Introducing Z-secure - One stop solution for web attack protection. Free for first 100 Users!

Getting Started

Welcome to Z-secure-service's documentation! This guide will walk you through the process of setting up Z-secure-service in your web applications. Our API provides comprehensive security solutions to protect against threats like rate limiting, bot protection, and attack prevention. Z-secure-service offers an easy-to-integrate, developer-friendly suite to enhance the security of your web application.

Quick Start

To get started with Z-secure-service, follow these simple steps to integrate our API into your application:

  1. Sign up for an account: Create a Z-secure-service account at Z-secure-service Sign-Up.
  2. Generate an API key: Once logged in, go to your dashboard and generate a unique API key to authenticate your requests.
  3. Install the client library: Install Z-secure-service's client library to your project using npm or yarn.
  4. Initialize the client: Use your API key to initialize the client and start using Z-secure-service's security features.

Installation

Z-secure-service offers an easy-to-use client library that you can install in your project. You can install it using npm:

 npm install z-secure-service

Basic Usage

Here's a basic example of how to use Z-secure-service in your application to set up rate limiting for an API endpoint:

import ZSecure from 'z-secure-service';

const rate = ZSecure({
  API_KEY: 'your-api-key', // Replace with your generated API key
  baseUrl: 'http://localhost:3000', // Base URL for the ZSecure service
  rateLimitingRule: {
    algorithm: 'FixedWindowRule', // Use the Fixed Window algorithm for rate limiting
    rule: {
      limit: 5, // Maximum number of requests allowed within the window
      windowMs: 60000, // Time window in milliseconds (60 seconds)
    }
  }
});

// Define a route for the root URL
app.get('/', async (req, res) => {
  // Protect the route using the rate limiter
  const result = await rate.protect(req, userId, 1);
  
  // Check if the request is denied
  if (!result.isdenied) {
    res.send('Hello, World!'); // Send a response if the request is allowed
  } else {
    res.send(result.message); // Send the denial message if the request is denied
  }
});

Handling Errors

It is essential to handle errors gracefully in your application. Z-secure-service will throw errors if an API call fails, and it's best practice to catch and handle these errors. Here's an example:


const rate = ZSecure({
    API_KEY: "YOUR_API_KEY", // Your API key for authentication
    ZSECURE_URL: "YOUR_ZSECURE_URL", // Base URL for the ZSecure service
    shieldRule: {
        mode: "LIVE", // Mode of the shield rule
        limit: 5, // Maximum number of requests allowed within the shield window
        threshold: 5, // Threshold for triggering the shield rule
        windowMs: 60000 // Time window in milliseconds (60 seconds)
    }
});
  try {
  // Example: Enabling rate limit protection
  await rate.protect({
    request: req, // Request object from Express
    userId: "user123", // Unique identifier for the user
    requests: 1 // Number of requests to protect
  });
} catch (error) {
  console.error("An error occurred while configuring rate limiting:", error);
  // Handle the error, such as showing a message to the user or retrying the request
}

Response Handling

When you interact with the Z-secure-service API, it will return standard HTTP status CodeBlocks to indicate the result of your request. Here are some common response CodeBlocks you should be aware of:

  • 200 - Success: The request was processed successfully.
  • 400 - Bad Request: The request was malformed or missing required parameters.
  • 401 - Unauthorized: The API key is missing or invalid.
  • 403 - Forbidden: The API key does not have permission to access the requested resource.
  • 429 - Too Many Requests: Rate limit has been exceeded for the given time window.
  • 500 - Internal Server Error: An error occurred on Z-secure-service's server.

Best Practices

For optimal integration and security, we recommend the following best practices:

  • Always use HTTPS: Make sure to use secure connections for all API interactions to protect sensitive data.
  • Rotate your API keys regularly: Periodically regenerate and update your API keys to prevent unauthorized access.
  • Handle errors gracefully: Always ensure your application can handle API errors, including rate limiting and server errors, without crashing.
  • Monitor your usage: Use monitoring tools to track your API usage, rate limits, and any security events or anomalies.