AI Guardian
AI Guardian/Documentation

API Reference

All endpoints are REST. The base URL is http://localhost:8000 (or http://localhost:8000 for local development).

Authentication

AI Guardian uses two authentication mechanisms:

  • API Keyfor proxy requests. Pass as Authorization: Bearer aig_.... API keys are tenant-scoped and start with aig_.
  • JWT Tokenfor dashboard API endpoints. Obtain via POST /api/v1/admin/login. Pass as Authorization: Bearer <jwt>.

Get JWT Token

curl -X POST http://localhost:8000/api/v1/admin/login \
  -H "Content-Type: application/json" \
  -d '{"email": "admin@example.com", "password": "yourpassword"}'

Response:

{"access_token": "eyJ...", "token_type": "bearer"}

Proxy

POST/api/v1/proxy/chat/completionsAuth: API Key

OpenAI-compatible Chat Completions endpoint. Send requests in the exact same format as the OpenAI API. AI Guardian filters the request, routes it, and returns either the LLM response or an error.

curl -X POST http://localhost:8000/api/v1/proxy/chat/completions \
  -H "Authorization: Bearer aig_YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "model": "gpt-4o",
    "messages": [{"role": "user", "content": "Hello!"}]
  }'

Responses

StatusMeaningBody
200Safe — forwarded to LLMOpenAI completion response
202Queued for review{ "error": { "code": "queued_for_review", "review_item_id": "..." } }
403Blocked{ "error": { "code": "request_blocked", "risk_score": N } }
401Invalid API key{ "detail": "Invalid or missing API key" }

Review Queue

GET/api/v1/review/queueAuth: JWT

List review items for the current tenant. Supports ?status=pending|approved|rejected, limit, and offset query params.

GET/api/v1/review/queue/{item_id}Auth: JWT

Get a single review item with its associated request.

POST/api/v1/review/queue/{item_id}/decideAuth: JWT

Submit a decision for a review item.

{ "decision": "approve" | "reject" | "escalate", "note": "optional string" }

Audit Logs

GET/api/v1/audit/logsAuth: JWT

List audit log entries for the current tenant. Query params: event_type, severity, limit (max 500), offset. Results are ordered by created_at descending.

Admin

POST/api/v1/admin/loginAuth: None

Authenticate with email + password. Returns JWT access token.

GET/api/v1/admin/meAuth: JWT

Get the current user profile.

GET/api/v1/admin/tenants/{tenant_id}/policiesAuth: JWT

Get the active policy for a tenant.

PUT/api/v1/admin/tenants/{tenant_id}/policiesAuth: JWT

Update the active policy for a tenant.

POST/api/v1/admin/api-keysAuth: JWT

Generate a new API key for the current tenant.

Error Codes

CodeDescription
request_blockedRequest was blocked by the input or output filter
queued_for_reviewRequest is awaiting human review
no_active_policyTenant has no active policy configured
upstream_errorThe upstream LLM returned an error