Getting started

Quickstart

Get an Express app protected and reporting to your dashboard in a few minutes. For other stacks, see Frameworks & deployment.

Prerequisites

A Node.js app (≥ 14) - this guide uses Express.
A Silker account and an application with an API key. Create one in the dashboard (see Dashboard).

Install & protect

Install the SDK

npm

npm install @silker-ai/agent

Set your API key

Store the key from your dashboard as an environment variable. The SDK reads it automatically.

.env

SILKER_API_KEY=sk_your_api_key_here

Initialize and add the middleware

initSilker() hooks outgoing fetch (SSRF protection) and starts telemetry. middleware() inspects incoming traffic.

server.js

import express from 'express';
import { initSilker, middleware } from '@silker-ai/agent';

const app = express();

// Reads SILKER_API_KEY from env. Without a key, the SDK runs in
// detection-only mode (no telemetry) and never throws.
initSilker();

// Inspect every incoming request.
app.use(middleware());

app.get('/', (req, res) => res.send('Protected by Silker AI'));

app.listen(3000);

Verify

Start your app and send a malicious request. Silker should respond with 403 and the event should appear in your dashboard within seconds.

terminal

curl "http://localhost:3000/?q=1' OR '1'='1"
# -> blocked (403); a "SQL Injection" threat shows up in your dashboard

Detection runs locally, so protection works even before telemetry reaches the cloud. The API key only enables reporting, remote config, and shared IP bans.

What's next

Frameworks & deployment - Next.js, NestJS, Fastify, Docker proxy, Cloudflare.
SDK configuration - tune features, profiles, rate limits, and remote config.
Security features - the full detection reference.