RiskShield Guard — What you need to know
RiskShield Guard protects your website or API by scoring each request and returning a decision: Allow, Challenge (e.g. proof-of-work or one-time code), or Block. You add sites here and get keys to integrate with the Assess API.
What to do on this page
Add a site — Click "Add site" to create a new protected site. You will receive a Site ID, a public site key (safe to expose in client code), and a secret key (show once; use only on your server). Configure allowed domains for challenge return URLs (e.g. https://yoursite.com).
How it works
Before a sensitive action (login, signup, payment), your server calls POST /api/v1/protect/assess with the request details. RiskShield returns a decision. If a challenge is required, redirect the user to the challenge URL we provide; after they pass, they return to your site with a pass token. You can verify the token via API or locally with your secret key.
Manage sites
Each card below is a site you have added. Use Manage to view keys, update allowed domains, and see request logs. For full integration steps and code samples, see the RiskShield Guard integration guide in the docs.
Protected sites
Manage sites using RiskShield Guard. Add a site to get keys and integrate the Assess API.