Quickstart

Create a workspace, protect a sensitive action, send a test transaction, and read the result in the control plane.

1. Create your workspace

Sign up with your name, organization, email, and password. TxnShield provisions an organization, an owner membership, a starter project named Core API, and dev, staging, and production environments.

Each environment has its own keys, protected operations, reusable policies, events, and activation checklist. Keep test traffic in development until you have verified policy behavior.

2. Generate keys

Open your environment, go to Keys, and create one publishable key and one secret key. The publishable key identifies browser or client context. The secret key authenticates server-side evaluation and event ingestion.

Store the secret key only in server-side environment variables. Never ship it to a browser, mobile app, or client-side bundle.

Secret keys are server-only

A publishable key can appear in client code. A secret key can evaluate and publish protected transaction evidence, so it must stay on trusted infrastructure.

3. Install the SDK

bash

npm install @txnshield/sdk-node

4. Configure environment variables

Use the keys from the same TxnShield environment. Mixing a development publishable key with a production secret key makes events hard to understand and can cause policy mismatches.

bash

TXNSHIELD_PUBLISHABLE_KEY=txn_pub_...
TXNSHIELD_SECRET_KEY=txn_sec_...
TXNSHIELD_API_BASE_URL=http://localhost:3000

5. Protect one action

Start with a single concrete business operation such as invoice.export, customer.read_pii, vendor_invoice.approve, or bank_account.update. Avoid generic keys like create_record for runtime enforcement.

import { createTxnShieldNode } from "@txnshield/sdk-node";

const txnshield = createTxnShieldNode({
  secretKey: process.env.TXNSHIELD_SECRET_KEY!,
  apiBaseUrl: process.env.TXNSHIELD_API_BASE_URL!,
});

const decision = await txnshield.evaluate({
  operationKey: "invoice.export",
  actor: { id: user.id, roles: user.roles },
  resource: { type: "customer", id: customerId },
  requestData: { requestedCount: 25 },
});

if (decision.decision === "deny") {
  throw new Error("Transaction blocked by policy");
}

6. Verify the result

Run the protected action in your app. In TxnShield, open the environment Event Stream and Decision Logs. You should see the operation key, actor, resource, score, decision, reasons, and normalized signals.

If no event appears, check the secret key, ingest URL, environment selection, and server logs first.

7. Move toward production

Review the activation workflow, assign policies for your critical operations, rotate keys before launch, enable alerts, and configure webhooks if you need downstream incident handling.

Next steps

Keep going

Express / Node integration Next.js integration Go-live checklist