Nyoxis LogoNyoxis/Docs
Get API Key

Express

Add Nyoxis threat detection to an Express 4 or 5 application as a request middleware.

Prerequisites

  • Node.js 18 or later
  • An Express application
  • A Nyoxis workspace API key — get one here

Install

bash
npm install node-fetch

Any HTTP client works. This example uses the native fetch API available in Node.js 18+, so no extra dependency is needed.

Middleware

Create middleware/nyoxis.js:

javascript
const NYO_API = "https://api.nyoxis.com"; /** * Nyoxis WAF middleware for Express. * * Options: * apiKey {string} required — your workspace API token * blockOnHigh {boolean} optional — auto-reject requests with risk === "high" * onError {string} optional — "open" (default) | "closed" */ function nyoxisWAF({ apiKey, blockOnHigh = false, onError = "open" } = {}) { if (!apiKey) throw new Error("nyoxis: apiKey is required"); return async function (req, res, next) { const payload = { method: req.method, path: req.path, query: req.query && Object.keys(req.query).length ? new URLSearchParams(req.query).toString() : undefined, headers: req.headers, ip_addr: req.ip, body: typeof req.body === "string" ? req.body : req.body && JSON.stringify(req.body), }; try { const response = await fetch(`${NYO_API}/v0/predict?api_key=${apiKey}`, { method: "POST", headers: { "Content-Type": "application/json" }, body: JSON.stringify(payload), signal: AbortSignal.timeout(3000), }); const verdict = await response.json(); // Attach the full verdict to req for downstream handlers req.nyoxis = verdict; if (blockOnHigh && verdict.prediction?.risk === "high") { return res.status(403).json({ error: "Forbidden" }); } next(); } catch (err) { // Fail open by default: do not block traffic when Nyoxis is unreachable if (onError === "closed") { return res.status(503).json({ error: "Service unavailable" }); } console.error("[nyoxis] prediction error:", err.message); next(); } }; } module.exports = { nyoxisWAF };

Register the middleware

javascript
const express = require("express"); const { nyoxisWAF } = require("./middleware/nyoxis"); const app = express(); app.use(express.json()); // Apply globally — runs on every request app.use( nyoxisWAF({ apiKey: process.env.NYOXIS_API_KEY, blockOnHigh: true, }), ); app.get("/", (req, res) => { // Access the verdict inside any route handler const risk = req.nyoxis?.prediction?.risk ?? "unknown"; res.json({ ok: true, risk }); }); app.listen(3000);

Acting on the verdict

The full prediction is attached to req.nyoxis. Common patterns:

javascript
app.use((req, res, next) => { const verdict = req.nyoxis; if (!verdict) return next(); const { risk, attacks } = verdict.prediction ?? {}; if (risk === "high") { // Block or redirect return res.status(403).send("Forbidden"); } if (attacks?.some((a) => a.kind === "sql_injection" && a.confidence > 0.8)) { // Log and alert without blocking console.warn("[security] SQL injection detected", { ip: req.ip, path: req.path, }); } next(); });

Next steps

  • API Reference — complete field descriptions and status codes.
  • Overview — how the classifier and redaction pipeline work.

Cookie preferences

Nyoxis uses essential cookies for authentication and session security. We only enable Analytics after you consent. See our Cookie Policy for details.