Centinel AnalyticaScripts
Add the Centinel Analytica script to pages where protected actions can happen—login forms, checkout, signup, etc.
Add the script tag
Drop this in your page <head> and replace SITE_KEY with your site key (from the Dashboard).
<html>
<head>
<script src="https://collector.centinelanalytica.com/script.js?site_key=SITE_KEY"></script>
<!-- Rest of the head -->
</head>
<body>
<!-- Page content -->
</body>
</html>Where to include it
Add the script to any page where a protected request can be triggered:
- login pages (or any page with a login form/modal)
- signup / password reset pages
- checkout flows
- content download pages
If you have a single-page app (SPA), load it once globally in your base layout so it's available across routes.
Single-page apps
If your site navigates client-side, install the script once in the global layout (not per route) to avoid double-loading.
Wait until ready
To make sure the script has loaded and is ready, check window.cen.initialized. If it isn't ready yet, wait for the CentinelInitialized event.
function whenCentinelReady(cb) {
if (window.cen && window.cen.initialized) {
cb();
return;
}
const handler = () => {
window.removeEventListener('CentinelInitialized', handler);
cb();
};
window.addEventListener('CentinelInitialized', handler);
}
// Example usage
whenCentinelReady(() => {
login();
});Next step
After the script is installed, your backend should call /validate on protected requests:
Policy rules
Write rules that decide which requests to allow, block, rate-limit, or scrutinize. Covers evaluation order, matcher fields, pattern syntax (RE2 regex, glob, CIDR), directives, and examples.
Security groups
Grant scoped read, write, or admin access on specific resources to your team. Covers default groups, templates, allow vs deny semantics, and how the resolver decides what each member can do.