# ShieldLabs ## Docs - [API Reference](https://docs.shieldlabs.ai/api.md): ShieldLabs API reference — public endpoints for querying session data and webhook verification, plus the dashboard management API. - [Endpoints](https://docs.shieldlabs.ai/api/endpoint.md): ShieldLabs public API endpoints for querying session data — no JWT required, uses public_key and secret_key. - [Session History](https://docs.shieldlabs.ai/api/endpoint/history.md): GET /pub/{public_key}/{secret_key}/history/{search_type}/{value} — paginated session history for any identifier. - [Debug Snapshots](https://docs.shieldlabs.ai/api/endpoint/identify.md): GET /pub/{public_key}/{secret_key}/debug/{search_type}/{value} — retrieve the most recent session snapshots for a user, device, or visitor. - [Score Lookup](https://docs.shieldlabs.ai/api/endpoint/score.md): Look up the Trust Score for a specific session using the debug endpoint with search_type=request_id. - [Webhook Verification](https://docs.shieldlabs.ai/api/endpoint/webhook-verify.md): How to verify ShieldLabs webhook signatures using HMAC-SHA256. Reference implementations in Go, Node.js, Python, PHP, .NET, Rust, and Java. - [Data Models](https://docs.shieldlabs.ai/api/models.md): ShieldLabs API data models — Site, Snapshot, Score details, Pattern, and other response schemas. - [API Overview](https://docs.shieldlabs.ai/api/overview.md): ShieldLabs API base URLs, authentication, request format, and conventions. - [Billing](https://docs.shieldlabs.ai/billing.md): ShieldLabs billing — request-based pricing, balance, payment methods, and usage tracking. - [Changelog](https://docs.shieldlabs.ai/changelog.md): ShieldLabs platform changelog — new features, improvements, and bug fixes. - [Concepts](https://docs.shieldlabs.ai/concepts.md): Core concepts behind ShieldLabs: Trust Score, detection signals, device and visitor identifiers, behavior patterns, and scoring rules. - [Behavior Patterns](https://docs.shieldlabs.ai/concepts/behavior.md): ShieldLabs tracks multi-session behavior patterns across DeviceID, VisitorID, and UserHID to detect coordinated fraud and velocity abuse. - [Device Fingerprinting](https://docs.shieldlabs.ai/concepts/devices.md): ShieldLabs collects 30+ browser signals to build a device fingerprint. Learn what data is collected, how the DeviceID is computed, and what it detects. - [Identifiers](https://docs.shieldlabs.ai/concepts/ids.md): ShieldLabs uses five identifiers to track sessions, devices, visitors, and users: RequestID, SessionID, CookieID, DeviceID, VisitorID, and UserHID. - [Reasons (Signal Descriptions)](https://docs.shieldlabs.ai/concepts/reasons.md): Complete list of signal description strings that appear in the Details array of every ShieldLabs webhook payload. - [Scoring Rules](https://docs.shieldlabs.ai/concepts/rules.md): How ShieldLabs resolves conflicting signals — VPN detection, browser VPN collapse, and exclusive IP flags. - [Detection Signals](https://docs.shieldlabs.ai/concepts/signals.md): Every signal that contributes to the ShieldLabs Trust Score — point values, when they fire, and what they indicate. - [Trust Score](https://docs.shieldlabs.ai/concepts/trust-score.md): ShieldLabs Trust Score ranges from 0 (clean) to 999 (banned). Learn what each score range means, what signals contribute, and how to use thresholds in your application. - [Cookbook](https://docs.shieldlabs.ai/cookbook.md): Real integration patterns for common fraud prevention use cases: 2FA on suspicious login, checkout protection, rate limit bypass detection, KYC, and affiliate fraud. - [Affiliate Fraud Detection](https://docs.shieldlabs.ai/cookbook/affiliate-fraud.md): Detect fraudulent affiliate traffic, fake installs, and bot-driven conversions using ShieldLabs Trust Score and device fingerprinting. - [Checkout Protection](https://docs.shieldlabs.ai/cookbook/checkout.md): Detect carding, payment fraud, and bot-driven checkout attacks using ShieldLabs Trust Score at the payment step. - [KYC / Identity Verification](https://docs.shieldlabs.ai/cookbook/kyc.md): Add risk-based friction before KYC document submission. Use ShieldLabs Trust Score to catch fraudsters before they consume KYC provider API calls. - [Login with 2FA](https://docs.shieldlabs.ai/cookbook/login-2fa.md): Require two-factor authentication only for suspicious sessions at login. Use ShieldLabs Trust Score to avoid friction for legitimate users while blocking bots. - [Rate Limit Bypass Detection](https://docs.shieldlabs.ai/cookbook/rate-limit-bypass.md): Detect bots that cycle IPs and user agents to bypass rate limiting. Use ShieldLabs DeviceID and Trust Score to enforce consistent per-device limits. - [Dashboard](https://docs.shieldlabs.ai/dashboard.md): ShieldLabs dashboard overview — manage domains, view analytics, inspect sessions, and configure detection rules. - [Analytics](https://docs.shieldlabs.ai/dashboard/analytics.md): ShieldLabs analytics dashboard — view request volume, Trust Score distribution, country breakdown, and risk trends over time. - [Rules](https://docs.shieldlabs.ai/dashboard/rules.md): Configure custom detection rules in ShieldLabs — set score thresholds, define automatic actions, and create signal-based policies. - [Sessions](https://docs.shieldlabs.ai/dashboard/sessions.md): Inspect individual ShieldLabs sessions — search by IP, DeviceID, VisitorID, UserHID, view fingerprint details and score breakdown. - [Traffic Score](https://docs.shieldlabs.ai/dashboard/traffic-score.md): Traffic Risk on the dashboard Overview — average request risk, volume, trends, and score distribution for your traffic. - [Errors](https://docs.shieldlabs.ai/errors.md): ShieldLabs API error codes and how to handle them. - [FAQ](https://docs.shieldlabs.ai/faq.md): Frequently asked questions about ShieldLabs integration, Trust Score, webhooks, and bot detection. - [ShieldLabs — Bot Detection & Fraud Prevention](https://docs.shieldlabs.ai/index.md): Real-time bot detection, device fingerprinting, and trust scoring for web applications. Protect your users and business from fraud, scraping, and automated attacks. - [Privacy & GDPR](https://docs.shieldlabs.ai/privacy-gdpr.md): ShieldLabs privacy practices, GDPR compliance, data minimization, and what data is collected by the JS snippet. - [Quickstart](https://docs.shieldlabs.ai/quickstart.md): Get your first Trust Score in under 5 minutes. Add the ShieldLabs JS snippet, configure a webhook, and start receiving bot detection results. - [Rate Limits](https://docs.shieldlabs.ai/rate-limits.md): ShieldLabs REST gateway rate limiting and authentication throttling. - [JavaScript SDK](https://docs.shieldlabs.ai/sdk.md): ShieldLabs JS snippet reference. Load via CDN, call checkAnonymous() or checkAuthenticatedUser() to fingerprint and score a browser session. - [Advanced SDK](https://docs.shieldlabs.ai/sdk/advanced.md): Advanced ShieldLabs SDK usage: noscript beacon for JS-disabled bots, user ID hashing, force check patterns, and SPA routing. - [SDK Events](https://docs.shieldlabs.ai/sdk/events.md): Browser-side events emitted by the ShieldLabs JS snippet during fingerprint collection and submission. - [Security](https://docs.shieldlabs.ai/security.md): ShieldLabs security practices — webhook signature verification, key rotation, HTTPS requirements, and responsible disclosure. - [Setup](https://docs.shieldlabs.ai/setup.md): Step-by-step guide to integrating ShieldLabs into your web application: API keys, SDK, CSP, webhooks, and domain verification. - [Endpoints & URLs](https://docs.shieldlabs.ai/setup/architecture.md): Public ShieldLabs URLs for the browser snippet, dashboard, APIs, and webhooks. - [Content Security Policy](https://docs.shieldlabs.ai/setup/csp.md): Add the required CSP directives to allow ShieldLabs SDK and API connections when using Content-Security-Policy headers. - [Domain Setup](https://docs.shieldlabs.ai/setup/domain.md): Manage your domains in ShieldLabs. Each domain gets its own public key, secret key, webhook URL, and traffic weight allocation. - [Environments](https://docs.shieldlabs.ai/setup/environments.md): Configure ShieldLabs for development and production environments. Use separate domains per environment to isolate traffic and test webhooks locally. - [API Keys](https://docs.shieldlabs.ai/setup/keys.md): ShieldLabs uses two keys per domain: a public key for the browser SDK and a secret key for server-side authentication and webhook verification. - [Webhooks](https://docs.shieldlabs.ai/setup/webhooks.md): Receive real-time Trust Scores on your server. ShieldLabs POSTs a signed JSON payload to your endpoint within ~1 second of the browser check. ## OpenAPI Specs - [openapi](https://docs.shieldlabs.ai/references/openapi.yaml)