Skip to main content
POST
/
api
/
v1
/
guardrail-policies
Create Guardrail Policy
curl --request POST \
  --url https://api.example.com/api/v1/guardrail-policies \
  --header 'Content-Type: application/json' \
  --data '
{
  "name": "<string>",
  "description": "<string>",
  "rules": [
    {}
  ],
  "scope": "<string>",
  "is_default": true
}
'

Documentation Index

Fetch the complete documentation index at: https://docs.hitheo.ai/llms.txt

Use this file to discover all available pages before exploring further.

Create a new guardrail policy. Idempotent — the same Idempotency-Key header replays the same response. Creating a policy does not auto-bind it to a key. Use PUT /api/v1/keys//guardrails to opt a key in.

Authentication

Requires a Bearer token with the billing API key scope.

Body

name
string
required
Policy name. 1–128 chars. May not reference upstream provider names.
description
string
Free-text description. Up to 512 chars.
rules
object[]
Up to 32 rule objects. Each rule has guardrail_id, phase, verdict, and an optional config bag.
scope
string
"personal" (default) or "team". Team scope requires an active org and the manageWebhooks permission.
is_default
boolean
Mark this policy as the default for its scope. At most one default per scope.

Request Examples

curl -X POST https://www.hitheo.ai/api/v1/guardrail-policies \
  -H "Authorization: Bearer $THEO_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Compliance-strict",
    "description": "PII redaction + jailbreak deny.",
    "rules": [
      { "guardrail_id": "pii_redactor", "phase": "input", "verdict": "redact" },
      { "guardrail_id": "prompt_injection", "phase": "input", "verdict": "deny" }
    ]
  }'

Errors

  • 400 guardrail_policy_invalid — Unknown guardrail id, disallowed verdict for the builtin, vendor-named label, or rule cap exceeded.
  • 403 missing_scope — API key lacks the billing scope.
  • 409 conflictis_default: true already set for this scope.