Arcjet logo

Arcjet

Arcjet is a security-as-code platform for developers, delivering rate limiting, bot detection, email validation, sensitive-information detection, and a Shield WAF as building blocks embedded directly in application code via SDKs. The SDK is the primary interface; it runs a local WebAssembly analysis module and calls Arcjet's Decide service - a Connect/gRPC (protobuf) decision API at decide.arcjet.com - for stateful decisions like rate limiting and advanced bot detection.

7 APIs 0 Features
SecurityRate LimitingBot DetectionWAFDeveloper Security

APIs

Arcjet Decide API

The core Connect/gRPC decision service (proto.decide.v1alpha1.DecideService, Decide and Report RPCs) that the Arcjet SDK calls for stateful security decisions. ConnectRPC suppor...

Arcjet Rate Limiting

Token-bucket, fixed-window, and sliding-window rate limiting configured as code and enforced through the SDK, with cross-request state tracked by the cloud Decide service. Limit...

Arcjet Bot Detection

Identifies and classifies automated clients, allowing or denying known bots by category. Basic identification runs locally in the SDK WebAssembly module; advanced bot signals ar...

Arcjet Email Validation

Validates email addresses for syntax, deliverability, disposable and no-MX-record domains, and free providers, used to block fake or fraudulent signups. Invoked through the SDK ...

Arcjet Sensitive Information Detection

Detects PII and other sensitive data (emails, phone numbers, credit cards, IP addresses, or custom patterns) in request bodies. Detection runs locally in the SDK WebAssembly mod...

Arcjet Shield WAF

WAF-like protection against common attacks such as SQL injection, cross-site scripting, and other OWASP-style threats, applied to requests flowing through the SDK and evaluated ...

Arcjet SDKs

The primary, supported interface to Arcjet. SDKs ship for Node.js, Next.js, Bun, Deno, SvelteKit, NestJS, Remix, Astro, React Router, Fastify, and Python, each wrapping the Conn...

Visuals

Arcjet screenshot

Resources

👥
GitHubOrganization
GitHubOrganization
🔗
LinkedIn
LinkedIn
🔗
Website
Website
🔗
Documentation
Documentation
🔗
Plans
Plans
🔗
RateLimits
RateLimits
🔗
FinOps
FinOps

Sources

Raw ↑ 
aid: arcjet
url: https://raw.githubusercontent.com/api-evangelist/arcjet/refs/heads/main/apis.yml
name: Arcjet
kind: company
description: Arcjet is a security-as-code platform for developers, delivering rate
  limiting, bot detection, email validation, sensitive-information detection, and a
  Shield WAF as building blocks embedded directly in application code via SDKs. The
  SDK is the primary interface; it runs a local WebAssembly analysis module and calls
  Arcjet's Decide service - a Connect/gRPC (protobuf) decision API at decide.arcjet.com
  - for stateful decisions like rate limiting and advanced bot detection.
image: https://kinlane-images.s3.amazonaws.com/shared/apis-json/apis-json-logo.jpg
tags:
- Security
- Rate Limiting
- Bot Detection
- WAF
- Developer Security
created: '2026-06-20'
modified: '2026-06-20'
specificationVersion: '0.19'
apis:
- aid: arcjet:arcjet-decide-api
  name: Arcjet Decide API
  tags:
  - Decision
  - Protect
  - Connect
  - gRPC
  image: https://kinlane-images.s3.amazonaws.com/shared/apis-json/apis-json-logo.jpg
  humanURL: https://docs.arcjet.com/architecture
  baseURL: https://decide.arcjet.com
  properties:
  - url: https://docs.arcjet.com/architecture
    type: Documentation
  - url: https://docs.arcjet.com/reference/nodejs
    type: APIReference
  - url: openapi/arcjet-openapi.yml
    type: OpenAPI
  - url: collections/arcjet.postman_collection.json
    type: PostmanCollection
  - url: collections/arcjet.opencollection.json
    type: OpenCollection
  - url: https://github.com/arcjet/arcjet-js
    type: GitHub
  description: The core Connect/gRPC decision service (proto.decide.v1alpha1.DecideService,
    Decide and Report RPCs) that the Arcjet SDK calls for stateful security decisions.
    ConnectRPC supports gRPC over HTTP/2 and an HTTP/1.1 + JSON POST fallback to the
    same service. This is not a typical public REST API - the SDK is the primary,
    supported interface; the transport is documented here conservatively for reference.
- aid: arcjet:arcjet-rate-limiting
  name: Arcjet Rate Limiting
  tags:
  - Rate Limiting
  - Throttling
  - Quotas
  image: https://kinlane-images.s3.amazonaws.com/shared/apis-json/apis-json-logo.jpg
  humanURL: https://docs.arcjet.com/rate-limiting/concepts
  baseURL: https://decide.arcjet.com
  properties:
  - url: https://docs.arcjet.com/rate-limiting/concepts
    type: Documentation
  - url: https://docs.arcjet.com/rate-limiting/reference
    type: APIReference
  - url: openapi/arcjet-openapi.yml
    type: OpenAPI
  description: Token-bucket, fixed-window, and sliding-window rate limiting configured
    as code and enforced through the SDK, with cross-request state tracked by the
    cloud Decide service. Limits are keyed on characteristics such as IP, user ID,
    or API key.
- aid: arcjet:arcjet-bot-detection
  name: Arcjet Bot Detection
  tags:
  - Bot Detection
  - Bots
  - Automation
  image: https://kinlane-images.s3.amazonaws.com/shared/apis-json/apis-json-logo.jpg
  humanURL: https://docs.arcjet.com/bot-protection/concepts
  baseURL: https://decide.arcjet.com
  properties:
  - url: https://docs.arcjet.com/bot-protection/concepts
    type: Documentation
  - url: https://docs.arcjet.com/bot-protection/reference
    type: APIReference
  - url: openapi/arcjet-openapi.yml
    type: OpenAPI
  description: Identifies and classifies automated clients, allowing or denying known
    bots by category. Basic identification runs locally in the SDK WebAssembly module;
    advanced bot signals are resolved via the cloud Decide service.
- aid: arcjet:arcjet-email-validation
  name: Arcjet Email Validation
  tags:
  - Email Validation
  - Signup
  - Anti-Fraud
  image: https://kinlane-images.s3.amazonaws.com/shared/apis-json/apis-json-logo.jpg
  humanURL: https://docs.arcjet.com/email-validation/concepts
  baseURL: https://decide.arcjet.com
  properties:
  - url: https://docs.arcjet.com/email-validation/concepts
    type: Documentation
  - url: https://docs.arcjet.com/email-validation/reference
    type: APIReference
  - url: openapi/arcjet-openapi.yml
    type: OpenAPI
  description: Validates email addresses for syntax, deliverability, disposable and
    no-MX-record domains, and free providers, used to block fake or fraudulent signups.
    Invoked through the SDK against the Decide service.
- aid: arcjet:arcjet-sensitive-info-detection
  name: Arcjet Sensitive Information Detection
  tags:
  - Sensitive Info
  - PII
  - Data Protection
  image: https://kinlane-images.s3.amazonaws.com/shared/apis-json/apis-json-logo.jpg
  humanURL: https://docs.arcjet.com/sensitive-info/concepts
  baseURL: https://decide.arcjet.com
  properties:
  - url: https://docs.arcjet.com/sensitive-info/concepts
    type: Documentation
  - url: https://docs.arcjet.com/sensitive-info/reference
    type: APIReference
  - url: openapi/arcjet-openapi.yml
    type: OpenAPI
  description: Detects PII and other sensitive data (emails, phone numbers, credit
    cards, IP addresses, or custom patterns) in request bodies. Detection runs locally
    in the SDK WebAssembly module so sensitive content need not leave the application.
- aid: arcjet:arcjet-shield-waf
  name: Arcjet Shield WAF
  tags:
  - Shield
  - WAF
  - Attack Protection
  image: https://kinlane-images.s3.amazonaws.com/shared/apis-json/apis-json-logo.jpg
  humanURL: https://docs.arcjet.com/shield/concepts
  baseURL: https://decide.arcjet.com
  properties:
  - url: https://docs.arcjet.com/shield/concepts
    type: Documentation
  - url: https://docs.arcjet.com/shield/reference
    type: APIReference
  - url: openapi/arcjet-openapi.yml
    type: OpenAPI
  description: WAF-like protection against common attacks such as SQL injection, cross-site
    scripting, and other OWASP-style threats, applied to requests flowing through
    the SDK and evaluated by the Decide service.
- aid: arcjet:arcjet-sdks
  name: Arcjet SDKs
  tags:
  - SDK
  - JavaScript
  - TypeScript
  - Python
  image: https://kinlane-images.s3.amazonaws.com/shared/apis-json/apis-json-logo.jpg
  humanURL: https://docs.arcjet.com/get-started
  baseURL: https://decide.arcjet.com
  properties:
  - url: https://docs.arcjet.com/get-started
    type: Documentation
  - url: https://github.com/arcjet/arcjet-js
    type: GitHub
  - url: https://www.npmjs.com/package/arcjet
    type: SDK
  description: The primary, supported interface to Arcjet. SDKs ship for Node.js,
    Next.js, Bun, Deno, SvelteKit, NestJS, Remix, Astro, React Router, Fastify, and
    Python, each wrapping the Connect/gRPC Decide protocol and the local WebAssembly
    analysis module.
common:
- type: GitHubOrganization
  url: https://github.com/arcjet
- type: LinkedIn
  url: https://www.linkedin.com/company/arcjet
- type: Website
  url: https://arcjet.com
- type: Documentation
  url: https://docs.arcjet.com
- type: Plans
  url: plans/arcjet-plans-pricing.yml
- type: RateLimits
  url: rate-limits/arcjet-rate-limits.yml
- type: FinOps
  url: finops/arcjet-finops.yml
maintainers:
- FN: Kin Lane
  email: kin@apievangelist.com