← SecuriLayer API Reference

Integration Guide

Overview

SecuriLayer can be integrated in multiple ways depending on your platform and use case. This guide covers the most common integration patterns.

Quick Start (5 minutes)

1

Get Access

Start the Telegram bot @SecuriLayerAI_Bot and authenticate. You'll receive a JWT token automatically. For API-only access, create an API key from the Web Admin panel.

2

Check Your First URL

Send a POST request with your token:

curl -X POST https://api.securilayer.dev/v1/decision/url \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"url": "https://example.com", "platform": "api"}'
3

Read the Verdict

The response contains a Decision Contract with verdict (allow/warn/block), confidence (0–1), reasons (array of deterministic explanations), and evidence_refs.

Telegram Bot Integration

Add to Group

  1. Add @SecuriLayerAI_Bot to your Telegram group
  2. Grant admin permissions (delete messages, ban users)
  3. The bot starts scanning URLs automatically
  4. Configure policy via /settings or the Web Admin panel

Commands

CommandContextDescription
/check <url>DM / GroupCheck a URL, returns verdict with reasons
/startDMWelcome message and bot info
/sdrDMOpen SDR partner program menu
/helpDM / GroupCommand reference

Telegram WebApp

The bot includes a Mini App (WebApp) accessible via the "Кабинет" button. It provides URL checking, history, plan management, SDR dashboard, and bot settings — all within Telegram.

Discord Bot Integration

Add to Server

  1. Invite the bot via the OAuth2 link (contact sales for the invite URL)
  2. Grant required permissions: Manage Messages, Read Message History, Send Messages
  3. Enable MESSAGE_CONTENT intent for auto-scanning
  4. The bot auto-scans all messages in all channels for malicious URLs

Slash Commands

CommandDescription
/check url:<URL>Check a URL, returns embed with verdict
/statusBot protection status
/settingsView/change server settings
/statsServer scan statistics
/policyView policy profile
/allowlist add domain:<d>Add to allow-list
/denylist add domain:<d>Add to deny-list
/helpAll commands
Auto-scan: The Discord bot runs a Gateway connection that monitors all messages in real time. Malicious links are automatically deleted; suspicious links trigger a warning embed.

REST API Integration

For custom applications, chatbots, CRM systems, or internal tools.

Authentication

Two methods:

Python Example

import requests

API = "https://api.securilayer.dev"
TOKEN = "your_jwt_or_api_key"

resp = requests.post(f"{API}/v1/decision/url", json={
    "url": "https://suspicious-link.xyz/login",
    "platform": "api",
}, headers={"Authorization": f"Bearer {TOKEN}"})

data = resp.json()
if data["verdict"] == "block":
    print(f"BLOCKED: {data['reasons']}")
elif data["verdict"] == "warn":
    print(f"WARNING: {data['reasons']}")

JavaScript/Node.js Example

const resp = await fetch('https://api.securilayer.dev/v1/decision/url', {
  method: 'POST',
  headers: {
    'Authorization': `Bearer ${TOKEN}`,
    'Content-Type': 'application/json',
  },
  body: JSON.stringify({ url: 'https://suspicious.example', platform: 'api' }),
});
const { verdict, reasons, confidence } = await resp.json();
console.log(`${verdict}: ${reasons.join(', ')} (${Math.round(confidence*100)}%)`);

SIEM / SOAR Integration

For Teams and Company plans:

Webhook Setup

POST /v1/webhooks
{
  "url": "https://your-siem.example/webhook",
  "events": ["decision.created", "policy.changed", "approval.completed"],
  "secret": "your_hmac_secret"
}
Security: Always verify the HMAC signature before processing webhook payloads. See API Reference → Webhooks for verification code.

Best Practices