Centinel AnalyticaCentinel Analytica

Dashboard

Copy your API keys, define protected endpoints, and monitor traffic.

What you'll do here

Copy your keys (site key + secret key)

Define what to protect (endpoints/paths and methods)

(Optional) Enable crawler metadata in /validate responses

API keys

Your API keys are in the Integration section of your dashboard. You have two keys:

  • Site key (public): used in the browser script URL. Safe to expose.
  • Secret key (sensitive): used as x-api-key when your backend calls /validate. Keep this server-side only—store it in environment variables or a secret manager.

Never expose the secret key

The x-api-key is server-only. Don't put it in client-side code, HTML, or public repositories.

Crawler metadata

Optionally enable crawler metadata to receive a crawler object in /validate responses. When enabled, identified crawlers include their name, category, and whether they are on your allowlist. This is useful for analytics and for writing policy rules that target specific crawler types.

After saving your dashboard changes, continue to:

Add scripts

Install the browser script using your site key, and make sure it loads wherever protected actions can be triggered.

Validate requests

Call /validate from your backend using your secret key, then enforce the returned decision.

Interstitial Challenge

How Centinel verifies uncertain visitors with a brief in-browser challenge before granting access.

Scripts

Optional browser script that enables interactive challenges, session continuity, and stronger detection.

On this page

What you'll do hereAPI keysCrawler metadata