Introducing Z-secure - One stop solution for web attack protection. Free for first 100 Users!

API Reference

This page provides the complete reference for all available SecureShield API endpoints and client methods. It serves as the guide for configuring and utilizing the SecureShield security suite to protect your web applications.

Authentication

All API requests require authentication using your SecureShield API key. This key should be included in theAuthorization header as a bearer token for every request:

Authorization: Bearer your-api-key

Rate Limiting Methods

shield.rateLimit(options)

Configure rate limiting for specific API endpoints to prevent abuse and ensure fair usage.

This method allows you to set a limit on the number of requests that can be made to an endpoint within a defined time window. You can also configure client-specific identifiers and customize actions to take when limits are exceeded.

// Parameters
{
  limit: number;         // Required: Request limit (e.g., 1000 requests)
  window: string;        // Required: Time window (e.g., "1h", "1d") 
}

Attack Prevention Methods

shield.attackPrevention(options)

Configure attack prevention settings to secure your web application from common vulnerabilities.

This method provides a set of options to enable protection against various attack vectors such as SQL Injection (SQLi), Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), and more. You can define a custom action for each attack type, as well as custom rules based on specific attack patterns.

// Parameters
{
  protections: {
    xss?: boolean;                // Enable protection against XSS attacks
    sqli?: boolean;               // Enable protection against SQL Injection
    csrf?: boolean;               // Enable protection against CSRF attacks
    directoryTraversal?: boolean; // Enable protection against Directory Traversal attacks
    commandInjection?: boolean;   // Enable protection against Command Injection attacks
  };
  mode: "block" | "report";       // Choose "block" to block attacks or "report" to log and monitor 
                                     them
  customRules?: Array<{
    pattern: string;              // Regex pattern to match attack vectors
    action: string;               // Action to take when pattern is matched 
                                     (e.g., "block", "log")
  }>;
}

Response Codes

The SecureShield API returns standard HTTP response codes to indicate the status of your request. Here’s what they mean:

  • 200 - Success: The request was processed successfully.
  • 400 - Bad Request: The request was malformed or missing required parameters.
  • 401 - Unauthorized: The API key is missing or invalid.
  • 403 - Forbidden: The API key does not have permission to access the resource.
  • 429 - Too Many Requests: The rate limit for the endpoint has been exceeded.
  • 500 - Internal Server Error: A server-side error occurred during the request processing.

Best Practices

To ensure optimal usage of the SecureShield API, consider following these best practices:

  • Always use secure connections: Ensure all API requests are made over HTTPS to prevent man-in-the-middle attacks.
  • Regularly rotate your API keys: Periodically regenerate and update your API keys to maintain security.
  • Monitor your API usage: Keep track of request volume and rate limiting to ensure you're not exceeding your limits.
  • Customize protections based on your application: Tailor the attack prevention settings to the specific needs of your application to maximize security.