Everything you need to integrate, configure, and get the most out of GhostGuard's bot and email threat intelligence platform.
Step 1. Create your account and get your API key from the dashboard. Your first key is generated automatically on registration.
Step 2. Add the JS collector to every page you want to protect, just before </body>:
Step 3. Download your pre-keyed PHP client file from the Install guide tab in your dashboard, upload it to your server root, then add three lines to any PHP page you want to protect:
The JS collector gathers up to 24 behavioural and fingerprint signals over a 2–10 second window. These are beaconed to GhostGuard's collection endpoint, where a Python scoring engine analyses them asynchronously and writes a session score (0–100, higher = more human) back to the database.
When your PHP client calls the protection method, GhostGuard reads the stored score and returns a decision: allow or block. Bot sessions receive a silent 403 — no error page that reveals detection, no redirect, no CAPTCHA.
| Score range | Verdict | Action |
|---|---|---|
| 0 – 34 | bot | Silent 403 + auto-ban to ban_list |
| 35 – 64 | suspicious | Logged and monitored, request allowed |
| 65 – 100 | human | Allowed |
Default thresholds. Configurable per-account and per-domain from your dashboard.
Your customer website never includes GhostGuard's internal platform files. The PHP client file you download makes a single HTTPS POST to the GhostGuard guard API with your API key and the visitor's session ID. GhostGuard evaluates and responds — that's the entire integration surface.
Email support@privacyhash.com — we respond within one business day on all plans, same day on Pro and Enterprise.