Documentation

Setup Guide & API Reference

Get ShieldGuard protecting your APIs in minutes. Follow our step-by-step guide to integrate, configure, and monitor your security rules.

Quick Start (5 minutes)

1. Install ShieldGuard

bash

# Option A: Clone and run
git clone https://github.com/yourorg/shieldguard.git
cd shieldguard

# Option B: Install via pip
pip install shieldguard

2. Run database migrations

bash

python manage.py migrate

3. Create your account

Navigate to /accounts/signup/ and register your account.

4. Get your API key

Click "New Project" in your dashboard to generate your first API key. You'll need this key to protect your endpoints.

Protecting Your API

Python / Requests

Pass your API key in the X-Arcjet-Key header to authenticate requests.

python

import requests

headers = {"X-Arcjet-Key": "your_api_key_here"}
response = requests.get(
    "https://yourshieldguard.com/api/protected/",
    headers=headers
)
print(response.json())

Django Middleware

Add ShieldGuard middleware to your Django settings for automatic request protection.

python

# Add to your Django project settings.py
MIDDLEWARE = [
    # ... other middleware
    'shieldguard.middleware.ProtectMiddleware',
]

FastAPI

Use a custom middleware to validate API keys on every request.

python

from fastapi.middleware.cors import CORSMiddleware
from fastapi.responses import JSONResponse

@app.middleware("http")
async def shieldguard_middleware(request, call_next):
    api_key = request.headers.get("X-Arcjet-Key")
    if not api_key:
        return JSONResponse(
            {"error": "Missing API key"}, status_code=401
        )
    return await call_next(request)

Understanding Your Dashboard

Requests (24h)

Total API hits received by your projects in the last 24 hours. Tracks all incoming traffic regardless of outcome.

Blocked

Requests blocked by your security rules. Includes rate-limited, banned IPs, and flagged bot traffic.

Bots

Detected automated requests from crawlers, scrapers, and bots. Break down includes known user agents and behavioral detection.

Monthly Usage

Plan limit tracking for the current billing cycle. Shows requests used vs. your plan's monthly allowance.

Creating Security Rules

Rate Limiting

Set maximum requests per minute per IP. Automatically throttle or block clients exceeding your threshold.

Bot Detection

Block or flag known automated bots. Uses user-agent analysis, behavioral signals, and fingerprinting.

IP Blocking

Ban specific IPs or entire ranges from accessing your API. Permanent or time-limited blocks available.

Path Protection

Block common probe paths (.env, .git, wp-admin, etc.) to prevent reconnaissance.

AI Scrape Protection

Block AI data collectors and web scrapers from harvesting your content. Includes known bot signatures and AI-crawler fingerprints.

AI Cost Tracking

Track and monitor your AI API spending across all models and providers.

python

# Log AI request costs in your application
engine.log_ai_cost(
    model="gpt-4",
    tokens_in=1500,
    tokens_out=300,
    cost_usd=0.0065
)

Cost Breakdown

View detailed cost breakdown by model at /aitrack/costs/<slug>/

Budget Alerts

Set spending thresholds and get notified at /aitrack/budget-alert/

API Reference

All endpoints require authentication via the X-Arcjet-Key header.

GET /api/projects/ List your projects

POST /api/projects/create/ Create a new project

POST /api/projects/<slug>/rules/create/ Add a security rule

GET /api/projects/<slug>/rules/ List all rules

Pricing Plans

Starter

Free

Perfect for side projects

10K requests/month

●Rate Limiting
●Bot Detection
●1 Project
●Basic Analytics