GoGuard SDK for Python — behavioral API security in 3 lines of code
Project description
goguard
API security for Python. One line of code blocks fake signups, bot traffic, credential stuffing, and phone fraud.
Install
pip install goguard
Setup
Flask
from flask import Flask
from goguard import GoGuard
app = Flask(__name__)
guard = GoGuard(api_key="sk_live_...")
app = guard.protect(app)
@app.route("/signup", methods=["POST"])
def signup():
# only legitimate requests reach here
return {"ok": True}
FastAPI
from fastapi import FastAPI
from goguard import GoGuard
app = FastAPI()
guard = GoGuard(api_key="sk_live_...")
app = guard.protect_asgi(app)
@app.post("/signup")
async def signup():
# only legitimate requests reach here
return {"ok": True}
Django
# settings.py
MIDDLEWARE = ["goguard.DjangoMiddleware", ...]
GOGUARD_API_KEY = "sk_live_..."
No other code changes needed. Works with any WSGI/ASGI framework — Flask, FastAPI, Django, Starlette, Falcon, Sanic.
What it blocks
| Category | Attacks stopped |
|---|---|
| Email fraud | Disposable domains, plus-tag tricks, Gmail dot tricks, fake domains (no MX) |
| Phone fraud | VoIP/virtual numbers, suspicious country codes, phone-country mismatch |
| Credential stuffing | Automated login attempts across multiple IPs |
| Bots & scrapers | Sequential crawling, timing-based detection, high GET ratio |
| Rate abuse | Per-IP and per-fingerprint sliding window limits |
| Known threats | IP blocklists, watchlists, threat intelligence feeds |
| Anomalies | ML-based anomaly scoring per customer baseline |
| Custom rules | Your own block/challenge rules via the dashboard |
Configuration
guard = GoGuard(
api_key="sk_live_...", # required
mode="block", # "block" | "monitor" (default: "block")
exclude_paths=["/health"], # skip these paths
timeout=1.5, # seconds before fail-open (default: 1.5)
fail_open=True, # never break your app (default: True)
# toggle auto-protection (all on by default)
protect_email=True,
protect_phone=True,
protect_login=True,
on_block=lambda environ, reason: print(f"Blocked: {reason}"),
on_error=lambda err: print(f"GoGuard: {err}"),
)
Enrichment data (optional)
If you want access to the analysis results:
Flask
@app.route("/signup", methods=["POST"])
def signup():
enrichment = request.environ.get("goguard.enrichment", {})
email = enrichment.get("email", {}).get("normalized", request.json["email"])
# "v.i.c.t.i.m@gmail.com" → "victim@gmail.com"
FastAPI
@app.post("/signup")
async def signup(req: Request, body: SignupBody):
enrichment = getattr(req.state, "goguard_enrichment", {}) or {}
email = enrichment.get("email", {}).get("normalized", body.email)
| Field | Type | Description |
|---|---|---|
enrichment["email"] |
dict |
Present if email detected in body |
enrichment["phone"] |
dict |
Present if phone detected in body |
enrichment["stuffing"] |
dict |
Present on login paths |
goguard.request_id |
str |
Unique request ID |
goguard.fingerprint |
str |
Device fingerprint |
goguard.verdict |
Verdict |
{ action, reason, confidence } |
Advanced: analysis methods
For deeper fraud investigation (audit scripts, admin tools), use GoGuardClient directly:
from goguard import GoGuardClient, GoGuardConfig
client = GoGuardClient(GoGuardConfig(api_key="sk_live_..."))
Find fake account clusters in your database:
result = client.detect_email_abuse(
["john@gmail.com", "j.o.h.n@gmail.com", "john+1@gmail.com"]
)
# {"is_abuse": True, "total_fake_accounts": 2, "clusters": [...]}
Detect phone number cycling:
result = client.detect_phone_cycling([
{"phone": "+14155551111", "timestamp": 1711600000000},
{"phone": "+447911123456", "timestamp": 1711600060000},
])
# {"is_cycling": True, "unique_phones": 2, "unique_countries": 2}
Single email/phone analysis:
email = client.analyze_email("test+1@mailinator.com")
# {"is_disposable": True, "normalized": "test@mailinator.com", "risk_score": 0.7}
phone = client.analyze_phone("+37255001234")
# {"is_suspicious_country": True, "country_name": "Estonia", "risk_score": 0.3}
Response headers
| Header | Value |
|---|---|
X-GoGuard-Request-Id |
Unique request ID |
X-GoGuard-Action |
allow, block, or challenge |
Requirements
- Python 3.9+
httpx >= 0.27.0
Links
License
MIT
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
goguard_sdk-0.2.0.tar.gz
(22.7 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file goguard_sdk-0.2.0.tar.gz.
File metadata
- Download URL: goguard_sdk-0.2.0.tar.gz
- Upload date:
- Size: 22.7 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
fd4a03bdbdc8b52663433de14543d23dd8b0213f764d0eccb869b169151647a4
|
|
| MD5 |
3e3ee8eba2183ac58f122d931825955c
|
|
| BLAKE2b-256 |
4b99617176ec90a081fdc346225911f8b6d7209d0fb542814248c629bf1f991c
|
File details
Details for the file goguard_sdk-0.2.0-py3-none-any.whl.
File metadata
- Download URL: goguard_sdk-0.2.0-py3-none-any.whl
- Upload date:
- Size: 24.8 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
6eabeb05284a7b73cc451ff048697855e0b35847f9670d55995b80ab5afe8a9b
|
|
| MD5 |
17be11c1c72b072862a06d27129260b5
|
|
| BLAKE2b-256 |
4ec0628dd83837f3b2fd2ab1688a6c1a10611cb873e89eced99299556c0531c8
|
