illegal in your country - and ticket bots for events frequently are illegal - it's something responsible ticket issuers, companies and artists take seriously when selling tickets, and retailers when selling limited supply products - in the shoe business where limited edition sneakers like air jordans have much higher prices on the resale market, automatic purchase bots are known as sneaker bots.

When a small number of people or bots act to snap up all the NFTs, sneakers or tickets you have for sale it can leave your other customers feeling left out, disappointed that they didn't get the chance to buy, and fears over ticket bots and scalpers buying more tickets for live events than real fans can easily make the news or be posted on twitter, harming your brand. It's just the same with sneaker bots.

The highest rated Virtual Waiting Room on G2
G2 is the world's most visited SaaS review website, where we have the perfect 5.0 / 5 star score.

What our Clients say about Queue-Fair

Bots live in data centres and can't join the queue

Every ticket bot must run on a computer somewhere. People that run bots usually run lots of them, which means they need a data centre to support them. You can set the Queue-Fair Security Gates to automatically exclude requests from known data centres including Amazon, Google and Azure cloud services, as well as known bad actor IP address ranges, without excluding real users or fans connecting from their home, office or mobile phone.

Uniquely to Queue-Fair, the data centre check is applied at both the Pass and Join gates, to prevent credentials gathered by a human that Joined the queue at home from being sent to bots at a data centre to get Passed in large numbers to your ticket site.

first ticket bot illegal for live events stops real users account server websites

Using a PreSale page ensures fairness

If you have tickets, sneakers, NFTs or any other item going on sale at a particular time, then we always recommend deploying a Queue-Fair PreSale page. This page has a countdown clock, and when the appointed opening time for your event is reached, everyone watching the PreSale page joins the queue automatically.

Fans who join the queue from the PreSale page get a random queue position. Everyone who joins after the opening time, who didn't come in time to see the PreSale page, is inserted after them in first-come, first-served order.

The randomiser ensures that the event opening is fair - everyone who saw the PreSale page has the same chance of being close enough to the front of the queue to buy a ticket, and there's no advantage to scalpers, touts or bad actors who arrive early. If the number of people in the queue is large compared with the stock available, it makes it unlikely that any individual will be able to obtain more than one queue position close enough to the front to buy tickets before you sell out.

Network-Edge and Server-Side Security

Many of our customers prefer the simplicity and ease of integration with their online platforms of our Client-Side JavaScript Adapter, but some bot security checks can only take place on your servers, or at the Network Edge if you are using a Cloud provider. With Queue-Fair, you can continue to use the JavaScript Adapter and add a small amount of code to your servers to support the bot checks (the Hybrid Security Model), or you can do the entire process at the Network Edge or on your servers with our open source code, available in multiple languages.

When you use a Network Edge Adapter, Queue-Fair can intercept requests before they even reach your servers, providing optimum protection from DoS and DDoS attacks.

How can I prevent ticket bots, sneaker bots or human scalpers from making multiple purchases?

Once a person is Passed by Queue-Fair, they have a limited time to use your site to make purchases, called the Passed Lifetime. The ticket issuer should set this long enough to support slower internet users to finish their transaction, including time for a Forgot Password process. Setting this to a short time can help prevent humans from purchasing tickets over and over again - but not bots as a ticketing bot can work sites to buy a ticket much more quickly.

Instead, once a person has completed ticket checkout with their credit card details, your server can securely delete their queue position, preventing users from buying more tickets. If they try to buy tickets again, they'll be sent to the back of the queue, making each queue position single use for buying your tickets, sneakers or NFTs, beer or whatever it is for which people are queuing. This is an effective way to prevent multiple ticket purchases by sneaker bots, humans, and humans using bots alike.

Invitation-only queues using Join Tokens

By default, the Queue-Fair service will let everyone who visits the Queue URL join the queue. You can enable Join Tokens, which are securely signed tokens from your site that must be presented by each user when they attempt to Join the queue in order to receive a queue position.

Join Tokens operate automatically - your users won't have to type them in when they are buying your high demand limited edition sneakers - and you can choose to have your Join Tokens single use, meaning that each token can only be used once to join the queue. For many of our customers, single use Join Tokens are the ticket scalping answer they've been looking for.

So, if you are sending out marketing emails, you can send a different Join Token in each one that goes out - or you can require a login to accounts on your site before someone is sent to the queue when selling tickets, and give a unique Join Token to each login. If you can tie the Join Token to real users' crypto-wallet, credit card details, credit card number or physical delivery address, that's a great way of preventing the same person from joining the queue multiple times, thus preventing users from buying a ticket from you multiple times too.


Companies looking for a secure way to sell can search no more! Whether you are selling tickets, limited edition sneakers or anything high demand, Queue-Fair runs the most feature rich and secure queues on the market, though other less secure virtual waiting room providers charge much higher prices. We have a wealth of bot security features that you can easily customise to protect your buisness and fans from sneaker bots, ticketing bots and any other sort of bot:

More details on beating sneaker bots and ticketing bots for your events and sales are in the Security Guide in the Help section of the Portal, and you can raise support tickets with your accounts team or account representative if you need help using these features, or need an answer to something specific regarding our services. How many of these bot security features you wish to use on your Virtual Waiting Room account is up to you.

Hundreds of leading organisations trust
our queue solutions

Customer 1 Customer 2 Customer 3 Customer 4 Customer 5 Customer 6

Get your secure Queue-Fair Virtual Waiting Room and protect your onsale today!

Get Started