Endpoints & URLs

ShieldLabs uses several hostnames. Use this page as a quick reference — details are in API Keys, Webhooks, and API Overview.

Browser (client-side)

These hosts are contacted by the JS snippet from your users’ browsers:

Host	Purpose
`cdn.shieldlabs.ai`	Load `snippet.js`
`rest.shieldlabs.ai`	Send fingerprint data
`webrtc.shieldlabs.ai`	WebRTC session (parallel to fingerprint)
`ice.shieldlabs.ai:3478`	STUN (UDP)
`cdn.jsdelivr.net`	Fingerprint library (allow in CSP if strict)

Development: same hostnames with a dev. prefix where applicable (e.g. dev.rest.shieldlabs.ai).

Server (your backend)

Host	Purpose
`account.shieldlabs.ai`	Dashboard API (`/api/`) and session lookup (`/pub/`)
`dashboard.shieldlabs.ai`	Web UI
`api.shieldlabs.ai`	Optional webhook registration via `/{domain}:{secret}/callback`

Recommended: manage domains and webhooks through the dashboard or account.shieldlabs.ai/api/* with a JWT token. Pub API (query sessions from your server):

https://account.shieldlabs.ai/pub/{public_key}/{secret_key}/...

Dashboard API (login, domains, analytics):

https://account.shieldlabs.ai/api/...
Authorization: Bearer <token>

Integration flow (overview)

Add the snippet from cdn.shieldlabs.ai — it sends data to rest.shieldlabs.ai.
Register a webhook URL in the dashboard (or via API).
Receive a signed POST with the Trust Score; verify Assing with your secret key.

You may receive one or two webhooks per check (Phase: "initial" and optionally "update" after WebRTC). See Webhooks.

Keys

Each domain has a public key (snippet, 32 hex chars) and a secret key (server-only, 32 hex chars). See API Keys.

​Endpoints & URLs

​Browser (client-side)

​Server (your backend)

​Integration flow (overview)

​Keys

Endpoints & URLs

Browser (client-side)

Server (your backend)

Integration flow (overview)

Keys