WHAT HAPPENS IF THE DECISION API IS UNREACHABLE?

The SDK is designed to fail open by default. If the Decision API is unreachable or times out (configurable, default 1500ms), every request is automatically allowed through. Your application is never impacted. You can disable fail-open on Enterprise plans for maximum security.

WHICH FRAMEWORKS AND LANGUAGES ARE SUPPORTED?

GoGuard ships native SDKs for Node.js (Express, Fastify, Next.js middleware), Python (Flask, FastAPI via WSGI middleware), and Go (net/http via handler wrapping). All SDKs share the same behavioral fingerprinting and decision logic, with local LRU verdict caching built in.

CAN I BUILD CUSTOM DETECTION RULES?

Yes. The Rules Engine lets you write conditions against any signal field — fingerprint request velocity, login failure rates, OTP request counts, unique IPs per fingerprint, unique endpoints per fingerprint, failed payments, and more. Rules can target specific endpoints, set priority order, and trigger block, challenge, or allow actions.

Behavioral API Security — Now Active

API
Abuse.
Stopped.

Behavioral fingerprinting and real-time threat decisions for every API request. Block bots, credential stuffing, scrapers, OTP bombers, and promo abusers — before they hit your handlers. 3 lines of code.

Start Protecting View SDK Docs

Node.jsPythonGoExpressFastifyNext.js

LIVE // THREAT FEED // DECISION ENGINE ONLINE

BLOCKEDCredential Stuffing193.32.x.x97%

BLOCKEDBot Network45.141.x.x99%

CHALLENGEDPromo Abuse77.88.x.x82%

BLOCKEDScraper103.21.x.x95%

DECISION LATENCY: <50MS
FAIL-OPEN: ENABLED

// CREDENTIAL STUFFING BLOCKED// IP-INDEPENDENT FINGERPRINTING// <50MS DECISIONS// FAIL-OPEN BY DEFAULT// NODE · PYTHON · GO

[ DECISION LATENCY ]

< 50ms

Edge decision API with local LRU cache. 1500ms configurable timeout.

[ ATTACK TYPES DETECTED ]

Bots · Credential Stuffing · Scraping · OTP Bombing · Promo Abuse · ATO · Fake Signups

[ APP DOWNTIME RISK ]

ZERO

Fail-open design — Shield unreachable means every request is allowed, not dropped.

How It
Works.

Every request passes through three stages before reaching your handler. Signals in, verdict out, enforcement automatic.

Signal Extraction & Fingerprinting

The SDK extracts IP, User-Agent, header order, Accept headers, request timing, body size, and method from every request. These are hashed into an IP-independent device fingerprint — it survives IP rotation because it is derived from behavioral signals, not network identity.

Real-Time Decision Engine

Extracted signals are sent to the Decision API, which runs ML models, IP reputation checks, rate-limit evaluation, and your custom rules in parallel. The verdict — allow, block, or challenge — is returned in under 50ms. Results are cached locally in an LRU cache (10,000 entries, 5-minute TTL) to eliminate redundant round-trips.

Verdict Enforcement & Signal Ingestion

Blocked requests are terminated with a 403 before touching your code. Challenged requests receive an X-Shield-Challenge header for downstream handling. All events are batched and sent to the Ingest service every 5 seconds or when 100 signals accumulate — asynchronously, with zero impact on response time.

// DETECTION COVERAGE

7 Attack Classes.
One Middleware.

[01]

Bot Networks

IP-independent fingerprint survives IP rotation across proxy pools and botnets.

[02]

Credential Stuffing

Same account targeted from many IPs; login failure rate per fingerprint exceeds threshold.

[03]

Scrapers

Regular request timing, sequential path traversal, high GET ratio, thin User-Agent diversity.

[04]

OTP Bombing

High OTP/SMS request rate per fingerprint in a rolling 1-hour window.

[05]

Promo Abuse

Same device fingerprint applying multiple promo codes or referral IDs.

[06]

Account Takeover

Password spraying pattern — many accounts, low attempts per account, spread across IPs.

[07]

Fake Signups

Same fingerprint creating multiple accounts with different emails in a short window.

[+]

Custom Rules

Define your own detection logic using any signal field via the Rules Engine in the dashboard.

3 Lines of Code.

The SDK auto-installs as middleware. Signals are extracted, fingerprint generated, decision fetched, and verdict enforced — before your route handler runs.

// 1. Install

$ npm install @goguard/node

// 2. Import and attach middleware

import express from 'express';

import { goguard } from '@goguard/node';

const app = express();

app.use(goguard({ apiKey: process.env.GOGUARD_API_KEY, mode: 'block' }));

// 3. Your routes are now protected

app.get('/api/login', (req, res) => { ... });

app.post('/api/signup', (req, res) => { ... });// bots auto-blocked

root@goguard:~#

// Verdict & fingerprint available in every route handler: req.goguardVerdict.action · req.goguardFingerprint · req.goguardRequestId

Fintech &
Authentication APIs.

Your login, signup, OTP, and payment endpoints are the primary targets. GoGuard sits in front of every request and terminates attacks before they ever count as a failed login attempt or trigger a fraud alert.

Credential Stuffing → blocked at fingerprint layer
OTP Bombing → rate-limited per device, not per IP
Promo / Referral Abuse → same fingerprint, many accounts

SaaS &
Data APIs.

Protect your data and pricing APIs from automated extraction. Shield detects scraping patterns — regular timing, sequential endpoint traversal, low header diversity — and terminates the session before data leaves your system.

Scrapers → behavioral timing & path sequence detection
Fake Signups → fingerprint reuse across email accounts
Bot Networks → IP-rotation-resistant fingerprinting

// SIMPLE PRICING

One plan. Full protection.

ProductionRecommended

$20/mo

Everything you need to protect your live application.

Get Started

What's included

31 security checks on every request
Node.js · Python · Go SDKs
ML threat scoring + custom rules
Security Scanner (code analysis)
Real-time dashboard + analytics
Slack / Webhook alerts
Email support

Enterprise

Custom

Dedicated infrastructure, SLA guarantees, and custom integrations.

Contact Sales

Everything in Production, plus

Unlimited decisions
Dedicated VPC deployment
Fail-closed mode available
SLA + 24/7 priority support
Custom integrations
Dedicated account manager

// OPERATOR LOG : 892.11.A

"We were losing thousands of dollars a month to credential stuffing on our login endpoint. After adding the Shield middleware, the attacks stopped in hours. The fingerprinting holds even when attackers cycle through residential proxies."

Sarah Jenkins

CTO, Nexus Financial

// OPERATOR LOG : 441.92.B

"Our promo system was being drained by bot farms using fresh email addresses. Shield's fingerprinting caught the device reuse across accounts within minutes. The custom rules engine let us tune the threshold without touching our codebase."

Dr. Marcus Chen

VP Engineering, HealthSync

System
Parameters.

Technical specifications and frequently asked questions about the GoGuard detection engine, SDK, and infrastructure.

GoGuard generates an IP-independent device fingerprint from header order, User-Agent, Accept headers, TLS signals, and request timing — all hashed into a single SHA-256 token. Because it is independent of IP address, it continues working even when attackers rotate IPs through proxies or botnets.

Stop Abuse.
Ship Faster.

Add GoGuard to your stack in under 30 minutes. No infrastructure changes. No security expertise required. Start blocking real attacks today.

Start Free Talk to Sales

APIAbuse.Stopped.

How ItWorks.