SDK Integration | Django - Monitor mode

Getting Started

This is a crisp and precise integration guide that will facilitate the integration of ShieldSquare - Real-time Bot Management Solution for Web Apps, Mobile & APIs at the application level using our Django SDK. Please login and download the connectors from here

If you face the below issue while installing pycurl, 

Please run the below Commands:

Integrating ShieldSquare in Monitor Mode

ShieldSquare integration in the monitor mode is divided into 3 simple steps

  1. Integrate the Code
  2. Verify Integration
  3. Move changes to production

Integrate the Code

On integrating the code, the SDK will start making API calls to ShieldSquare solution and the response received is in the form of a response code. The response code directly indicates the action to be taken based on the incoming request. All API calls made to ShieldSquare, (in monitor mode) by default would be asynchronous in nature, based on the compatibility of the website platform. In case your website platform does not support asynchronous calls, please reach out to support for further assistance.

Please follow the below outlined steps to integrate the code in Monitor Mode:

  1. Set the configuration file
  2. Integrating the API call to the code
  3. Integrating the JS call to the code

1. Set the configuration file:

Change 1 

Open the file and replace the sid parameter with your Sandbox ID. Refer the below snapshot

Change 2 

Replace the ss2_domain in the file parameter with the ShieldSquare endpoint nearest to your server. Refer the below snapshot.

Example :If your server is located in the US, config.ss2_domain = '';

In order to understand the function and use of each of the parameters listed in the ss2_config.rb file, refer the below table.


This holds the subscriber id of the user, and can be obtained by clicking on the Subscriber id details link on the dashboard. Choose Sandbox Id as you are integrating for the very first time

Important Note: Sandbox ID is meant for only testing and verification purposes and requests sent using this ID will not be persisted by ShieldSquare Service.

modeSets the mode of the operation depending on the mode of activation. Set value to ‘Monitor’ in this case.StringYes
timeout_valueThis parameter indicates the time limit after which an API call has to be timed out. No synchronous API call would block for more than the value specified to this parameter.

Important Note:To know the optimum value to be set as timeout, run this jar file on your server and note the value. Refer to the guide for detailed steps to achieve the same. Download the ‘jar’ file. The jar may take about 15 minutes to run before it gives an output.
Numeric value (measured in milliseconds)Yes
ipaddressThis is set to the HTTP header which indicates the IP address of the user. The default value is “auto”.StringYes
ss2_domainSelect the ShieldSquare server closest to the website’s server and assign it to the _ss2_domain property. Available options are:

Quick Tip:To help you find out our nearest servers use this Jar file.For other locations, refer this Link. For further assistance, please reach us at
domain_ttlThis parameter indicates the time after which _domain_cache_file is reloaded. The default time is 3600 seconds 

Important Note: To disable the caching feature, set the value as -1
Numeric value (measured in seconds)No

Set this parameter as True if you want to enable logging.

Note: By default this parameter is set as False. This parameter is only used for debugging, hence it is advisable to keep it as False.

ip_indexSet the position of valid IP in this parameter.
  • If ip_index contains positive value(starting from 1), IPs will be checked from left to right until valid IP is found.
  • If ip_index contains negative value(starting from -1), IPs will be checked from right to left until valid IP is found.
other_headersSet this parameter as True if you want to send other headers.

Note: By default this parameter is set as False
_deployment_numberIdentifier denoting different families of configuration settings in your serversStringYes
content_filterSet as True if static content filtering is required for extensions mentioned in the 'content_type_list' parameter.BooleanYes
content_type_listAppend the static resource extensions that have to be filtered to avoid API calls to ShieldSquare server. Separate each resource extension with “,” operator. All the content types added to this list are not processed by ShieldSquare module.StringYes
ss_captcha_enabledThis parameter is used to enable ShieldSquare CAPTCHA service. In monitor mode, value of this parameter should be False.BooleanYes
ss_block_enabledThis parameter is used to enable ShieldSquare block service. In monitor mode, value of this parameter should be False.BooleanYes
support_emailSet your support e-mail ID to display in ShieldSquare CAPTCHA and block page. Default support mail is: support@shieldsquare.comStringYes
skip_qpThis parameter indicates ShieldSquare's Block/CAPTCHA Page template is used. Default value is 'False'. If you use your own CAPTCHA/Block page, ShieldSquare suggests to set this parameter value to 'True'.BooleanYes
redirect_domainIf you want to use your own domain for CAPTCHA/Block page, change the configured default domain as below. 
redirect_domain = '< Your CAPTCHA/Block domain >'

2. Integrate the API call to your code:

Add ShieldSquare middleware in your application middleware's list

Once the code is inserted, the validate request function ( highlighted in the above code) takes the userid, call type, pid as inputs to process requests. Each of the parameters of the validate request function are defined below:

UserIdSet the user-name/user-id of the logged-in visitors to shieldsquare_userid.

The value of shieldsquare_calltype determines the type of the call and can have the below values:

1 - Set the value as 1 for this parameter when the current request is of type Page Load. 
2 - Set the value as 2 for this parameter when the current request is a form submit request.
6 - Set the value as 6 for this parameter when the current request is from mobile APP.
7 - Set the value as 7 for this parameter when the current request is from feature phone.


Uniquely identifies a request.

API call returns response in json format. The response code can be found as the value of “responsecode” field returned and is of the type integer. 

Possible response codes are: 
0This indicates that the request should be allowed.This is the default response for monitor mode.
-1Indicates that the ShieldSquare service is facing issues . The request should be allowed in case this response code is received. For eg. this response code will be returned in case a timeout occurs.

3. Integrate the JS Tag to your code:

  • Go to 'Download Connectors' page and switch to 'JS Tag' tab to find your customized JS.
  • Integrate the JS in the starting of head section of web pages protected by ShieldSquare to ensure JS Tag executes immediately after the page loads. This will facilitate ShieldSquare to catch sophisticated bots. 

Verify Integration

Visit the verify integration page in the ShieldSquare Admin Portal and green check marks for "API Data - IP Details" & "API Data - Session Details" will indicate the successful integration of ShieldSquare with your website. A minimum of 5 requests have to be made from the same machine using the same browser for the check marks to appear as an indication to the status of integration. In the event of a Red check mark, it indicates that a particular step might have been executed incorrectly.

ShieldSquare Customer Onboarding team will verify and validate the configurations typically within 24 hours. This will ensure that the production site’s performance is not affected due to a wrong configuration set in the process of integration.

Move changes to Production

In order to move changes to production replace _sid parameter ( in the ss2_config file) with the Production ID. It takes about 2-3 hours for the production data to reflect in the ShieldSquare Dashboard. Refer the below snapshot:

Next Steps

Please send an email to confirming the changes moved to production. ShieldSquare support team will verify the correctness of data received by the ShieldSquare servers.

A dedicated data scientist will be assigned to your website to analyze site specific bot patterns. Any fine tuning required for bot classification rules specific to your site will be taken care of.

Within 24 hours of successful replication of changes in the production, ShieldSquare Dashboard will be released, enabling exhaustive insights on bot traffic.