Product
How it works
Four steps from empty account to protected signups — then ongoing watch for users who already got in.
01
Create your account
Sign up with email and password. No credit card. Add and verify your production domain next.
- ✓Free forever tier included
- ✓Test keys for localhost — never billed
- ✓Full console after setup
02
Verify your domain
Add your production site and prove ownership with a DNS text record. Live keys unlock only after that.
- ✓One domain to start — add more later
- ✓Staging and localhost use test keys
- ✓Live traffic stays tied to your sites
03
Add one check to signup
Use the browser SDK, a server call, or both. On each signup or login you get a score, a verdict, and plain-language reasons.
- ✓Works with common auth stacks
- ✓You keep enforcement in your app
- ✓Optional signed webhooks when a check completes
04
Watch users who already got in
Turn on exposure monitoring for real accounts. If their email shows up in new credential exposure later, we alert you so you can reset access.
- ✓Alerts on new exposure — not old history
- ✓Console + optional webhook
- ✓Built for account takeover response
Install the SDK
Use a package manager with a bundler, or drop in the CDN script if you do not have one. Publishable keys (`pk_…`) stay in the browser; secret keys (`sk_…`) stay on your server.
Install
npm install @palisade/sdk
Browser SDK
import { init } from "@palisade/sdk";
const sdk = init({
publicKey: process.env.NEXT_PUBLIC_ABUSEGRAPH_PUBLISHABLE_KEY!,
edgeUrl: process.env.NEXT_PUBLIC_ABUSEGRAPH_EDGE_URL!,
});
const result = await sdk.check();
// result.score · result.verdict · result.summaryServer check
curl -X POST https://abusegraph.com/api/v1/check \
-H "x-api-key: $ABUSEGRAPH_SECRET_KEY" \
-H "x-abusegraph-site: acme.com" \
-H "content-type: application/json" \
-d '{"email":"user@example.com","event":"signup","site":"acme.com"}'