← BACK TO GUIDES

AbuseGraph + Express

Middleware for any Node API — secret key + site header.

Env

ABUSEGRAPH_SITE=acme.com
ABUSEGRAPH_CHECK_URL=https://your-app.vercel.app/api/v1/check
ABUSEGRAPH_SECRET_KEY=sk_live_…
ABUSEGRAPH_SECRET_KEY_TEST=sk_test_…

Middleware

import type { Request, Response, NextFunction } from "express"

export async function abusegraphGuard(
  req: Request,
  res: Response,
  next: NextFunction,
) {
  const email = req.body?.email
  if (!email) return next()

  const site = process.env.ABUSEGRAPH_SITE!
  const key =
    process.env.NODE_ENV === "production"
      ? process.env.ABUSEGRAPH_SECRET_KEY!
      : process.env.ABUSEGRAPH_SECRET_KEY_TEST!

  const check = await fetch(process.env.ABUSEGRAPH_CHECK_URL!, {
    method: "POST",
    headers: {
      "content-type": "application/json",
      "x-api-key": key,
      "x-abusegraph-site": site,
    },
    body: JSON.stringify({
      email,
      event: "signup",
      ip: req.ip,
      site,
    }),
  })

  const result = await check.json()
  if (result.verdict === "block") {
    return res.status(403).json({ error: "signup_blocked", ...result })
  }
  res.locals.abusegraph = result
  next()
}

curl

curl -X POST "$ABUSEGRAPH_CHECK_URL" \
  -H "x-api-key: $ABUSEGRAPH_SECRET_KEY" \
  -H "x-abusegraph-site: $ABUSEGRAPH_SITE" \
  -H "content-type: application/json" \
  -d '{"email":"user@example.com","event":"signup","site":"acme.com"}'