> ## Documentation Index
> Fetch the complete documentation index at: https://connect-docs.supertab.co/llms.txt
> Use this file to discover all available pages before exploring further.

# Deploy at the Edge

> Serve your RSL license and enforce CAP at the CDN edge using the Supertab Connect SDK.

This guide walks you through the two things every CDN deployment needs:
serving your RSL license at your domain,
and enforcing the Crawler Authentication Protocol (CAP) to protect your content from unlicensed crawlers.

This is a general guide. Specific guidance for each CDN is available:

<CardGroup cols={2}>
  <Card title="Fastly" icon="server" href="/reference/fastly/connect-on-fastly">
    VCL and Compute, including service chaining.
  </Card>

  <Card title="CloudFront" icon="server" href="/reference/cloudfront">
    CloudFront Functions, Lambda\@Edge, and Terraform.
  </Card>

  <Card title="Cloudflare" icon="server" href="/reference/cloudflare">
    Workers for RSL and CAP enforcement.
  </Card>

  <Card title="Other CDNs" icon="server" href="/reference/others">
    Generic patterns for any platform.
  </Card>
</CardGroup>

## Before You Start

You need:

* A **Supertab Connect merchant account** – [contact sales to sign up](https://www.supertab.co/contact)
* A **Website** registered in the Supertab Connect dashboard with your domain's base URL
* Your **Website URN** — found in your Website settings, e.g `urn:stc:merchant:system:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx`
* A **Merchant API key** — generated under Website Details → API Keys in the dashboard
* Access to your **CDN configuration** for the domain you want to protect

***

## Part 1: Serve Your RSL License

Your RSL license needs to be accessible at `https://yourdomain.com/license.xml`. Supertab Connect hosts the license content — your CDN proxies the request to our origin and rewrites the URL so it stays on your domain.

**1. Add Supertab Connect as an Origin**

Add `api-connect.supertab.co` as an origin (sometimes called a backend, upstream, or host) with HTTPS on port 443.

**2. Add routing for `/license.xml`**

Create a rule, behavior, or condition that matches requests to `/license.xml` exactly and directs them to the Supertab Connect origin.

**3. Add a URL rewrite**

Before the request reaches the origin, rewrite the path to include your Website URN:

```
/license.xml  →  /merchants/systems/YOUR_WEBSITE_URN/license.xml
```

e.g in a JS based runtime

```javascript theme={null}
if (request.path === "/license.xml") {
  request.path = "/merchants/systems/YOUR_WEBSITE_URN/license.xml";
}
```

<Note>
  Your CDN must send `Host: api-connect.supertab.co` to the origin — not your own domain. If you see 502 errors, check the host header override setting.
</Note>

**Verify it works:** visit `https://yourdomain.com/license.xml` in your browser and confirm you see your RSL license XML.

***

## Part 2: Run the Supertab Connect SDK

The SDK validates the `Authorization: License <token>` header on crawler requests. You deploy it as an edge worker or function that runs before your origin.

### Install the SDK

```bash theme={null}
npm install @getsupertab/supertab-connect-sdk
```

### Wire the request handler

Instantiate `SupertabConnect` once (it's a singleton) and call `handleRequest` on each incoming request. The SDK handles bot detection, token extraction, JWT verification, enforcement, and analytics recording. You act on the result:

```javascript highlight={4, 14} theme={null}
import { SupertabConnect, EnforcementMode, HandlerAction } from "@getsupertab/supertab-connect-sdk";

const connect = new SupertabConnect({
  apiKey: YOUR_API_KEY, // best practice is to retrieve the key from your CDNs secret store.
  enforcement: EnforcementMode.SOFT,
  botDetector: (request) => {
    // optional — extend or replace the built-in UA heuristics
    const ua = request.headers.get("User-Agent") || "";
    return ua.includes("MyBot");
  },
});

// In your request handler:
const result = await connect.handleRequest(request);

if (result.action === HandlerAction.BLOCK) {
  return new Response(result.body, {
    status: result.status,
    headers: result.headers,
  });
}

// ALLOW — forward to origin
return fetch(request);
```

### Configure the essentials

**API key** — Your Merchant API key from the Supertab Connect dashboard, stored as a secret in your CDN's secret management system. Never hardcode it.

**Bot detection** — The SDK includes built-in user-agent heuristics to identify crawler traffic. You can extend or override them by passing a `botDetector` function with your own signals:

<CodeGroup>
  ```javascript Custom Bot Detection focus={1-4, 9} theme={null}
  const isBot = (request) => {
    const ua = request.headers.get("User-Agent") || "";
    return ua.includes("MyCustomBot") || ua.includes("Scraper");
  };

  const connect = new SupertabConnect({
    apiKey: YOUR_API_KEY,
    enforcement: EnforcementMode.SOFT,
    botDetector: isBot
  });
  ```

  ```javascript Common UA Detection focus={1, 6} theme={null}
  import { defaultBotDetector } from "@getsupertab/supertab-connect-sdk";

  const connect = new SupertabConnect({
    apiKey: YOUR_API_KEY,
    enforcement: EnforcementMode.SOFT,
    botDetector: defaultBotDetector
  });
  ```
</CodeGroup>

**Enforcement mode** — Start with `SOFT` (the default), which allows all traffic through but logs validation events. This lets you observe which requests would be blocked before enabling hard enforcement. Switch to `STRICT` once you are confident in your bot detection:

```javascript theme={null}
import { EnforcementMode } from "@getsupertab/supertab-connect-sdk";

// DISABLED: no enforcement, signaling, or analytics — use during initial integration
// SOFT (default): allow all traffic, log events, attach licensing headers
// STRICT: block bots without a valid license token with a 401
```

<Warning>
  Deploy in SOFT mode first. If your bot detection is too broad, STRICT enforcement could block legitimate human visitors. Review your traffic patterns before switching.
</Warning>

***

## Part 3: Update robots.txt

Add a `License:` directive to your `robots.txt` so crawlers can discover your license:

```txt theme={null}
License: https://yourdomain.com/license.xml
```

The URL must be fully qualified. Place it at the top of the file, before any `User-agent:` directives.

**Example:**

```txt theme={null}
License: https://yourdomain.com/license.xml

User-agent: *
Allow: /

Sitemap: https://yourdomain.com/sitemap.xml
```

***

## Cache Invalidation

Your CDN will cache the license response. If you update your license and need the change reflected immediately, purge `https://yourdomain.com/license.xml` from your CDN's cache.

***

## CDN-Specific Guides

Each reference page covers the full setup for that platform — origins, behaviors, functions, Terraform configs, and SDK integration patterns.

<CardGroup cols={2}>
  <Card title="Fastly" icon="server" href="/reference/fastly/connect-on-fastly">
    VCL and Compute service options, including VCL-to-Compute service chaining.
  </Card>

  <Card title="CloudFront" icon="server" href="/reference/cloudfront">
    CloudFront Functions for RSL, Lambda\@Edge for CAP, with a Terraform alternative.
  </Card>

  <Card title="Cloudflare" icon="server" href="/reference/cloudflare">
    Worker-based RSL proxy and SDK Worker for CAP enforcement.
  </Card>

  <Card title="Other CDNs" icon="server" href="/reference/others">
    Generic patterns for any CDN not listed above.
  </Card>
</CardGroup>
