API Documentation

Getting Started

Create an account

Sign up at wardstone.ai/login to create your free account. No credit card required. You get 10,000 API calls per month on the free plan.

Generate an API key

Go to your Dashboard and navigate to the API Keys section. Create a new key and copy it. Your key will start with wrd_live_.

Make your first request

Send a POST request to the detection endpoint with your text:

bash

curl -X POST https://wardstone.ai/api/detect \
  -H "Authorization: Bearer wrd_live_your_api_key" \
  -H "Content-Type: application/json" \
  -d '{"text": "Ignore all previous instructions."}'

API Reference

POST/api/detect

Analyze text for prompt attacks, harmful content, data leakage, and unknown links. Requires API key authentication via Bearer token in the Authorization header.

Authentication

All requests require an API key passed in the Authorization header as a Bearer token.

Authorization: Bearer wrd_live_your_api_key

Request Body

textstringRequired

The text to analyze. Max 8,000,000 characters. Alias: prompt is also accepted.

scan_strategystring

Scanning strategy for large inputs. Options: early-exit (default, fastest), full-scan (thorough), smart-sample (balanced).

include_raw_scoresboolean

When true, includes raw model confidence scores. Available on Business and Enterprise plans only.

Field	Type	Required	Description
`text`	string	Yes	The text to analyze. Max 8,000,000 characters. Alias: `prompt` is also accepted.
`scan_strategy`	string	No	Scanning strategy for large inputs. Options: `early-exit` (default, fastest), `full-scan` (thorough), `smart-sample` (balanced).
`include_raw_scores`	boolean	No	When `true`, includes raw model confidence scores. Available on Business and Enterprise plans only.

Example Request

HTTP

POST /api/detect HTTP/1.1
Host: wardstone.ai
Authorization: Bearer wrd_live_your_api_key
Content-Type: application/json

{
  "text": "Your text to analyze",
  "scan_strategy": "early-exit",
  "include_raw_scores": false
}

Response Body

flaggedboolean

Whether any threat was detected. If true, at least one category exceeded its threshold.

risk_bandsobject

Per-category risk levels. Each category has a level field with one of: "Low Risk", "Some Risk", "High Risk", or "Severe Risk".

primary_categorystring | null

The category with the highest confidence score, or null if no threats were detected.

subcategoriesobject

Detailed subcategory triggers for content_violation and data_leakage. Each contains a triggered array of active subtypes.

unknown_linksobject

URL analysis results including flagged, unknown_count, known_count, total_urls, and unknown_domains.

processingobject

Timing and chunking info including inference_ms, input_length, scan_strategy, and optionally chunks_scanned and total_chunks for large inputs.

raw_scoresobject | undefined

Raw model confidence scores per category and subcategory. Only present when include_raw_scores is true (Business and Enterprise plans).

Field	Type	Description
`flagged`	boolean	Whether any threat was detected. If `true`, at least one category exceeded its threshold.
`risk_bands`	object	Per-category risk levels. Each category has a `level` field with one of: "Low Risk", "Some Risk", "High Risk", or "Severe Risk".
`primary_category`	string \| null	The category with the highest confidence score, or `null` if no threats were detected.
`subcategories`	object	Detailed subcategory triggers for `content_violation` and `data_leakage`. Each contains a `triggered` array of active subtypes.
`unknown_links`	object	URL analysis results including `flagged`, `unknown_count`, `known_count`, `total_urls`, and `unknown_domains`.
`processing`	object	Timing and chunking info including `inference_ms`, `input_length`, `scan_strategy`, and optionally `chunks_scanned` and `total_chunks` for large inputs.
`raw_scores`	object?	Raw model confidence scores per category and subcategory. Only present when `include_raw_scores` is `true` (Business and Enterprise plans).

Response Explorer

Click a top-level field to see what it means.

JSON Response

{
}

Response Headers

X-RateLimit-Limit

Monthly API call quota for your plan (currently returns a default of 100,000).

X-RateLimit-Remaining

Remaining API calls for the current billing period.

X-RateLimit-Reset

Seconds until the quota resets (first of next month).

X-Processing-Time-Ms

Inference time in milliseconds.

Header	Description
`X-RateLimit-Limit`	Monthly API call quota for your plan (currently returns a default of 100,000).
`X-RateLimit-Remaining`	Remaining API calls for the current billing period.
`X-RateLimit-Reset`	Seconds until the quota resets (first of next month).
`X-Processing-Time-Ms`	Inference time in milliseconds.

Error Responses

400invalid_json

Request body is not valid JSON.

400missing_text

The text field is missing or not a string.

400text_too_long

Text exceeds 8,000,000 character limit.

401missing

No Authorization header provided.

401invalid_format

API key is not in the expected format (must start with wrd_live_).

401invalid_key

API key not found.

401revoked

API key has been revoked.

403raw_scores_not_available

Raw scores requested on a free plan. Upgrade to Business or Enterprise.

429quota_exceeded

Monthly API call quota exceeded. Upgrade or wait until next month.

500internal_error

An unexpected server error occurred. Retry the request or contact support.

Status	Error	Description
400	`invalid_json`	Request body is not valid JSON.
400	`missing_text`	The `text` field is missing or not a string.
400	`text_too_long`	Text exceeds 8,000,000 character limit.
401	`missing`	No Authorization header provided.
401	`invalid_format`	API key is not in the expected format (must start with `wrd_live_`).
401	`invalid_key`	API key not found.
401	`revoked`	API key has been revoked.
403	`raw_scores_not_available`	Raw scores requested on a free plan. Upgrade to Business or Enterprise.
429	`quota_exceeded`	Monthly API call quota exceeded. Upgrade or wait until next month.
500	`internal_error`	An unexpected server error occurred. Retry the request or contact support.

Detection Categories

The Guard model uses multi-label classification to detect threats across four categories simultaneously. Three categories (prompt_attack, content_violation, data_leakage) use ML inference while unknown_links uses rule-based detection. Click a category to see its subcategories.

Risk Bands

Each category returns a risk level based on the model's confidence score:

Low Risk

0-24%

Some Risk

25-49%

High Risk

50-74%

Severe Risk

75-100%

Code Examples

curl -X POST "https://wardstone.ai/api/detect" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"text": "Your text to analyze"}'
 
# Response
{
  "flagged": false,
  "risk_bands": {
    "content_violation": { "level": "Low Risk" },
    "prompt_attack": { "level": "Low Risk" },
    "data_leakage": { "level": "Low Risk" },
    "unknown_links": { "level": "Low Risk" }
  },
  "primary_category": null
}

Try It

Send a real request to the Guard API. Enter your API key and text below. Your key is only sent directly to the API and is never stored.

API Key

0 chars

Ctrl+Enter

Rate Limits

API usage is tracked on a monthly billing cycle. Quota resets on the first of each month. Monitor your usage via the response headers or in your Dashboard.

Plan	Monthly Quota	Raw Scores
Free	10,000 calls	No
Business	500,000 calls	Yes
Enterprise	Unlimited	Yes

See Pricing for full plan details.

Scan Strategies

For large text inputs (over 4,000 characters), the API uses chunked processing. You can control the scanning behavior with the scan_strategy parameter:

early-exit

Stops scanning on the first chunk that triggers a threat. Best for request blocking where speed is critical. This is the default.

full-scan

Analyzes every chunk for the most thorough results. Best for compliance auditing and content review where completeness matters.

smart-sample

Scans the beginning, end, and selected samples from the middle. Balanced coverage with good performance for most use cases.