Organization Dashboard

Create an organization to manage team security, get webhook notifications, and access enterprise features.

Organization

Manage your team's security

Total Scans

-

Threats Found

-

Team Members

-

This Week

-

Gateway Blocked

-

Gateway (24h)

-

Quick Link Scan

Team Members

Loading...

Webhook Notifications

Get instant notifications in your team chat when dangerous links are detected.

Slack

Send alerts to a Slack channel

Discord

Send alerts to a Discord channel

Microsoft Teams

Send alerts to a Teams channel

Firewall Policy

Set what gets blocked. Changes take effect immediately.

Risk Threshold

Block URLs with a risk score at or above this value.

50%

Recommended: 50% (medium). Lower = stricter.

Block Categories

Custom Blocked Domains

Custom Allowed Domains (Allowlist)

Activity Log

- Total
- Blocked
- Allowed

Load the Gateway tab to see activity.

Setup & Integration Guide

Everything you need to integrate the SecureLink corporate gateway into your infrastructure.

ENTERPRISE
Step 1 — Get Your Organisation API Key

Every request to the gateway must include your organisation's unique API key. You can find it in the API Key tab of this dashboard.

Treat this key like a password — rotate it immediately if it is ever exposed. The key grants access to your entire policy and audit log.

Pass the key in the request header:

X-API-Key: YOUR_ORG_API_KEY

# Alternatively, as a Bearer token:
Authorization: Bearer YOUR_ORG_API_KEY

The gateway endpoint you'll POST to:

POST https://securelinkapp.com/api/gateway/check
Step 2 — Configure Your Gateway Policy

Use the Policy panel above to control what the gateway allows and blocks. Changes take effect on the next API call — no restart needed.

Risk Threshold

URLs with a risk score above this value are blocked. Default is 0.5 (50%). Lower it for stricter security.

Block Categories

Automatically block entire threat classes: phishing, malware, ransomware, cryptojacking, and more — regardless of risk score.

Custom Block List

Paste any domains you want hard-blocked, one per line. Takes priority over the risk threshold.

Allow List

Domains you explicitly trust (e.g., internal services) — always allowed, even if flagged by threat analysis.

Step 3 — Make Your First URL Check

Send a POST request with the URL to evaluate. An optional user_id field tags the log entry with the employee who triggered the check.

curl -X POST https://securelinkapp.com/api/gateway/check \
  -H "X-API-Key: YOUR_ORG_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"url": "https://suspicious-site.com", "user_id": 42}'
import requests

GATEWAY = "https://securelinkapp.com/api/gateway/check"
API_KEY = "YOUR_ORG_API_KEY"

def check_url(url: str, user_id: int = None) -> dict:
    resp = requests.post(
        GATEWAY,
        headers={"X-API-Key": API_KEY},
        json={"url": url, "user_id": user_id},
        timeout=10,
    )
    resp.raise_for_status()
    return resp.json()

result = check_url("https://suspicious-site.com", user_id=42)
if result["verdict"] == "block":
    raise PermissionError(f"URL blocked: {result['reason']}")
const GATEWAY = "https://securelinkapp.com/api/gateway/check";
const API_KEY = "YOUR_ORG_API_KEY";

async function checkUrl(url, userId = null) {
  const res = await fetch(GATEWAY, {
    method: "POST",
    headers: {
      "X-API-Key": API_KEY,
      "Content-Type": "application/json",
    },
    body: JSON.stringify({ url, user_id: userId }),
  });
  if (!res.ok) throw new Error(`Gateway error: ${res.status}`);
  return res.json();
}

const result = await checkUrl("https://suspicious-site.com", 42);
if (result.verdict === "block") {
  throw new Error(`Blocked: ${result.reason}`);
}
<?php
$gateway = "https://securelinkapp.com/api/gateway/check";
$apiKey  = "YOUR_ORG_API_KEY";

function checkUrl(string $url, ?int $userId = null): array {
    global $gateway, $apiKey;
    $ch = curl_init($gateway);
    curl_setopt_array($ch, [
        CURLOPT_POST           => true,
        CURLOPT_RETURNTRANSFER => true,
        CURLOPT_HTTPHEADER     => [
            "X-API-Key: $apiKey",
            "Content-Type: application/json",
        ],
        CURLOPT_POSTFIELDS => json_encode(['url' => $url, 'user_id' => $userId]),
    ]);
    $body = curl_exec($ch);
    curl_close($ch);
    return json_decode($body, true);
}

$result = checkUrl("https://suspicious-site.com", 42);
if ($result['verdict'] === 'block') {
    throw new RuntimeException("URL blocked: " . $result['reason']);
}
?>
Step 4 — Handle the Response

The gateway always returns JSON. Branch on verdict to allow or deny the request in your own application.

{
  "verdict":    "block",           // "allow" or "block"
  "reason":     "Risk score 0.85 exceeds threshold 0.50",
  "risk_score": 0.85,              // 0.0 (safe) → 1.0 (critical)
  "risk_level": "high",            // "safe" | "low" | "medium" | "high" | "critical"
  "threats":    ["phishing"],      // list of detected threat categories
  "warnings":   [],                // non-blocking advisory warnings
  "log_id":     1042,              // audit log entry ID (null if logging disabled)
  "org_id":     7                  // your organisation ID
}

verdict: "allow"

URL is safe under your policy. Let the user proceed.

verdict: "block"

URL violated your policy. Block the request and surface reason to the user.

The gateway is synchronous and typically responds in under 800 ms. Set a client timeout of at least 5 s to account for slow DNS lookups on unusual domains.
Step 5 — Monitor Activity

Every URL check is logged in the Activity Log panel above (when logging is enabled in your policy). Use it to:

  • Review which domains are being blocked and why
  • Correlate block events with employee IDs to spot suspicious behaviour
  • Audit access before a security incident for forensic purposes
  • Tune your risk threshold — if too many legitimate URLs are blocked, increase the value; lower it for stricter control

You can also receive real-time alerts via Webhooks (Slack, Discord, Teams) whenever a URL is blocked — configure them in the Webhooks tab.

Webhook alerts fire only on block verdicts, keeping your inbox clean while ensuring immediate notification of threats.
Troubleshooting
HTTP StatusErrorFix
401 API key required / Invalid API key Check the X-API-Key header is present and matches the key shown in the API Key tab.
403 Gateway requires an active Enterprise subscription The organisation owner's account must have an active Enterprise plan. Visit Pricing to upgrade.
403 Enterprise subscription has expired Renew the Enterprise subscription on the billing page to restore gateway access.
400 url is required / URL too long Ensure the JSON body contains a valid url field (max 2048 chars).
429 Rate limit exceeded The endpoint allows 120 requests per minute per IP. Add caching in your integration or throttle request frequency.
5xx Server error Retry with exponential back-off. If the error persists, check the SecureLink status page or contact support.

API Access

Use the API key to integrate SecureLink into your applications.

••••••••••••••••••••••••••••••••

API Usage Example

curl -X POST https://securelink.com/api/org/{org_id}/verify \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"url": "https://example.com"}'

No License Plan Active

Purchase named-user seats to assign Pro or Enterprise access to your team members.

Enterprise  License Plan

 ·  Expires

Seats Used 0 / 0

Assign Seat

Assigned Seats

Email Name Status Assigned
No seats assigned yet.

Purchase Seats

Create Organization

Invite Team Member