Policies API
This REST API documentation outlines methods for managing policies on the Aporia Policies Catalog. It includes detailed descriptions of endpoints for creating, updating, and deleting policies, complete with example requests and responses.
Get All Policy Templates
Endpoint: GET https://guardrails.aporia.com/api/v1/policies
Headers:
Content-Type:application/jsonAuthorization:Bearer+ Your copied Aporia API key
Response Fields:
The response type is a list. each object in the list contains the following fields:
The policy type.
The policy category.
The policy default_name.
Description of the policy.
Response JSON Example:
[
{
"type": "aporia_guardrails_test",
"category": "test",
"name": "AGT Test",
"description": "Test and verify that Guardrails are activated. Activate the policy by sending the following prompt: X5O!P%@AP[4\\PZX54(P^)7CC)7}$AGT-STANDARD-GUARDRAILS-TEST-MSG!$H+H*"
},
{
"type": "competition_discussion_on_prompt",
"category": "topics",
"name": "Competition Discussion - Prompt",
"description": "Detects any user attempt to start a discussion including the competition mentioned in the policy."
},
{
"type": "competition_discussion_on_response",
"category": "topics",
"name": "Competition Discussion - Response",
"description": "Detects any response including reference to the competition mentioned in the policy."
},
{
"type": "basic_restricted_topics_on_prompt",
"category": "topics",
"name": "Restricted Topics - Prompt",
"description": "Detects any user attempt to start a discussion on the topics mentioned in the policy."
},
{
"type": "basic_restricted_topics_on_response",
"category": "topics",
"name": "Restricted Topics - Response",
"description": "Detects any response including discussion on the topics mentioned in the policy."
},
{
"type": "sql_restricted_tables",
"category": "security",
"name": "SQL - Restricted Tables",
"description": "Detects generation of SQL statements with access to specific tables that are considered sensitive. It is recommended to activate the policy and define system tables, as well as other tables with sensitive information."
},
{
"type": "sql_allowed_tables",
"category": "security",
"name": "SQL - Allowed tables",
"description": "Detects SQL operations on tables that are not within the limits we set in the policy. Any operation on, or with another table that is not listed in the policy, will trigger the action configured in the policy. Enable this policy for achieving the finest level of security for your SQL statements."
},
{
"type": "sql_read_only_access",
"category": "security",
"name": "SQL - Read-Only Access",
"description": "Detects any attempt to use SQL operations which requires more than read-only access. Activating this policy is important to avoid accidental or malicious run of dangerous SQL queries like DROP, INSERT, UPDATE and others."
},
{
"type": "sql_load_limit",
"category": "security",
"name": "SQL - Load Limit",
"description": "Detects SQL statements that are likely to cause significant system load and affect performance."
},
{
"type": "basic_allowed_topics_on_prompt",
"category": "topics",
"name": "Allowed Topics - Prompt",
"description": "Ensures the conversation adheres to specific and well-defined topics."
},
{
"type": "basic_allowed_topics_on_response",
"category": "topics",
"name": "Allowed Topics - Response",
"description": "Ensures the conversation adheres to specific and well-defined topics."
},
{
"type": "prompt_injection",
"category": "prompt_injection",
"name": "Prompt Injection",
"description": "Detects any user attempt of prompt injection or jailbreak."
},
{
"type": "rag_hallucination",
"category": "hallucinations",
"name": "RAG Hallucination",
"description": "Detects any response that carries a high risk of hallucinations, thus maintaining the integrity and factual correctness of the information."
},
{
"type": "pii_on_prompt",
"category": "security",
"name": "PII - Prompt",
"description": "Detects existence of PII in the user message, based on the configured sensitive data types. "
},
{
"type": "pii_on_response",
"category": "security",
"name": "PII - Response",
"description": "Detects potential responses containing PII, based on the configured sensitive data types. "
},
{
"type": "basic_custom_policy_on_prompt",
"category": "custom",
"name": "Custom Policy - Prompt",
"description": "Detects any user message that carries a high risk as defined in the policy configuration."
},
{
"type": "toxicity_on_prompt",
"category": "toxicity",
"name": "Toxicity - Prompt",
"description": "Detects user messages containing toxicity."
},
{
"type": "toxicity_on_response",
"category": "toxicity",
"name": "Toxicity - Response",
"description": "Detects potential responses containing toxicity."
},
{
"type": "basic_custom_policy_on_response",
"category": "custom",
"name": "Custom Policy - Response",
"description": "Detects any response that carries a high risk as defined in the policy configuration."
}
]
Get Specific Policy Template
Endpoint: GET https://guardrails.aporia.com/api/v1/policies/{template_type}
Headers:
Content-Type:application/jsonAuthorization:Bearer+ Your copied Aporia API key
Path Parameters::
The type identifier of the policy template to retrieve.
Response Fields:
The policy type.
The policy category.
The policy default name.
Description of the policy.
Response JSON Example:
{
"type": "competition_discussion_on_prompt",
"category": "topics",
"name": "Competition Discussion - Prompt",
"description": "Detects any user attempt to start a discussion including the competition mentioned in the policy."
}
Create Custom Policy
Endpoint: POST https://guardrails.aporia.com/api/v1/policies/custom_policy
Headers:
Content-Type:application/jsonAuthorization:Bearer+ Your copied Aporia API key
Request Fields:
The name of the custom policy.
Instructions that define how the policy should evaluate inputs.
Defines whether instructions trigger a violation if they evaluate to TRUE or FALSE.
Response Fields:
The custom policy type identifier.
The policy category, typically ‘custom’ for user-defined policies.
The default name for the policy template, as provided in the request.
A description of the policy based on the evaluation instructions.
Response JSON Example:
{
"type": "your_org_custom_policy_your_policy_name",
"category": "custom",
"name": "Your Custom Policy Name",
"description": "Evaluate whether specific conditions are met as per the provided instructions."
}
Edit Custom Policy
Endpoint: PUT https://guardrails.aporia.com/api/v1/policies/custom_policy/{custom_policy_type}
Headers:
Content-Type:application/jsonAuthorization:Bearer+ Your copied Aporia API key
Path Parameters:
The custom policy type identifier to update. Returned from Create Custom Policy endpoint.
Request Fields:
Updated instructions that define how the policy should evaluate inputs.
Defines whether instructions trigger a violation if they evaluate to TRUE or FALSE.
Response Fields:
The custom policy type identifier.
The policy category, typically ‘custom’ for user-defined policies.
The default name for the policy template.
Updated description of the policy based on the new evaluation instructions.
Response JSON Example:
{
"type": "your_org_custom_policy_your_policy_name",
"category": "custom",
"name": "Your Custom Policy Name",
"description": "Evaluate whether specific conditions are met as per the new instructions."
}
Delete Custom Policy
Endpoint: DELETE https://guardrails.aporia.com/api/v1/policies/custom_policy/{custom_policy_type}
Headers:
Content-Type:application/jsonAuthorization:Bearer+ Your copied Aporia API key
Path Parameters:
The custom policy type identifier to delete. Returned from Create Custom Policy endpoint.
Response:
200 OK
Create policies for multiple projects
Endpoint: PUT https://guardrails.aporia.com/api/v1/policies/
Headers:
Content-Type:application/jsonAuthorization:Bearer+ Your copied Aporia API key
Request Fields:
The project ids to create the policies in
A list of policies to create. List of policies, each Policy has the following attributes: policy_type (string), priority (int), condition (dict), action (dict).