Introduction
Sentinel is Turnstile for APIs. It blocks 92% of bot signups without CAPTCHAs by rendering sub-50ms trust decisions using infrastructure and behavioral signals. Replace brittle security logic with a single outcome-focused check.
Authentication
Sentinel uses your Dashboard API keys (Sentinel Vectors) to authenticate requests. We support two primary methods:
1. Standard Header
Used for internal server-to-server communication.
x-api-key: sk_live_8b31a5c2f019...
2. Bearer Token
Standardized for web widgets and mobile integrations.
Authorization: Bearer sk_live_8b31a5c2f019...
Sentinel Widget
The fastest way to protect your frontend is our self-bootstrapping widget. It handles UI, animations, and cryptographic Proof-of-Work (PoW) automatically.
Implementation
Place the target `div` and the script tag in your HTML. The widget will automatically find the element and initialize.
<!-- 1. The Placeholder --> <div id="sentinel-widget" data-sitekey="YOUR_API_KEY"></div> <!-- 2. The Native Library --> <script src="https://api.risksignal.com/widget.js" async defer></script>
Success Handoff
Upon successful verification, the widget automatically injects a hidden input into the nearest form and fires a custom event.
document.addEventListener('sentinelSuccess', (e) => {
const token = e.detail.trust_token;
console.log("Trust Established:", token);
});
API: Core Analysis
/v1/check
Performs a deep forensic analysis on a target IP or domain.
Request Parameters
{
"target": "8.8.8.8",
"profile": "api | signup | payments",
"privacy_mode": "strict | full"
}
Response Decision
{
"allow": false,
"risk": "untrusted",
"remediation": {
"type": "challenge",
"recommended": true,
"behavioral_duration": 3.0
}
}
Manual Challenge Architecture
For custom UI implementations, use our decoupled challenge endpoints. These requests do not burn your analysis quota.
/v1/challenge/issue
Generates a stateless challenge for a specific IP.
/v1/challenge/verify
Validates the Proof-of-Work and issues a Trust Token.