Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.lintliot.com/llms.txt

Use this file to discover all available pages before exploring further.

This guide walks you from zero to a protected, live application. By the end, you’ll have the LintLiot SDK running in your app, your first request flowing through the dashboard, and the 7-day learning mode building a behavioral baseline for your app.
1

Create your account

Go to app.lintliot.com and sign up with your email or GitHub account. LintLiot creates your account, a free plan, and your first app record automatically.Once you’re in, you’ll land on the dashboard. It shows a neutral “not connected” state — that’s expected until your SDK connects.
2

Get your API key

In the dashboard, open Settings for your app. Copy the API key — it starts with lintliot_.Add it to your project’s .env file:
LINTLIOT_API_KEY=lintliot_your_key_here
Keep your API key out of source control. LintLiot will flag hardcoded API keys as a critical finding if you commit one to GitHub.
3

Install the SDK

Install the package from npm:
npm install @lintliot/sdk
Then run the init command:
npx lintliot init
The init command detects your framework (Next.js, Express, Fastify, or Koa), creates a lintliot.config.ts file, and inserts the middleware in the correct place automatically. You don’t need to configure anything.
4

Verify the integration

After npx lintliot init completes, your middleware should look like one of these depending on your framework:
import { withLintliot } from '@lintliot/sdk/next'

export default withLintliot({ apiKey: process.env.LINTLIOT_API_KEY! })

export const config = {
  matcher: ['/((?!_next|static|favicon).*)'],
}
The SDK is designed to fail open — if LintLiot’s servers are unreachable, requests pass through normally. Your app never goes down because of LintLiot.
5

Send your first request

Start your development server and make any HTTP request to your app — a page load, an API call, anything. LintLiot intercepts the request before your code runs.Within a few seconds, go back to your dashboard. You’ll see:
  • “LintLiot is live!” confirmation
  • Your Security Score appearing for the first time
  • The learning mode progress indicator starting at Day 1 of 7
  • The request logged in the Monitor view
The dashboard updates in real time via a live event stream — no refresh needed.
6

Watch learning mode begin

For the first 7 days, LintLiot observes your app’s traffic without blocking anything beyond basic WAF rules. It builds five behavioral baselines specific to your app:
  • Traffic patterns — requests per minute by hour and day of week
  • Geographic distribution — which countries your users come from
  • User behavior — how many requests a typical session makes
  • Authentication patterns — normal login attempt rates and failure rates
  • Data access patterns — how many records a typical API response returns
Your dashboard shows the learning progress. On Day 8, you’ll receive an email and a dashboard notification: “Your app’s security profile is ready.” One button enables enforcement mode and personalized protection activates.
During learning mode, your app is still protected by standard WAF rules, bot detection, and rate limiting. Learning mode only affects the behavioral thresholds — not baseline security.

What’s next

After your first request is flowing, explore the rest of the dashboard:

How it works

Understand the request lifecycle and what happens on Day 8 when enforcement activates.

Security score

See what’s affecting your score and how to push it toward 100.

Next.js SDK

Advanced configuration for the Next.js middleware adapter.

Express SDK

Per-route rate limits, permission guards, and route registration for Express.