Product

How it works

Four steps from empty account to protected signups — then ongoing watch for users who already got in.

01

Create your account

Sign up with email and password. No credit card. Add and verify your production domain next.

  • Free forever tier included
  • Test keys for localhost — never billed
  • Full console after setup

02

Verify your domain

Add your production site and prove ownership with a DNS text record. Live keys unlock only after that.

  • One domain to start — add more later
  • Staging and localhost use test keys
  • Live traffic stays tied to your sites

03

Add one check to signup

Use the browser SDK, a server call, or both. On each signup or login you get a score, a verdict, and plain-language reasons.

  • Works with common auth stacks
  • You keep enforcement in your app
  • Optional signed webhooks when a check completes

04

Watch users who already got in

Turn on exposure monitoring for real accounts. If their email shows up in new credential exposure later, we alert you so you can reset access.

  • Alerts on new exposure — not old history
  • Console + optional webhook
  • Built for account takeover response

Install the SDK

Use a package manager with a bundler, or drop in the CDN script if you do not have one. Publishable keys (`pk_…`) stay in the browser; secret keys (`sk_…`) stay on your server.

Install

npm install @palisade/sdk

Browser SDK

import { init } from "@palisade/sdk";

const sdk = init({
  publicKey: process.env.NEXT_PUBLIC_ABUSEGRAPH_PUBLISHABLE_KEY!,
  edgeUrl: process.env.NEXT_PUBLIC_ABUSEGRAPH_EDGE_URL!,
});

const result = await sdk.check();
// result.score · result.verdict · result.summary

Server check

curl -X POST https://abusegraph.com/api/v1/check \
  -H "x-api-key: $ABUSEGRAPH_SECRET_KEY" \
  -H "x-abusegraph-site: acme.com" \
  -H "content-type: application/json" \
  -d '{"email":"user@example.com","event":"signup","site":"acme.com"}'