https://github.com/arcjet/example-nextjs-form

An example Next.js form + API route protected by Arcjet bot detection, rate limiting, and Shield WAF.
https://github.com/arcjet/example-nextjs-form

arcjet bot-detection developer-tools javascript nextjs nodejs rate-limiting react-hook-form security security-tools typescript

Last synced: 3 months ago
JSON representation

An example Next.js form + API route protected by Arcjet bot detection, rate limiting, and Shield WAF.

• Host: GitHub
• URL: https://github.com/arcjet/example-nextjs-form
• Owner: arcjet
• License: apache-2.0
• Created: 2025-05-18T06:34:32.000Z (8 months ago)
• Default Branch: main
• Last Pushed: 2025-10-07T16:57:44.000Z (3 months ago)
• Last Synced: 2025-10-07T18:43:01.337Z (3 months ago)
• Topics: arcjet, bot-detection, developer-tools, javascript, nextjs, nodejs, rate-limiting, react-hook-form, security, security-tools, typescript
• Language: CSS
• Homepage:
• Size: 277 KB
• Stars: 0
• Watchers: 4
• Forks: 0
• Open Issues: 1
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          



  

    

    

  



# Arcjet example: Next.js form

[Arcjet](https://arcjet.com) helps developers protect their apps in just a few

lines of code. Bot detection. Rate limiting. Email validation. Attack

protection. Data redaction. A developer-first approach to security.

This is an example Next.js application demonstrating how to protect a Next.js

form which uses an API route. It also uses [Arcjet

Nosecone](https://docs.arcjet.com/nosecone/quick-start) to configure security

headers in middleware.

## Features

- [Bot protection](https://docs.arcjet.com/bot-protection/quick-start) shows how

  the form can be protected from automated clients.

- [Rate limiting](https://docs.arcjet.com/rate-limiting/quick-start) shows a

  rate limit configuration that limits the number of requests from a single IP.

- [Attack protection](https://docs.arcjet.com/shield/quick-start) demonstrates

  Arcjet Shield, which detects suspicious behavior, such as SQL injection and

  cross-site scripting attacks.

## Run locally

1. [Register for a free Arcjet account](https://app.arcjet.com).

2. Install dependencies:

```bash

npm ci

```

3. Rename `.env.local.example` to `.env.local` and add your Arcjet key.

4. Start the dev server

```bash

npm run dev

```

5. Open [http://localhost:3000](http://localhost:3000) in your browser.

## Need help?

Check out [the docs](https://docs.arcjet.com/), [contact

support](https://docs.arcjet.com/support), or [join our Discord

server](https://arcjet.com/discord).

## Contributing

All development for Arcjet examples is done in the

[`arcjet/examples` repository](https://github.com/arcjet/examples).

You are welcome to open an issue here or in

[`arcjet/examples`](https://github.com/arcjet/examples/issues) directly.

However, please direct all pull requests to

[`arcjet/examples`](https://github.com/arcjet/examples/pulls). Take a look at

our

[contributing guide](https://github.com/arcjet/examples/blob/main/CONTRIBUTING.md)

for more information.