AbuseGraph + Better Auth
Secret key on the server, publishable key in the browser — bound to your domain.
Install the browser SDK
npm install @palisade/sdk
Keys
| Key | Env | Use |
|---|---|---|
| Secret | ABUSEGRAPH_SECRET_KEY (sk_…) | Server /api/v1/check |
| Publishable | NEXT_PUBLIC_ABUSEGRAPH_PUBLISHABLE_KEY (pk_…) | Browser SDK |
| Site | ABUSEGRAPH_SITE | Licensed domain (e.g. acme.com) |
Use _TEST variants for localhost / staging.
Install
Use the package manager tabs at the top of this page, or:
bash
npm install @palisade/sdkServer check
typescript
async function abusegraphCheck(input: {
email: string
event: "signup" | "login"
}) {
const key =
process.env.NODE_ENV === "production"
? process.env.ABUSEGRAPH_SECRET_KEY!
: process.env.ABUSEGRAPH_SECRET_KEY_TEST ??
process.env.ABUSEGRAPH_SECRET_KEY!
const site = process.env.ABUSEGRAPH_SITE!
const res = await fetch(process.env.ABUSEGRAPH_CHECK_URL!, {
method: "POST",
headers: {
"content-type": "application/json",
"x-api-key": key,
"x-abusegraph-site": site,
},
body: JSON.stringify({ ...input, site }),
})
return res.json()
}Better Auth hook
typescript
databaseHooks: {
user: {
create: {
after: async (user) => {
const result = await abusegraphCheck({
email: user.email,
event: "signup",
})
if (result.verdict === "block") {
// delete / ban
}
},
},
},
}Browser SDK
typescript
import { init } from "@palisade/sdk"
const sdk = init({
publicKey: process.env.NEXT_PUBLIC_ABUSEGRAPH_PUBLISHABLE_KEY!,
edgeUrl: process.env.NEXT_PUBLIC_ABUSEGRAPH_EDGE_URL!,
})
await sdk.check()Verify
Create a test user, then open Activity in the console.