Authentication
DGuard uses a two-layer authentication system to ensure maximum security in all integrations.
Credentials
To access the API you will need the following credentials:
client_id
Unique identifier for your application
client_secret
Secret key for your application (never share)
api_key
API key for request authentication
Credentials are obtained from the DGuard Partner Portal (URL provided during onboarding).
Get Access Token
Before making any API calls, you must obtain a valid access token.
Request
POST /auth/tokenHeaders
Content-Type: application/jsonBody
{
"grant_type": "client_credentials",
"client_id": "your_client_id",
"client_secret": "your_client_secret",
"scope": "fraud:read fraud:write darkweb:read phishing:read vpn:manage"
}Available Scopes
Read fraud detections
Manage frauds and refunds
Read dark web alerts
Read phishing detections
Read SMS phishing
Read spam calls
Manage VPN connections
Send push notifications
Success Response (200 OK)
{
"access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...",
"token_type": "Bearer",
"expires_in": 3600,
"scope": "fraud:read fraud:write darkweb:read phishing:read vpn:manage",
"issued_at": "2025-01-14T15:30:00Z"
}Using the Access Token
Include the token in the Authorization header of all requests:
curl -X GET "{base_url}/fraud/transactions" \
-H "Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9..." \
-H "Content-Type: application/json" \
-H "X-Api-Key: your_api_key"Rate Limits
60 requests/minute
1,000 requests/day
1,000 requests/minute
100,000 requests/day
10,000 requests/minute
Unlimited requests/day
Rate Limit Headers
X-RateLimit-Limit: 1000
X-RateLimit-Remaining: 999
X-RateLimit-Reset: 1705244400Security Recommendations
Store client_secret and api_secret securely (vault, env vars)
Implement credential rotation every 90 days
Use HTTPS exclusively
Implement retry with exponential backoff
Log and monitor all API accesses