Back to Documentation

Alerts & Security

Configure email alerts for fraud activity and manage API key security.

Fraud Alerts

Overview

Get notified when fraud activity exceeds your threshold. Alerts help you stay informed about your ad campaign health without constantly checking the dashboard.

Instant
Real-time alerts
Daily Digest
Once per day
Weekly
Weekly summary

Configuration

  1. Navigate to Account Settings

    Click on your profile in the top right, then "Account Settings".

  2. Enable Email Alerts

    Toggle the "Email Alerts" switch to turn on notifications.

  3. Set Fraud Threshold

    Choose the percentage of fraud that triggers an alert. For example, set to 5% to be notified when your fraud rate exceeds 5%.

  4. Choose Frequency

    Select how often you want to receive alerts: Instant, Daily Digest, or Weekly.

Alert Frequencies

Instant Alerts

Get notified as soon as fraud is detected, with a maximum of one email per hour to prevent inbox flooding. Best for high-value campaigns where immediate action is needed.

Daily Digest

Receive a summary email once per day at 9 AM (your timezone) with all fraud activity from the past 24 hours. Good balance of awareness without constant notifications.

Weekly Summary

Get a weekly report every Monday morning with aggregate statistics and trends. Best for low-traffic sites or when you want a high-level overview.

Alert Email Content

When an alert is triggered, you'll receive an email containing:

  • Current fraud rate across all your properties
  • Number of fraudulent visitors detected
  • Top triggered rules (e.g., datacenter IP, rapid clicks)
  • Estimated savings from blocked clicks
  • Quick action links to view details in the dashboard
Example Alert Email
Fraud Alert: My Landing Page
Your fraud rate has exceeded 5% (currently at 8.2%)
Last 24 hours:
  • - 45 fraudulent visitors blocked
  • - Top rule: Datacenter IP (28 triggers)
  • - Estimated savings: $67.50
[View Dashboard] [Adjust Settings]

API Key Security

About API Keys

Each property has a unique API key used to authenticate requests to the ClickDefender tracking script and API. Keep your API keys secure and never expose them in client-side code.

Security Warning: Never share your API key publicly or commit it to version control. If your key is compromised, rotate it immediately.

Rotating API Keys

Regularly rotate your API keys as a security best practice, or immediately if you suspect a key has been compromised.

  1. Go to Property Settings

    Navigate to your property and click the "Settings" icon.

  2. Find API Key Section

    Scroll to the API Key card showing your current key (masked).

  3. Click "Rotate Key"

    A new key will be generated immediately.

  4. Update Your Integration

    Copy the new key and update your tracking code. The old key is invalidated immediately.

Important: After rotating, you'll receive an email with your new API key. The old key stops working immediately, so update your integration right away.

API Key Best Practices

  • 1.Rotate regularly — Change your API key every 90 days as a security best practice.
  • 2.Use environment variables — Store keys in environment variables, not in code.
  • 3.Server-side only — API keys should only be used from your server, never in browser JavaScript.
  • 4.Audit access — Only give API key access to team members who need it.
  • 5.Rotate on team changes — When a team member with API access leaves, rotate the key.

Alternative Notification Methods

In addition to email alerts, ClickDefender supports other notification methods:

Slack Alerts

Get real-time notifications in your team's Slack channel.

Learn more →
Webhooks

Send fraud events to your own systems via HTTP webhooks.

Learn more →

Need Help?

Questions about alerts or security? We're here to help.