Centinel AnalyticaCentinel Analytica

Dashboard

Copy your API keys, define protected endpoints, and monitor traffic.

What you'll do here

Copy your keys (site key + secret key)

Define what to protect (endpoints/paths and methods)

(Optional) Enable crawler metadata in /validate responses

API keys

Your API keys are in the Integration section of your dashboard. You have two keys:

  • Site key (public): used in the browser script URL. Safe to expose.
  • Secret key (sensitive): used as x-api-key when your backend calls /validate. Keep this server-side only—store it in environment variables or a secret manager.

Never expose the secret key

The x-api-key is server-only. Don't put it in client-side code, HTML, or public repositories.

Verify your setup

After saving your dashboard changes:

Add scripts

Install the browser script using your site key, and make sure it loads wherever protected actions can be triggered.

Validate requests

Call /validate from your backend using your secret key, then enforce the returned decision.

Common mistakes

  • Secret key in client-side code: never ship x-api-key to the browser.
  • Scripts missing on form pages: if a protected action can be triggered from a page, that page needs the script.
  • Wrong client IP: behind proxies/CDNs, make sure you pass the real client IP to /validate, not the proxy IP.

Introduction

How to deploy Centinel Analytica on your site and customize protection settings.

Scripts

Add the Centinel Analytica script to pages where protected actions can happen—login forms, checkout, signup, etc.

On this page

What you'll do hereAPI keysVerify your setupCommon mistakes