1Quick Start
Three steps to connect your site to the FortiVox API. Replace YOUR_API_TOKEN with the token from your client dashboard.
Pick JavaScript or PHP below and copy the code block.
Get it from Client Dashboard → Privacy & Integration → API Token.
Place the <script> tag just before the closing </head> tag of every page.
Browser snippet (JavaScript)
<script> (function(){ const FORTIVOX_TOKEN = "YOUR_API_TOKEN"; fetch("https://fortivox.cloud/api/live_threats.php?token=" + FORTIVOX_TOKEN) .then(r => r.json()) .then(d => window.__fv = d); })(); </script>
Server snippet (PHP)
// Pull the last 100 security events for your account. $token = "YOUR_API_TOKEN"; $endpoint = "https://fortivox.cloud/api/client_logs.php?token=" . $token; $ch = curl_init($endpoint); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); $res = json_decode(curl_exec($ch), true); curl_close($ch); print_r($res["logs"]);
Where to paste the script
Place the <code><script></code> tag inside the <code><head></code> of every page, ideally right before the closing <code></head></code>. On WordPress, use a header-injection plugin or your theme’s <code>header.php</code>.
2DNS Configuration
To route your traffic through the FortiVox edge, replace your existing A record with the one below. Propagation usually completes within 5–30 minutes.
| Type | Host / Name | Value / Destination | TTL |
|---|---|---|---|
A | @ | 93.127.202.75 | 300 |
CNAME | www | edge.fortivox.cloud | 300 |
Optional: protect every sub-domain
If you want FortiVox to cover every sub-domain (<code>shop.</code>, <code>blog.</code>, <code>app.</code> …), add a wildcard CNAME. Skip this if your mail or third-party sub-domains must keep their own DNS.
| Type | Host / Name | Value / Destination | TTL |
|---|---|---|---|
CNAME | * | edge.fortivox.cloud | 300 |
Verify your setup
- Use a tool like <code>dig yourdomain.com</code> or dnschecker.org to confirm the A record returns <code>93.127.202.75</code>.
- Open <code>https://yourdomain.com</code> — the browser padlock confirms the SSL certificate is live on the edge.
- In your client dashboard the website status will switch to <b>PROTECTED</b> once we detect propagation (usually within minutes).
3WordPress Integration Latest Version: 1.0.0 Download Plugin (.zip) 16 KB
The official <b>FortiVox Security</b> plugin is now available for WordPress 5.6+. Install it in seconds to unlock a native dashboard widget, real-time threat alerts, and zero-config API integration — or keep using the manual snippet above for any non-WordPress stack.
Install in 3 steps
- Click <b>Download Plugin (.zip)</b> above (you must be signed in to your FortiVox account).
- In your WordPress admin go to <b>Plugins → Add New → Upload Plugin</b>, choose the file, then click <b>Install Now</b> and <b>Activate</b>.
- Open <b>Settings → FortiVox</b>, paste your API token, click <b>Test Connection</b> and save. The dashboard widget appears immediately.
Manual integration (any CMS)
- Paste the JavaScript snippet into <b>Appearance → Theme File Editor → header.php</b>, right before <code></head></code>.
- Or use a header-injection plugin (e.g. <i>Insert Headers and Footers</i>) and paste the snippet in the “Header” field.
- Elementor compatibility: the snippet runs at the browser level, it does not touch your DOM or CSS, so designs stay identical.
4Security & Privacy
A few rules to keep your API token safe and your integration compliant.
Protect your API token
- Never commit your token to a public Git repository. Store it in an environment variable on the server.
- Browser snippets expose the token by design — that is fine, the read-only endpoints accept this. Use server-side calls for any sensitive endpoint.
- Rotate the token at any time from <b>Client Dashboard → Privacy & Integration → Regenerate Token</b>. Old tokens stay valid until you revoke them.
Privacy & cookies
- The script sends no personal data — only the visitor IP, which we use for threat-intel lookups in line with our Privacy Policy.
- A FortiVox-managed first-party cookie is set only after the visitor passes a challenge (JS check / CAPTCHA). No tracking, no cross-site identifiers.
- PDPL / GDPR compliance: the public PDPL endpoints (<code>/api/pdpl_dsar.php</code>, <code>/api/pdpl_consent.php</code>) let your users exercise their data rights directly.
5Troubleshooting
Most integration issues fall into one of these buckets.
HTTP error codes
| Code | Meaning | Fix |
|---|---|---|
401 | Missing or malformed API token | Append <code>?token=…</code> to the request URL or set the <code>Authorization</code> header. |
403 | Invalid token / quota exceeded | Verify the token in your dashboard; check the plan limits page for monthly quotas. |
404 | Endpoint or resource not found | Confirm you are calling one of the documented <code>/api/*.php</code> endpoints. |
419 | CSRF token expired | POST endpoints require a fresh CSRF token; refresh the page that obtained it. |
429 | Too many requests | Back off and retry after the <code>Retry-After</code> header value (seconds). |
5xx | FortiVox upstream error | Status page: status.fortivox.cloud — or contact support if the issue persists. |
Common issues
- API connection fails: Curl the endpoint directly to rule out CORS — if curl works, allow our origin in your CSP / browser settings.
- DNS update not visible: Propagation can take up to 24 hours globally. Flush your local DNS cache (<code>ipconfig /flushdns</code> on Windows, <code>sudo dscacheutil -flushcache</code> on macOS).
- Script does not appear in HTML: Some caching plugins serve a stale copy. Clear the page cache and the CDN cache, then reload with <kbd>Ctrl+Shift+R</kbd>.