KRIOSA - API Security Documentation | Enterprise Protection

Enterprise-Grade Security

Documentation

Protect your applications from SQL injection, XSS, and 25+ attack vectors in 30 seconds. No complex setup. No dependencies.

Zero Config

Install & Protect

25+

Attack Vectors

30s

Setup Time

24/7

Support

Get Started View Pricing Get Your API Key

Installation

Choose the method that fits your workflow — all take less than 60 seconds

Manual Installation

Perfect for shared hosting, cPanel, or when you prefer full control.

1 Download kriosa.php

2 Upload to your project root via FTP/cPanel

Add to your index.php or bootstrap file

Download kriosa.php

Quick Code Integration

Add these 2 lines to your entry point file.

<?php
// Add this to your index.php or front controller 


/**
 * Kriosa Security Middleware
 * 
 * Protect your application by analyzing every incoming request.
 * Must be placed at the VERY TOP of your entry file (index.php)
 */

require_once __DIR__ . '/kriosa.php';

$apiKey = getenv('KRIOSA_API_KEY') ?: 'YOUR_API_KEY_HERE';

try {
    $kriosa = new Kriosa($apiKey, [
        'timeout' => 3,          // API request timeout (seconds)
        'debug' => false,        // Enable debug logging
        'fail_closed' => false   // Block requests if Kriosa is unreachable
    ]);

    if (!$kriosa->protect()) {
        header('X-Kriosa-Blocked: true');
        http_response_code(403);
         exit('Access Denied');
    }
} catch (Exception $e) {
    error_log('Kriosa Security Error: ' . $e->getMessage());
}

// Your application continues safely...

// Your application continues safely here...

Direct URL Include — Zero File Upload

Just one line of code — perfect for testing or quick prototypes.

<?php
// Add this single line to your index.php 

require_once 'https://kriosa.com/kriosa.php';

// Define your API key in .env or directly: 

define('KRIOSA_API_KEY', 'sk_your_api_key_here');

The file caches itself locally after the first request for optimal performance.

Why Choose KRIOSA?

Simple integration, powerful protection — built for developers by developers

30 Second Install

One file. One API key. One include. No configuration files, no database setup, no friction.

25+ Attack Vectors

SQL injection, XSS, command injection, path traversal, LDAP, NoSQL, SSRF, XXE, deserialization, CSRF, IDOR, and more.

AI-Powered Detection

Machine learning models trained on real threat intelligence detect zero-day attacks traditional WAFs miss.

Lightning Fast

Average response time under 250ms. Your users won't notice the protection, but attackers will.

Works Anywhere

Shared hosting, VPS, dedicated servers, even localhost. Anywhere PHP 5.6+ runs, Kriosa works.

24/7 Expert Support

Email, WhatsApp, and ticket system. Our security engineers are here when you need them.

Complete Protection

Every attack vector we detect and block in real-time

Injection Attacks

SQL Injection
NoSQL Injection
LDAP Injection
Command Injection
Code Injection

Cross-Site Attacks

XSS (Reflected/Stored/DOM)
CSRF
IDOR
Open Redirect

Server-Side Attacks

SSRF
XXE
Path Traversal
Deserialization

Additional Protections

Rate Limiting
Brute Force Protection
Malicious Bot Detection
Suspicious Pattern Matching

Machine learning models continuously improve detection accuracy with every request — learning from real attack patterns.

Start Free, Scale as You Grow

No hidden fees, no surprise bills. Pay only for what you need — upgrade or downgrade anytime.

Free 10k requests/month

Pro 100k + priority support

Enterprise Unlimited + SLA

Compare Plans Click anywhere for details

API Reference

Simple, RESTful API for seamless integration

POST

/v1/protect

Request

{
    "user_id": 123,
    "tenant_id": "tenant_abc",
    "ip_address": "192.168.1.100",
    "user_agent": "Mozilla/5.0...",
    "method": "POST",
    "resource": "/api/users",
    "payload": {"username": "john"},
    "query_params": {"page": 1}
}

Allowed Response

{
    "allowed": true,
    "request_id": "req_abc123xyz",
    "processing_time_ms": 45,
    "score": 12
}

Blocked Response

{
    "allowed": false,
    "attack_type": "sql_injection",
    "threat_score": 95,
    "request_id": "req_def456uvw",
    "details": "Malicious pattern detected in 'username' field"
}

Frequently Asked Questions

Everything you need to know about KRIOSA

Do I need Composer or any dependencies?

No! Just download <code>kriosa.php</code> and include it in your project. That's it. No Composer, no npm, no external libraries — pure PHP that works everywhere.

Will it slow down my website?

No. Our average response time is under 250ms, and all processing happens asynchronously. Your users won't notice any difference, but attackers will be blocked instantly.

Does it work on shared hosting?

Absolutely! Kriosa works anywhere PHP runs (5.6+). No special extensions, no root access required — perfect for shared hosting, cPanel, and managed WordPress hosting.

How accurate is the AI detection?

Our ML models achieve 99.9% detection rate with less than 0.01% false positives. Models are continuously retrained on real attack data from CISA KEV, OWASP, and our global threat intelligence network.

Can I use Kriosa with WordPress/Laravel/Symfony?

Yes! We have dedicated plugins and integration guides for WordPress, Laravel, Symfony, CodeIgniter, Yii2, CakePHP, and any PHP framework. Check the Installation section for framework-specific instructions.

What if a legitimate request is blocked (false positive)?

Every block includes an <code>attack_type</code> and <code>request_id</code> for debugging. You can whitelist specific patterns from your dashboard, adjust security sensitivity, or report false positives to our team for model improvement.

Is there a free tier?

Yes! The free tier includes 10,000 requests per month — perfect for small projects, testing, or development environments. No credit card required to start.

Need Help? We're Here 24/7

Our security engineers are ready to assist you with integration, configuration, or any questions.

support@kriosa.com WhatsApp Documentation System Status GitHub