NestJS Spam Protection API
One Guard. Every Controller. Spam Gone.
NestJS gives you Guards, Interceptors, and dependency injection. But it gives you zero spam protection. ActiveLayer is a server-side API that returns spam verdicts in milliseconds. Inject it as a service, apply it as a Guard, and protect every endpoint in your application without a single CAPTCHA or client-side script.
✓ Millisecond response times
✓ 99.5%+ accuracy
✓ Full TypeScript types included
✓ 1,000 checks free every month
Built by the same team whose software is trusted by 30,000,000+ websites worldwide.
Everything You Need to Stop Spam in NestJS
No unmaintained packages. No CAPTCHA widgets. One API that works with Guards, Interceptors, decorators, and modules.
NestJS Guard Integration
Implement `CanActivate` with a single injectable Guard. Apply it to any controller or route with `@UseGuards()`. Spam requests never reach your handler.
Interceptor Support
Prefer to log spam instead of blocking it? Use a NestJS Interceptor to inspect verdicts after your handler runs. Full control over how you handle spam.
Custom @SpamCheck Decorator
Build a clean `@SpamCheck()` decorator that combines the Guard with parameter extraction. One decorator on your method. Zero boilerplate in your controllers.
Module Registration
Register ActiveLayer as a `DynamicModule` with `forRoot()` and `forRootAsync()`. Inject configuration through NestJS’s standard config system.
Full TypeScript Types
Every API response is fully typed. Confidence scores, detection signals, and verdicts all come with proper interfaces. No `any` types. No guessing.
GraphQL Resolver Support
Protect your GraphQL mutations the same way you protect REST endpoints. The Guard reads from `GqlExecutionContext` and works with Apollo and Mercurius.
Millisecond Response
Spam verdicts return faster than your database queries. Your API stays fast. Your users never notice the check happening behind the scenes.
Dependency Injection Native
ActiveLayer’s service registers as a standard NestJS provider. Inject it anywhere. Mock it in tests. Swap implementations per environment.
Microservices Compatible
Works with NestJS microservice transports including TCP, Redis, NATS, and Kafka. Protect messages and events, not just HTTP requests.
Three Steps. One Guard. Spam Solved.
From signup to spam-free in under five minutes.
1
Get Your API Key and Register the Module
Create a free ActiveLayer account. Copy your API key from the dashboard. Register the service in your NestJS module using standard dependency injection.
2
Create the Guard
Build a `SpamGuard` that implements `CanActivate`. It injects the `HttpService`, calls the ActiveLayer API, and blocks spam before your handler runs.
3
Apply the Guard to Any Controller
Use `@UseGuards(SpamGuard)` on a single route, an entire controller, or globally. Every protected endpoint gets spam verdicts in milliseconds. You can also create a custom decorator for even cleaner syntax.
Why NestJS Developers Choose ActiveLayer
Spam protection that fits the patterns you already use.
Guards. Interceptors. Modules. Dependency Injection. All Native.
Most spam solutions ignore your architecture entirely — ActiveLayer doesn’t. It works as a proper NestJS Guard implementing `CanActivate`, registers as a module with `forRoot()` configuration, and injects through the standard DI container. Mock it in your test suite with `overrideGuard()`, swap it per environment with custom providers, and use your framework the way it was designed to be used. Your codebase stays clean, testable, and idiomatic.
No `any` Types. No Runtime Surprises. Full IntelliSense.
ActiveLayer’s API returns a consistent JSON schema with typed fields for spam verdict, confidence score, and detection signals. Define an interface once and get full IntelliSense across your entire codebase — your Guards, Interceptors, and custom decorators all know exactly what the API returns. No `as any` casts, no guessing at response shapes, no runtime errors from unexpected fields.
REST Endpoints and GraphQL Resolvers. One Guard Handles Both.
Spam protection for GraphQL mutations is almost nonexistent — ActiveLayer fills that gap. Switch from `context.switchToHttp()` to `GqlExecutionContext.create(context)` and your Guard protects mutations the same way it protects REST routes. Contact forms, comment submissions, and user registrations all get checked the same way whether they come through a POST endpoint or a GraphQL mutation. One Guard. Two protocols. Complete coverage.
Rate Limiting Counts Requests. ActiveLayer Reads Them.
`@nestjs/throttler` limits request volume per IP but cannot tell a legitimate message from spam — a bot sending one well-crafted submission per minute sails right through. ActiveLayer analyzes what’s inside the request: content patterns, email reputation, IP signals, and behavioral markers. Use both together: let Throttler handle volume abuse and let ActiveLayer handle content-based spam. Your NestJS app gets complete protection with two Guards and zero CAPTCHAs.
Frequently Asked Questions
Common questions about using ActiveLayer with NestJS.
Use a Guard when you want to block spam before your handler runs. The Guard implements `CanActivate` and throws an exception for spam, so your controller method never executes. Use an Interceptor when you want to log or flag spam without blocking it. The Interceptor runs after your handler and can modify the response or trigger side effects based on the verdict. For most use cases, a Guard is the right choice.
Use the same Guard pattern but switch the execution context. Instead of `context.switchToHttp().getRequest()`, use `GqlExecutionContext.create(context).getArgs()` to access the mutation arguments. Apply `@UseGuards(SpamGuard)` to your resolver method the same way you would a REST endpoint. The API call and spam check logic are identical.
Yes. For HTTP-based microservices, the Guard pattern works exactly as described. For message-based transports like TCP, Redis, NATS, or Kafka, use an Interceptor or call the ActiveLayer service directly in your message handler. The API is a standard REST call, so it works from any context where you can make an HTTP request.
NestJS’s testing module makes this straightforward. Use `overrideGuard(SpamGuard).useValue({ canActivate: () => true })` in your test module to bypass spam checking in unit tests. For integration tests, mock the `HttpService` to return controlled responses. You can test both spam and non-spam paths without making real API calls.
ActiveLayer registers as a standard NestJS module. The `SpamGuard` and `ActiveLayerService` are injectable providers. You can use `@Global()` to make them available across your entire application or import the module only where you need it. Configuration flows through `ConfigService` and environment variables, following NestJS conventions.
Yes. Use `applyDecorators()` from `@nestjs/common` to combine `@UseGuards(SpamGuard)` into a clean `@SpamCheck()` decorator. Apply it to any controller method or class. This keeps your controllers clean and makes your spam protection self-documenting. You can extend the decorator to accept options like custom error messages or confidence thresholds.
ActiveLayer returns verdicts in single-digit milliseconds. That is typically faster than a database query through TypeORM or Prisma. The async/await pattern ensures your NestJS event loop stays unblocked. For additional safety, set a timeout using `HttpService` configuration so your endpoint always responds quickly, even if the API is slow.
Yes. 1,000 spam checks per month. No credit card required. Full API access with no feature restrictions. When you need more, upgrade to Pro at $19/month for 25,000 checks.