Issue a key pair instantly, bind it to your domain, and start for free.

There is no account gate in this flow. You submit a domain or origin, AstraCaph returns a public site key plus a private verification secret, and that key pair only works for the bound origin.

Generate Keys

Bind a domain and receive a live API key pair.

Submit `example.com` or `https://example.com`. Domains without a protocol are normalized to `https://` automatically.

Save the `sk_live` server secret immediately after registration. It is required for backend verification and for deleting the bound domain later.

How it works

`POST /api/v1/sites` creates a new key pair without login and binds it to one exact origin such as `https://example.com`.

The returned `siteKey` is used in the widget embed. The returned `secret` stays on your backend and is sent only to `/api/v1/verify`.

Domains without a protocol are normalized to `https://` automatically so the binding stays strict and predictable for production use.

The risk engine also checks the IP through multiple free IP databases and increases risk when the address looks like hosting, proxy, VPN, or Tor infrastructure.

Save `sk_live` and the TXT backup. The same secret is required for backend verification and for deleting the domain later.

Remove Domain

Deletion requires the original sk_live secret.

To remove a bound domain, provide the same origin and the matching `sk_live` server secret. Without that secret the domain cannot be deleted.