Next.js Integration

Integrate VerifyWall with Next.js in minutes

Add fraud detection to your Next.js application using Server Actions or API routes with zero client-side exposure of your API key.

Get API KeyRead the Docs
1

Set up your environment

Store your API key in .env.local. Next.js automatically loads environment variables, and server-side variables are never exposed to the client.

VERIFYWALL_API_KEY=your-api-key-here
2

Create a verification utility

Create a server-side utility that wraps the VerifyWall API. This runs only on the server, keeping your API key secure.

const VERIFYWALL_URL =
  process.env.VERIFYWALL_URL || 'https://api.verifywall.com';

export async function verify({
  email,
  ip,
}: {
  email?: string;
  ip?: string;
}) {
  const response = await fetch(`${VERIFYWALL_URL}/v1/verify`, {
    method: 'POST',
    headers: {
      Authorization: `Bearer ${process.env.VERIFYWALL_API_KEY}`,
      'Content-Type': 'application/json',
    },
    body: JSON.stringify({ email, ip }),
  });

  if (!response.ok) {
    throw new Error(`VerifyWall API error: ${response.status}`);
  }

  const json = await response.json();
  return json.data.attributes;
}
3

Add to your registration Server Action

Call VerifyWall in a Server Action to verify signups. The API key stays on the server and is never sent to the browser.

'use server';

import { verify } from '@/lib/verifywall';
import { headers } from 'next/headers';

export async function registerAction(formData: FormData) {
  const email = formData.get('email') as string;
  const password = formData.get('password') as string;
  const headersList = await headers();
  const ip = headersList.get('x-forwarded-for')?.split(',')[0];

  const risk = await verify({ email, ip });

  if (risk.risk_level === 'high') {
    return {
      error: 'We could not verify your identity. Please try again.',
    };
  }

  const user = await createUser({
    email,
    password,
    riskScore: risk.risk_score,
  });

  // Set session and redirect
  return { redirect: '/dashboard' };
}
4

Verify the integration

Create a quick test API route to confirm the connection is working.

import { verify } from '@/lib/verifywall';
import { NextResponse } from 'next/server';

export async function GET() {
  const result = await verify({
    email: '[email protected]',
  });

  return NextResponse.json(result);
}
// Visit /api/test-verify to see the response

Frequently asked questions

Should I call VerifyWall from the client or server?

Always from the server. Use Server Actions, API routes, or middleware to call VerifyWall. This keeps your API key secure and prevents users from bypassing the check by disabling JavaScript.

Does this work with the Pages Router?

Yes. Use API routes (pages/api/verify.ts) instead of Server Actions. The verification utility module works identically — only the calling pattern differs between App Router and Pages Router.

Can I use VerifyWall in Next.js middleware?

Yes. You can call VerifyWall from middleware.ts to check IPs on every request. However, be mindful of latency — middleware runs on every matching request. For most applications, checking at registration is more efficient.

Related resources

Ready to integrate?

Get your API key and start protecting your Next.js application in minutes.

Get Started FreeAPI Documentation