AbuseGraph + NextAuth
Score NextAuth createUser / signIn with the AbuseGraph check API.
Keys
| Key | Env | Use |
|---|---|---|
| Secret | ABUSEGRAPH_SECRET_KEY (sk_…) | Auth callbacks |
| Publishable | NEXT_PUBLIC_ABUSEGRAPH_PUBLISHABLE_KEY (pk_…) | Browser SDK |
| Site | ABUSEGRAPH_SITE | Licensed domain |
Env
ABUSEGRAPH_SITE=acme.com
ABUSEGRAPH_CHECK_URL=https://your-app.vercel.app/api/v1/check
ABUSEGRAPH_SECRET_KEY=sk_live_…
ABUSEGRAPH_SECRET_KEY_TEST=sk_test_…
Auth callbacks
async function abusegraphCheck(input: {
email: string
event: "signup" | "login"
}) {
const site = process.env.ABUSEGRAPH_SITE!
const key =
process.env.NODE_ENV === "production"
? process.env.ABUSEGRAPH_SECRET_KEY!
: process.env.ABUSEGRAPH_SECRET_KEY_TEST ??
process.env.ABUSEGRAPH_SECRET_KEY!
const res = await fetch(process.env.ABUSEGRAPH_CHECK_URL!, {
method: "POST",
headers: {
"content-type": "application/json",
"x-api-key": key,
"x-abusegraph-site": site,
},
body: JSON.stringify({ ...input, site }),
})
return res.json()
}
// In Auth.js / NextAuth events:
events: {
async createUser({ user }) {
if (!user.email) return
await abusegraphCheck({ email: user.email, event: "signup" })
},
async signIn({ user }) {
if (!user.email) return
await abusegraphCheck({ email: user.email, event: "login" })
},
}
Browser SDK (optional)
import { init } from "@palisade/sdk"
const sdk = init({
publicKey: process.env.NEXT_PUBLIC_ABUSEGRAPH_PUBLISHABLE_KEY!,
edgeUrl: process.env.NEXT_PUBLIC_ABUSEGRAPH_EDGE_URL!,
})
await sdk.check()