Arcjet is a security layer that runs inside your application code, deciding in real time whether to allow or deny each request based on rate limits, bot signals, and threat intelligence. Connecting Arcjet to clariBI turns those allow and deny decisions into traffic and abuse dashboards next to the rest of your business data.
Why connect Arcjet
Security decisions happen request by request and the totals stay buried in the Arcjet dashboard, away from the traffic and signup numbers an attack actually distorts.
With Arcjet connected, you can ask "How many requests did we deny for rate limiting this week?", "Which paths and IPs trigger the most bot detections?", or "Did denial rates spike before the signup drop?" and the AI engine reads it live.
How the connection works
clariBI talks to Arcjet through its hosted MCP server at https://api.arcjet.com/mcp. Authentication uses an OAuth flow that clariBI registers itself for (no developer console setup on your side). Tokens stay encrypted server-side and never leave clariBI in clear form.
sequenceDiagram
actor U as You
participant C as clariBI
participant V as Arcjet
U->>C: Click Authorize with Arcjet
C->>V: Open OAuth authorization
V-->>U: Grant read access?
U->>V: Approve
V-->>C: Authorization code
C->>V: Exchange code for tokens
V-->>C: Access + refresh tokens
C->>C: Encrypt and store credentials
C-->>U: Connection ready
Available tools
clariBI exposes the read-only Arcjet tools that the vendor's MCP server publishes at connection time. Write operations (create, update, delete, send, refund) are filtered out by a name-pattern blocklist before any tool reaches the analysis engine, so connecting Arcjet cannot modify data on the vendor side.
The exact tool inventory depends on the Arcjet features your account has access to. After connecting, try a few natural-language questions to see what Arcjet data clariBI can pull.
Data flow during analysis
When you ask a question that maps to Arcjet, the AI engine routes to the right tool, reads the result, and pairs the answer with a chart you can pin to a dashboard.
sequenceDiagram
actor U as You
participant C as clariBI
participant AI as AI engine
participant V as Arcjet
U->>C: Ask a question about application-security decision data
C->>AI: Plan the analysis
AI->>V: Call the right tool
V-->>AI: Tool result
AI->>AI: Summarize and chart
C-->>U: Answer plus visual
Setting up the connection
- Open Data Sources in the clariBI sidebar.
- Click Add data source.
- Open the MCP Servers tab.
- Click the Arcjet card.
- Click Authorize with Arcjet.
- Sign in to Arcjet in the popup window and grant the requested read scopes.
- Back in clariBI, give your data source a name.
- Click Finish.
Permissions and data access
clariBI connects through Arcjet's OAuth flow and inherits the connected user's site and project access. The catalog exposes read tools only (reading request decisions, denial counts, bot detections, top paths and IPs, and quota usage); clariBI never changes a rule or quota. Disconnect anytime from Settings → Integrations in clariBI.
Troubleshooting
| Error | Cause | Fix |
|---|---|---|
| "No decisions returned" | The connected user is scoped to a different Arcjet site, or no traffic reached the protected app in the window. | Confirm the site in Arcjet and that your user can see it, then widen the time range. |
| "Denial counts look low" | Arcjet only records a decision when a request hits a rule; routes without Arcjet protection produce no data. | Check which routes call Arcjet in your code, and confirm the rules are in live mode rather than dry-run. |