API Overview
You can interact with the Guard API through HTTP requests to the available endpoints in any programming language. It is versioned via a URL path parameter, and the current version is v2.
Available Endpoints
Working with the Guard API is as simple as making an HTTP request to any of the endpoints below:
/guard- Request screening for text contents and receive a flagged response if any threats are detected/guard/results- Request detailed results of detectors in order to understand Check Point AI Guardrails decisions and analyze policy suitability
The guard endpoint screens agent interactions as well as user and LLM messages. Prompt attacks arriving through tool responses and tool descriptions, data leakage in tool calls, off-task tool use, and calls to denied tools are all screened according to your policy. See Agent and Tool Integration and Agent Behavior Defense.
Additionally Enterprise SaaS customers can use the following Platform API endpoints to manage their security configuration:
/policies- Create and manage AI Guardrails policies via API/projects- Create and manage AI Guardrails projects via API
Additionally self-hosting customers can use the following endpoints to check their AI Guardrails container deployment:
/policies/health- Check the validity of the policy for a project/policies/lint- Check a policy file is valid/startupz- Implement a startup probe for your K8s deployment/readyz- Implement a readiness probe for your K8s deployment/livez- Implement a liveness probe for your K8s deployment
More details about each endpoint and any additional request or response parameters are available in the documentation for each endpoint linked above.
Authentication
Self-hosted deployments of the Guard API do not use authorization so do not need API keys.
The public Guard SaaS API uses API keys to authenticate requests. You can view and manage your API keys in the API access section of the AI Guardrails Dashboard.
Every API request must include your API key in the Authorization HTTP header:
API keys are considered secrets. Do not share them with other users or expose them in client-side code.
Making Requests
You can make requests to the Guard API using any HTTP client.
Python
JavaScript
cURL
HTTPie
Other
SaaS API Regions
The Guard SaaS API is available in multiple regions around the world. By default, requests to https://api.lakera.ai are sent to the region closest to you.
You can also use a region-specific subdomain:
https://us.api.lakera.ai(US multi-region)https://us-east-1.api.lakera.ai(North Virginia, USA)https://us-west-2.api.lakera.ai(Oregon, USA)https://eu-west-1.api.lakera.ai(Ireland, EU)https://ap-southeast-1.api.lakera.ai(Singapore, Asia)
You can also configure where your logs are stored and restrict which regions are allowed to process requests. See Data Regions for details.
Changing the region will affect the latency of your requests. If you’re unsure which region to choose, we recommend using https://api.lakera.ai.
API Responses
The API response will be a JSON object. See the individual endpoint documentation for details.
Developer Info
For relevant endpoints, you can request developer info to use in debugging by adding "dev_info": true to the request. The response will then include a JSON object with information about the build of AI Guardrails that generated the response containing the following properties:
git_revision: First 8 characters of the commit hash of the build of AI Guardrails that sent the responsegit_timestamp: Timestamp of the commit in the ISO 8601 formatmodel_version: The model identifier string of the model type used for analysis. It is currently alwayslakera-guard-1, but new types of models may be introduced in the futureversion: The semantic version of AI Guardrails used. This tracks both code and detector model training updates