Get All Policy Templates

Endpoint: GET https://guardrails.aporia.com/api/v1/policies

Headers:

  • Content-Type: application/json
  • Authorization: Bearer + Your copied Aporia API key

Response Fields:

The response type is a list. each object in the list contains the following fields:

type
string
required

The policy type.

category
string
required

The policy category.

default_name
string
required

The policy default_name.

description
string
required

Description of the policy.

Response JSON Example:

[
    {
        "type": "aporia_guardrails_test",
        "category": "test",
        "name": "AGT Test",
        "description": "Test and verify that Guardrails are activated. Activate the policy by sending the following prompt: X5O!P%@AP[4\\PZX54(P^)7CC)7}$AGT-STANDARD-GUARDRAILS-TEST-MSG!$H+H*"
    },
    {
        "type": "competition_discussion_on_prompt",
        "category": "topics",
        "name": "Competition Discussion - Prompt",
        "description": "Detects any user attempt to start a discussion including the competition mentioned in the policy."
    },
    {
        "type": "competition_discussion_on_response",
        "category": "topics",
        "name": "Competition Discussion - Response",
        "description": "Detects any response including reference to the competition mentioned in the policy."
    },
    {
        "type": "basic_restricted_topics_on_prompt",
        "category": "topics",
        "name": "Restricted Topics - Prompt",
        "description": "Detects any user attempt to start a discussion on the topics mentioned in the policy."
    },
    {
        "type": "basic_restricted_topics_on_response",
        "category": "topics",
        "name": "Restricted Topics - Response",
        "description": "Detects any response including discussion on the topics mentioned in the policy."
    },
    {
        "type": "sql_restricted_tables",
        "category": "security",
        "name": "SQL - Restricted Tables",
        "description": "Detects generation of SQL statements with access to specific tables that are considered sensitive. It is recommended to activate the policy and define system tables, as well as other tables with sensitive information."
    },
    {
        "type": "sql_allowed_tables",
        "category": "security",
        "name": "SQL - Allowed tables",
        "description": "Detects SQL operations on tables that are not within the limits we set in the policy. Any operation on, or with another table that is not listed in the policy, will trigger the action configured in the policy. Enable this policy for achieving the finest level of security for your SQL statements."
    },
    {
        "type": "sql_read_only_access",
        "category": "security",
        "name": "SQL - Read-Only Access",
        "description": "Detects any attempt to use SQL operations which requires more than read-only access. Activating this policy is important to avoid accidental or malicious run of dangerous SQL queries like DROP, INSERT, UPDATE and others."
    },
    {
        "type": "sql_load_limit",
        "category": "security",
        "name": "SQL - Load Limit",
        "description": "Detects SQL statements that are likely to cause significant system load and affect performance."
    },
    {
        "type": "basic_allowed_topics_on_prompt",
        "category": "topics",
        "name": "Allowed Topics - Prompt",
        "description": "Ensures the conversation adheres to specific and well-defined topics."
    },
    {
        "type": "basic_allowed_topics_on_response",
        "category": "topics",
        "name": "Allowed Topics - Response",
        "description": "Ensures the conversation adheres to specific and well-defined topics."
    },
    {
        "type": "prompt_injection",
        "category": "prompt_injection",
        "name": "Prompt Injection",
        "description": "Detects any user attempt of prompt injection or jailbreak."
    },
    {
        "type": "rag_hallucination",
        "category": "hallucinations",
        "name": "RAG Hallucination",
        "description": "Detects any response that carries a high risk of hallucinations, thus maintaining the integrity and factual correctness of the information."
    },
    {
        "type": "pii_on_prompt",
        "category": "security",
        "name": "PII - Prompt",
        "description": "Detects existence of PII in the user message, based on the configured sensitive data types. "
    },
    {
        "type": "pii_on_response",
        "category": "security",
        "name": "PII - Response",
        "description": "Detects potential responses containing PII, based on the configured sensitive data types. "
    },
    {
        "type": "toxicity_on_prompt",
        "category": "toxicity",
        "name": "Toxicity - Prompt",
        "description": "Detects user messages containing toxicity."
    },
    {
        "type": "toxicity_on_response",
        "category": "toxicity",
        "name": "Toxicity - Response",
        "description": "Detects potential responses containing toxicity."
    }
]

Get Specific Policy Template

Endpoint: GET https://guardrails.aporia.com/api/v1/policies/{template_type}

Headers:

  • Content-Type: application/json
  • Authorization: Bearer + Your copied Aporia API key

Path Parameters::

template_type
string
required

The type identifier of the policy template to retrieve.

Response Fields:

type
string
required

The policy type.

category
string
required

The policy category.

default_name
string
required

The policy default name.

description
string
required

Description of the policy.

Response JSON Example:

{
    "type": "competition_discussion_on_prompt",
    "category": "topics",
    "name": "Competition Discussion - Prompt",
    "description": "Detects any user attempt to start a discussion including the competition mentioned in the policy."
}

Create Custom Policy

Endpoint: POST https://guardrails.aporia.com/api/v1/policies/custom_policy

Headers:

  • Content-Type: application/json
  • Authorization: Bearer + Your copied Aporia API key

Request Fields:

name
string
required

The name of the custom policy.

target
string
required

The target of the policy - either prompt or response.

condition
CustomPolicyConditionConfig
required

There are 2 configuration modes for custom policy - simple and advanced, each with it’s own condition config.

For simple mode, the following parameters must be passed:

  • evaluation_instructions - Instructions that define how the policy should evaluate inputs.
  • modality - Defines whether instructions trigger a violation if they evaluate to TRUE or FALSE.
{
  "configuration_mode": "simple",
  "evaluation_instructions": "The {answer} is relevant to the {question}",
  "modality": "violate"
}

For advanced mode, the following parameters must be passed:

  • system_prompt - The system prompt that will be passed to the LLM
  • top_p - Top-P sampling probability, between 0 and 1. Defaults to 1.
  • temperature - Sampling temperature to use, between 0 and 2. Defaults to 1.
  • modality - Defines whether instructions trigger a violation if they evaluate to TRUE or FALSE.
{
  "configuration_mode": "advanced",
  "system_prompt": "You will be given a question and an answer, return TRUE if the answer is relevent to the question, return FALSE otherwise. <question>{question}</question> <answer>{answer}</answer>",
  "top_p": 1.0,
  "temperature": 0,
  "modality": "violate"
}

Response Fields:

type
string
required

The custom policy type identifier.

category
string
required

The policy category, typically ‘custom’ for user-defined policies.

default_name
string
required

The default name for the policy template, as provided in the request.

description
string
required

A description of the policy based on the evaluation instructions.

Response JSON Example:

{
    "type": "custom_policy_e1dd9b4a-84e5-4a49-9c59-c62dd94572ae",
    "category": "custom",
    "name": "Your Custom Policy Name",
    "description": "Evaluate whether specific conditions are met as per the provided instructions."
}

Edit Custom Policy

Endpoint: PUT https://guardrails.aporia.com/api/v1/policies/custom_policy/{custom_policy_type}

Headers:

  • Content-Type: application/json
  • Authorization: Bearer + Your copied Aporia API key

Path Parameters:

custom_policy_type
string
required

The custom policy type identifier to update. Returned from Create Custom Policy endpoint.

Request Fields:

name
string
required

The name of the custom policy.

target
string
required

The target of the policy - either prompt or response.

condition
CustomPolicyConditionConfig
required

There are 2 configuration modes for custom policy - simple and advanced, each with it’s own condition config.

For simple mode, the following parameters must be passed:

  • evaluation_instructions - Instructions that define how the policy should evaluate inputs.
  • modality - Defines whether instructions trigger a violation if they evaluate to TRUE or FALSE.
{
  "configuration_mode": "simple",
  "evaluation_instructions": "The {answer} is relevant to the {question}",
  "modality": "violate"
}

For advanced mode, the following parameters must be passed:

  • system_prompt - The system prompt that will be passed to the LLM
  • top_p - Top-P sampling probability, between 0 and 1. Defaults to 1.
  • temperature - Sampling temperature to use, between 0 and 2. Defaults to 1.
  • modality - Defines whether instructions trigger a violation if they evaluate to TRUE or FALSE.
{
  "configuration_mode": "advanced",
  "system_prompt": "You will be given a question and an answer, return TRUE if the answer is relevent to the question, return FALSE otherwise. <question>{question}</question> <answer>{answer}</answer>",
  "top_p": 1.0,
  "temperature": 0,
  "modality": "violate"
}

Response Fields:

type
string
required

The custom policy type identifier.

category
string
required

The policy category, typically ‘custom’ for user-defined policies.

default_name
string
required

The default name for the policy template.

description
string
required

Updated description of the policy based on the new evaluation instructions.

Response JSON Example:

{
    "type": "custom_policy_e1dd9b4a-84e5-4a49-9c59-c62dd94572ae",
    "category": "custom",
    "name": "Your Custom Policy Name",
    "description": "Evaluate whether specific conditions are met as per the new instructions."
}

Delete Custom Policy

Endpoint: DELETE https://guardrails.aporia.com/api/v1/policies/custom_policy/{custom_policy_type}

Headers:

  • Content-Type: application/json
  • Authorization: Bearer + Your copied Aporia API key

Path Parameters:

custom_policy_type
string
required

The custom policy type identifier to delete. Returned from Create Custom Policy endpoint.

Response: 200 OK

Create policies for multiple projects

Endpoint: PUT https://guardrails.aporia.com/api/v1/policies/

Headers:

  • Content-Type: application/json
  • Authorization: Bearer + Your copied Aporia API key

Request Fields:

project_ids
list[UUID]
required

The project ids to create the policies in

policies
list[Policies]
required

A list of policies to create. List of policies, each Policy has the following attributes: policy_type (string), priority (int), condition (dict), action (dict).

Projects APISecurity & Compliance