← BACK TO GUIDES

AbuseGraph + NextAuth

Score NextAuth createUser / signIn with the AbuseGraph check API.

Keys

KeyEnvUse
SecretABUSEGRAPH_SECRET_KEY (sk_…)Auth callbacks
PublishableNEXT_PUBLIC_ABUSEGRAPH_PUBLISHABLE_KEY (pk_…)Browser SDK
SiteABUSEGRAPH_SITELicensed domain

Env

ABUSEGRAPH_SITE=acme.com
ABUSEGRAPH_CHECK_URL=https://your-app.vercel.app/api/v1/check
ABUSEGRAPH_SECRET_KEY=sk_live_…
ABUSEGRAPH_SECRET_KEY_TEST=sk_test_…

Auth callbacks

async function abusegraphCheck(input: {
  email: string
  event: "signup" | "login"
}) {
  const site = process.env.ABUSEGRAPH_SITE!
  const key =
    process.env.NODE_ENV === "production"
      ? process.env.ABUSEGRAPH_SECRET_KEY!
      : process.env.ABUSEGRAPH_SECRET_KEY_TEST ??
        process.env.ABUSEGRAPH_SECRET_KEY!
  const res = await fetch(process.env.ABUSEGRAPH_CHECK_URL!, {
    method: "POST",
    headers: {
      "content-type": "application/json",
      "x-api-key": key,
      "x-abusegraph-site": site,
    },
    body: JSON.stringify({ ...input, site }),
  })
  return res.json()
}

// In Auth.js / NextAuth events:
events: {
  async createUser({ user }) {
    if (!user.email) return
    await abusegraphCheck({ email: user.email, event: "signup" })
  },
  async signIn({ user }) {
    if (!user.email) return
    await abusegraphCheck({ email: user.email, event: "login" })
  },
}

Browser SDK (optional)

import { init } from "@palisade/sdk"

const sdk = init({
  publicKey: process.env.NEXT_PUBLIC_ABUSEGRAPH_PUBLISHABLE_KEY!,
  edgeUrl: process.env.NEXT_PUBLIC_ABUSEGRAPH_EDGE_URL!,
})

await sdk.check()