The Spam Shield documentation covers how to manage your account and protect your sites from unwanted junk messages.
Managing your licence
Before you can use your Spam Shield licence, be sure to validate your email address. Your licence will not be active until you’ve completed this step.

If you’ve not received your email validation link, check your Spam/Junk folder. If it’s not there, either resend the link from your Spam Shield account page, or raise a support ticket and we’ll get you up-and-running.
Restricting your API key to domains
By default, all you need in order to use Spam Shield is an API key. You can secure your key by restricting which domains are allowed to use it. In your Spam Shield account area, enable the restrictions with the toggle switch, then add your domain name(s) to the list.

It doesn’t matter if you include the “www.” prefix, or if you leave it out. So if your website is www.example.org, you can add either “example.org” or “www.example.org” to the list. You don’t need both.
If you enable domain-level restrictions on your account, and you’re calling the API from your own projects, make sure you add the X-Caller HTTP header. Info and examples in the Spam Shield API documentation.