AbuseGraph + Express
Middleware for any Node API — secret key + site header.
Env
ABUSEGRAPH_SITE=acme.com
ABUSEGRAPH_CHECK_URL=https://your-app.vercel.app/api/v1/check
ABUSEGRAPH_SECRET_KEY=sk_live_…
ABUSEGRAPH_SECRET_KEY_TEST=sk_test_…
Middleware
import type { Request, Response, NextFunction } from "express"
export async function abusegraphGuard(
req: Request,
res: Response,
next: NextFunction,
) {
const email = req.body?.email
if (!email) return next()
const site = process.env.ABUSEGRAPH_SITE!
const key =
process.env.NODE_ENV === "production"
? process.env.ABUSEGRAPH_SECRET_KEY!
: process.env.ABUSEGRAPH_SECRET_KEY_TEST!
const check = await fetch(process.env.ABUSEGRAPH_CHECK_URL!, {
method: "POST",
headers: {
"content-type": "application/json",
"x-api-key": key,
"x-abusegraph-site": site,
},
body: JSON.stringify({
email,
event: "signup",
ip: req.ip,
site,
}),
})
const result = await check.json()
if (result.verdict === "block") {
return res.status(403).json({ error: "signup_blocked", ...result })
}
res.locals.abusegraph = result
next()
}
curl
curl -X POST "$ABUSEGRAPH_CHECK_URL" \
-H "x-api-key: $ABUSEGRAPH_SECRET_KEY" \
-H "x-abusegraph-site: $ABUSEGRAPH_SITE" \
-H "content-type: application/json" \
-d '{"email":"user@example.com","event":"signup","site":"acme.com"}'