Prompt-Protect API

List view

Quick Start
Welcome
Console & Settings
Release Notes
October 9, 2025 WitnessAI Update
October 23, 2025 WitnessAI Update
October 2, 2025 WitnessAI Update
September 30, 2025: WitnessAI Update
September 23, 2025: WitnessAI Update
August 12, 2025: WitnessAI Update
July 31, 2025: WitnessAI Update
July 18, 2025: WitnessAI Update
June 23, 2025: WitnessAI Update
June 9, 2025: WitnessAI Update
April 11, 2025: WitnessAI Release v2.0
Copy August 12, 2025: WitnessAI Update
Supported Applications & LLMs
User Guide
Lists - OLD
Private Applications
Home
Discovery
Discovered Apps
App Catalog
Analytics
Conversations
Users
Alerts
Policies
Lists
Settings
Configuration
Access Control
System
Secure AI Portal
User Menu
Policies & GuardRails
Policy Creation
Policy Precedence
GuardRail: Behavioral Activity
GuardRail: Data Protection
GuardRail: Harmful Response Prevention (Beta)
GuardRail: Model Identity Protection
GuardRail: Model Protection
GuardRail: Organizational Behavior (Beta)
GuardRail: Risk Analysis
Witness Anywhere: Remote Device Security
Witness Anywhere Overview
Witness Anywhere with Stunnel
Witness Anywhere: Azure VDI - Intune
Witness Anywhere: CrowdStrike (Windows)
Witness Anywhere: GPO (Windows)
Witness Anywhere: Jamf (macOS) (Beta)
Witness Anywhere: SentinelOne
Witness Anywhere: FAQ
Witness Attack
Witness Attack: AI Red Teaming 
Administrator Guide
Integrations: Identity Providers
Identity: Microsoft Entra ID (Azure AD)
Identity: Okta Identity
Integrations: Network Security
Netskope SWG
Palo Alto Networks NGFW
Prisma Access: DNS Sinkhole
Prisma Access: Explicit Proxy
Zscaler Internet Access
Zscaler Beta
Status Page
API Reference
Input API
Complete API
Text-Completion API
Prompt-Protect API
Encryption

Prompt-Protect API

Description

Refer to the API Reference page for an explanation of the API process.
The Prompt-Protect API performs the functions of the input, text-completion, and complete APIs in a single step, without interruption.
notion image

Field Descriptions

Input Fields

Field: Text Type: string Example: "What are some terms that mean lawyer?"
Description: The User Prompt text to be protected.
Field: provider_name Type: string Example: "openai"
Description: Name of the provider.
Field: model_name Type: string Example: "gpt-4o"
Description: Name of the model.
Object: user
Field: User email Type: string Example: you@yourorg.com
Object: caller
Field: application_name Type: string Example: myapp1
Description: Name of the application as displayed in the console.
Field: detailed_output Type: boolean Example: [true|false]
Description: Instructs output to include detailed logs and scorecards.

Response Fields

Field: request_id Type: string
Example: "f0078d68-0700-0000-0000-000023cf7b99".
Description: UUID for this prompt.
Field: conversation_id Type: string
Example: "f0078d68-0700-0000-0000-000023cf7b99".
Description: UUID for this conversation.
Field: text Type: string Example:
Description: input text
Field: report Type: array Example: See Example 200 Response.
Description: Array of Scorecards.
Field: warning_count Type: integer Example: 0
Description: Total warnings from all scorecards.
Field: error_count Type: integer Example: 0
Description: Total guardrails that could not execute (not pass / fail)
Field: incomplete_count Type: integer Example: 0
Description: Total guardrails that timed out. Not currently used.
Field: input_score Type: integer Example: 0
Description: Not currently used.
Field: output_score Type: integer Example: 0
Description: Not currently used.
Field: combined_score Type: integer Example: 0
Description: Not currently used. input_score + output_score.
Field: risk_score Type: integer Example: 0-3
Description: 0-3; 0 being no risk, 3 being high risk.
Field: result Type: string Example: “pass” or “fail”.
Description: Pass / fail string.
Field: block_flow Type: boolean Example: [true|false]
Description: Based on policy interpretation.

Scorecard Fields

💡
The API Response includes a “report” field, which consists of an array of “Scorecards”.
Field: id Type: string
Example: "f0078d68-0700-0000-0000-000023cf7b99"
Description: UUID for scorecard.
Field: prompt_id Type: string
Example: "f0078d68-0700-0000-0000-000023cf7b99"
Description: UUID for for prompt
Field: report_type Description: not currently used
Field: started Type: datetime Description: start time of run
Field: completed_at. Type: datetime Description: end time of run
Field: data_modified Type: boolean Example: [true|false]
Description: Specifies if input data was modified, or required redaction.
Field: risk_type Type: string Example: "Data Leakage"
Description: readable string of whatever risk was found
Field: risk_metric Type: string Example: "none", "low", "medium", "high".
Field: message Type: string
Description: Message that is guardrail specific. For the intention classifier, it is the User Prompt intent.
Field: result Type: string Example: “pass” or “fail”
Field: filter_identifier Type: string
Example: "fl-pre-intention-classifier"
Description: filter name

Example Request

curl --request POST \
     --url https://api.demo2.witness.ai/v1/guardrail/prompt-protect \
     --header 'accept: application/json' \
     --header 'authorization: bearer your-authenticaton-token' \
     --header 'content-type: application/json' \
     --data '
{
  "text": "payment American Express: 3714-496353-98431 or 371449635398431",
  "provider_name": "openai",
  "model_name": "gpt-4o",
  "user": {
    "email": "admin@yourco.com"
  },
  "caller": {
    "application_name": "Custom App",
    "application_version": "v1.0.1"
  }
}
'

Example 200 Response

{
  "request_id": "f0078d68-0100-0000-0000-00007845779e",
  "conversation_id": "f0078d68-0700-0000-0000-000023cf7b99",
  "text": "payment American Express: [TEMPLATE_CREDIT_CARD_2] or [TEMPLATE_CREDIT_CARD_1]",
  "report": {
    "score_cards": [
      {
        "id": "f0078d68-0c00-0000-0000-00003bd96865",
        "prompt_id": "f0078d68-0100-0000-0000-00007845779e",
        "report_type": "",
        "started_at": "2025-08-01T18:31:12.358245Z",
        "completed_at": "2025-08-01T18:31:12.366365Z",
        "data_modified": true,
        "confidence": 100,
        "risk_score": 3,
        "risk_type": "Data Leakage",
        "risk_metric": "High",
        "message": "input required anonymization",
        "result": "pass",
        "filter_identifier": "fl-pre-anonymizer",
        "rule_result": "warn",
        "rule_message": "Data Protection set to Warn Action ."
      },
      {
        "id": "f0078d68-0c00-0000-0000-000018423116",
        "prompt_id": "f0078d68-0100-0000-0000-00007845779e",
        "report_type": "",
        "started_at": "2025-08-01T18:31:12.349592Z",
        "completed_at": "2025-08-01T18:31:12.94504Z",
        "data_modified": false,
        "risk_type": "None",
        "risk_metric": "None",
        "message": "Process financial payment",
        "result": "pass",
        "filter_identifier": "fl-pre-topic-categorizer"
      },
      {
        "id": "f0078d68-0c00-0000-0000-0000009fbefa",
        "prompt_id": "f0078d68-0100-0000-0000-00007845779e",
        "report_type": "",
        "started_at": "2025-08-01T18:31:12.350063Z",
        "completed_at": "2025-08-01T18:31:12.410792Z",
        "data_modified": false,
        "risk_type": "None",
        "risk_metric": "None",
        "message": "prompt injection was not detected",
        "result": "pass",
        "filter_identifier": "fl-pre-risk-analysis"
      },
      {
        "id": "f6078d68-0c00-0000-0000-0000a1fdc565",
        "prompt_id": "f0078d68-0100-0000-0000-00007845779e",
        "report_type": "",
        "started_at": "2025-08-01T18:31:18.854834Z",
        "completed_at": "2025-08-01T18:31:18.918675Z",
        "data_modified": false,
        "risk_type": "None",
        "risk_metric": "None",
        "message": "[]",
        "result": "pass",
        "filter_identifier": "fl-pre-intention-classifier"
      }
    ],
    "warning_count": 0,
    "error_count": 0,
    "incomplete_count": 0,
    "input_score": 0,
    "output_score": 0,
    "combined_score": 0,
    "risk_score": 3,
    "result": "pass"
  },
  "block_flow": false,
  "route": false,
  "text_modified": true,
  "prompt_instructions": "Below is a request that may contain predefined placeholders, such as [TEMPLATE_PERSON_1], [TEMPLATE_CREDIT_CARD_2], etc.,In your response to the request, if your response needs to include a placeholder for context, you must preserve the format by keeping it in uppercase.Do not modify these placeholders in any manner. Do not add any new placeholders.",
  "messages": [
    "Data Protection set to Warn Action ."
  ]
}

HTTP Status Codes

200: Successful
400: Bad Request
401: Unauthorized
500: Internal Server Error