Documentation

Everything you need to integrate XSS IDS into your web application and start detecting attacks.

Quick Start

1

Create an Account

Sign up for a free XSS IDS account and verify your domain ownership.

Create account →
2

Add the Script Tag

Add our lightweight JavaScript snippet to your site's head section: 

<script src="https://cdn.xss-ids.com/v1/YOUR_SITE_ID.js" async></script>

Replace YOUR_SITE_ID with the unique ID provided in your dashboard.

3

Configure Alerts

Set up your notification preferences in the dashboard to receive alerts via:

  • Email notifications
  • Slack webhooks
  • Custom webhooks
  • PagerDuty (Enterprise)
4

You're Protected!

XSS IDS is now monitoring your site for potential attacks. View incidents and analytics in your dashboard.

API Reference

Webhook Payload

When an incident is detected, XSS IDS will send a POST request to your configured webhook URL with the following payload: 

{
  "id": "incident_abc123",
  "timestamp": "2024-01-15T10:30:00Z",
  "domain": "example.com",
  "type": "xss_detection",
  "severity": "high",
  "details": {
    "method": "alert",
    "payload": "XSS attack detected",
    "url": "https://example.com/vulnerable-page",
    "user_agent": "Mozilla/5.0...",
    "ip_address": "192.168.1.100"
  },
  "metadata": {
    "referrer": "https://google.com",
    "timestamp_ms": 1705316200000
  }
}

Configuration API

Programmatically manage your XSS IDS settings:

Get Domain Settings

GET https://api.xss-ids.com/v1/domains/{domain_id}
Authorization: Bearer YOUR_API_KEY

Update Alert Settings

PUT https://api.xss-ids.com/v1/domains/{domain_id}/alerts
Authorization: Bearer YOUR_API_KEY
Content-Type: application/json

{
  "email_enabled": true,
  "slack_webhook": "https://hooks.slack.com/...",
  "custom_webhook": "https://your-api.com/webhook"
}

Get Incidents

GET https://api.xss-ids.com/v1/domains/{domain_id}/incidents
Authorization: Bearer YOUR_API_KEY

Query Parameters:
- limit: Number of incidents (default: 50, max: 1000)
- offset: Pagination offset
- from: Start date (ISO 8601)
- to: End date (ISO 8601)

Integration Examples

React/Next.js

import Head from 'next/head'

export default function Layout({ children }) {
  return (
    <>
      <Head>
        <script 
          src="https://cdn.xss-ids.com/v1/YOUR_SITE_ID.js" 
          async 
        />
      </Head>
      <main>{children}</main>
    </>
  )
}

WordPress

Add to your theme's functions.php file:

function add_xss_ids_script() {
    wp_enqueue_script(
        'xss-ids',
        'https://cdn.xss-ids.com/v1/YOUR_SITE_ID.js',
        array(),
        null,
        false
    );
}
add_action('wp_enqueue_scripts', 'add_xss_ids_script');

Django

Add to your base template:

<!-- base.html -->
<head>
    {% load static %}
    <script src="https://cdn.xss-ids.com/v1/{{ XSS_IDS_SITE_ID }}.js" async></script>
</head>

Need help getting started?

Our support team is here to help you integrate XSS IDS and optimize your security posture.

Start free trial Contact support