Skip to main content
If your CDN is not Fastly, CloudFront, or Cloudflare, use the generic SDK API to build your own integration. The Deploy in Your CDN guide covers the general pattern for RSL license serving — adding an origin, routing /license.xml, and rewriting the URL. This page focuses on CAP enforcement using the SDK directly.

SDK Setup

npm install @getsupertab/supertab-connect-sdk

import { SupertabConnect } from "@getsupertab/supertab-connect-sdk";

const supertab = new SupertabConnect({
  apiKey: "YOUR_MERCHANT_API_KEY",
});
Bot detection is configured at construction time. Pass a botDetector function to extend or override the built-in user-agent heuristics: 
const supertab = new SupertabConnect({
  apiKey: "YOUR_MERCHANT_API_KEY",
  botDetector: (request) => {
    const ua = request.headers.get("User-Agent") || "";
    // Add your CDN-specific signals or custom logic here
    return ua.includes("MyBot");
  },
});
The handleRequest method handles the full lifecycle — bot detection, token extraction, verification, enforcement, and analytics recording — in one call. Pass an optional ExecutionContext if your runtime supports background tasks. 
async function handler(request, ctx) {
  return supertab.handleRequest(request, ctx);
}

Option B: Manual Verification

For fine-grained control over responses or custom routing, use verifyAndRecord directly: 
async function handler(request) {
  // Extract the license token
  const auth = request.headers.get("Authorization") || "";
  const token = auth.startsWith("License ") ? auth.slice(8) : "";

  const LICENSE_URL = "https://yourdomain.com/license.xml";

  if (!token) {
    return new Response("License token required", {
      status: 401,
      headers: {
        "WWW-Authenticate": `License error="invalid_request"`,
        Link: `<${LICENSE_URL}>; rel="license"; type="application/rsl+xml"`,
      },
    });
  }

  const result = await supertab.verifyAndRecord({
    token,
    resourceUrl: request.url,
    userAgent: request.headers.get("User-Agent"),
  });

  if (!result.valid) {
    return new Response(`Access denied: ${result.error}`, {
      status: 401,
      headers: {
        "WWW-Authenticate": `License error="${result.reason}"`,
        Link: `<${LICENSE_URL}>; rel="license"; type="application/rsl+xml"`,
      },
    });
  }

  return fetch(request);
}
The WWW-Authenticate and Link headers in the 401 responses follow the CAP specification and tell the crawler where to obtain a license.

Deploy in Your CDN

General deployment guide covering RSL serving, CAP, and robots.txt.

SDK Overview

Full API reference for all SDK methods across languages.