← BACK TO GUIDES

AbuseGraph + Better Auth

Secret key on the server, publishable key in the browser — bound to your domain.

Install the browser SDK

npm install @palisade/sdk

Keys

KeyEnvUse
SecretABUSEGRAPH_SECRET_KEY (sk_…)Server /api/v1/check
PublishableNEXT_PUBLIC_ABUSEGRAPH_PUBLISHABLE_KEY (pk_…)Browser SDK
SiteABUSEGRAPH_SITELicensed domain (e.g. acme.com)

Use _TEST variants for localhost / staging.

Install

Use the package manager tabs at the top of this page, or:

bash

npm install @palisade/sdk

Server check

typescript

async function abusegraphCheck(input: {
  email: string
  event: "signup" | "login"
}) {
  const key =
    process.env.NODE_ENV === "production"
      ? process.env.ABUSEGRAPH_SECRET_KEY!
      : process.env.ABUSEGRAPH_SECRET_KEY_TEST ??
        process.env.ABUSEGRAPH_SECRET_KEY!
  const site = process.env.ABUSEGRAPH_SITE!
  const res = await fetch(process.env.ABUSEGRAPH_CHECK_URL!, {
    method: "POST",
    headers: {
      "content-type": "application/json",
      "x-api-key": key,
      "x-abusegraph-site": site,
    },
    body: JSON.stringify({ ...input, site }),
  })
  return res.json()
}

Better Auth hook

typescript

databaseHooks: {
  user: {
    create: {
      after: async (user) => {
        const result = await abusegraphCheck({
          email: user.email,
          event: "signup",
        })
        if (result.verdict === "block") {
          // delete / ban
        }
      },
    },
  },
}

Browser SDK

typescript

import { init } from "@palisade/sdk"

const sdk = init({
  publicKey: process.env.NEXT_PUBLIC_ABUSEGRAPH_PUBLISHABLE_KEY!,
  edgeUrl: process.env.NEXT_PUBLIC_ABUSEGRAPH_EDGE_URL!,
})

await sdk.check()

Verify

Create a test user, then open Activity in the console.