> ## Documentation Index
> Fetch the complete documentation index at: https://docs.hitheo.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Get or Set an API Key's Guardrail Binding

> Bind a guardrail policy to an API key, or clear the binding.

Manage the 1:1 binding between an API key and a guardrail policy. The strict opt-in contract is enforced here: passing `policy_id: null` clears the binding and the key returns to no enforcement — there is no automatic fallback to an org or user default.

## Authentication

Requires a Bearer token with the `billing` API key scope and access to the key (the caller must own it, or — for team keys — have access through the org).

## GET

Read the current binding.

```bash theme={null}
curl https://www.hitheo.ai/api/v1/keys/{id}/guardrails \
  -H "Authorization: Bearer $THEO_API_KEY"
```

```typescript theme={null}
const { policy_id, has_policy } = await theo.keys.getGuardrailPolicy(keyId);
```

```json theme={null}
{ "key_id": "key_abc", "policy_id": "1f4f2c1a-...", "has_policy": true }
```

## PUT

Set or clear the binding.

<ParamField body="policy_id" type="string">
  Policy UUID. Pass `null` to clear the binding entirely.
</ParamField>

```bash theme={null}
# Bind a policy
curl -X PUT https://www.hitheo.ai/api/v1/keys/{id}/guardrails \
  -H "Authorization: Bearer $THEO_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{ "policy_id": "1f4f2c1a-22ce-4b07-9c0b-9c4f4b9b1d2e" }'

# Clear the binding
curl -X PUT https://www.hitheo.ai/api/v1/keys/{id}/guardrails \
  -H "Authorization: Bearer $THEO_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{ "policy_id": null }'
```

```typescript theme={null}
await theo.keys.setGuardrailPolicy(keyId, "1f4f2c1a-22ce-4b07-9c0b-9c4f4b9b1d2e");
await theo.keys.setGuardrailPolicy(keyId, null); // clear
```

## Scope rules

* Personal policies can only be bound to keys owned by their author.
* Team policies can only be bound to keys in the same org.
* Crossing the boundary returns `400 guardrail_policy_not_bindable` with a vendor-neutral message.

## Errors

* `400 guardrail_policy_not_bindable` — Policy is not visible to the key's scope.
* `404 not_found` — Key or policy doesn't exist (or isn't visible to the caller).
