Stop fraud in under 10 minutes with Guardian's comprehensive fraud detection platform.
Guardian Stack is a fraud detection platform that helps businesses protect their applications from bots, account takeover, VPN abuse, browser tampering, and sophisticated fraud attempts. Guardian Stack capabilities include:
1
Real-time fraud detection
Identify bots, VPNs, incognito browsing, and browser tampering with enterprise-grade accuracy.
2
Risk assessment
Get actionable fraud signals and confidence scores for every visitor interaction.
3
Developer-friendly
Simple 3-line integration that works with any stack.
1. Get your API keys
Sign up for Guardian Stack to get your site key and secret key.
Copy your Site Key (for client-side integration)
Copy your Secret Key (for server-side event retrieval)
import { loadAgent } from'@guardianstack/guardian-js';// Initialize the agent once when your app startsconstguardian=awaitloadAgent({ siteKey:'YOUR_SITE_KEY'});// Call .get() when you need fraud protection (login, signup, payment, etc.)// Don't call on every page load - only for critical user actionsconstresponse=awaitguardian.get();constrequestId=response?.requestId;// Send requestId to your server for fraud analysis// Your backend will use this ID to get the full fraud assessment
3. Get fraud signals on your server
Install the server SDK to analyze fraud signals:
You can also call the Guardian Stack API directly from your backend without using the server SDK:
Make sure to replace YOUR_EVENT_ID and YOUR_GUARDIAN_SECRET_KEY.
Example response:
4. Make fraud decisions
Use the fraud signals to protect your application:
🎉 You're protected!
Congratulations! You now have enterprise-grade fraud detection running in your application. Here's what you've accomplished:
✅ Real-time fraud detection - Your app now identifies bots, VPNs, and suspicious behavior
✅ Risk-based decisions - You can block, challenge, or allow users based on fraud signals
✅ Production-ready - Your integration is secure and scales with your traffic
import {
createGuardianClient,
isBot,
isVPN,
isTampering,
isIncognito,
isVirtualized,
} from '@guardianstack/guardianjs-server';
// Initialize the client once in your app with your secret key
const client = createGuardianClient({
secret: process.env.GUARDIAN_SECRET_KEY
});
// In your API route handler (e.g., /api/login, /api/signup)
// Use the requestId from the client-side guardian.get() call
const event = await client.getEvent(requestId);
// Get simple boolean fraud indicators for quick decisions
const risks = {
bot: isBot(event), // Selenium, Puppeteer, headless browsers
vpn: isVPN(event), // VPN/proxy usage detection
tampering: isTampering(event), // Anti-detect browsers, spoofed APIs
incognito: isIncognito(event), // Private/incognito browsing mode
virtualized: isVirtualized(event) // VM or emulated environments
};
// Now make your fraud decision based on these risks
// Example fraud prevention logic in your API endpoint
// Adjust thresholds based on your risk tolerance and user experience goals
if (risks.bot || risks.tampering || risks.virtualized) {
// High-risk indicators: automated attacks, spoofed environments
// These almost always indicate malicious intent
return { action: 'block', reason: 'Suspicious automation detected' };
}
if (risks.vpn && risks.incognito) {
// Medium-risk: privacy tools + anonymization
// Could be legitimate privacy-conscious users or fraud attempts
return { action: 'challenge', reason: 'Additional verification required' };
}
// Low-risk: Normal user behavior
// Let the request proceed without friction
return { action: 'allow' };
// Pro tip: You can also combine with other signals like:
// - Geographic anomalies (user suddenly in different country)
// - Velocity checks (too many requests too quickly)
// - Account history (new account vs established user)
