Aguardic logoAguardic/Docs

Search documentation

Search all documentation pages

Get Started

Authentication

Authenticate with the Aguardic API using API keys.

API Keys

All API requests require authentication via an API key. API keys in Aguardic are per-integration — when you create an integration (REST API, MCP Server, or Agent), you receive an API key scoped to that integration. The key determines which policies get evaluated: only policies bound to that specific integration are checked.

Creating an API Key

  1. Navigate to Integrations in the Aguardic dashboard
  2. Click Add Integration and select the type (REST API, MCP Server, or Agent)
  3. Give it a name and optional description
  4. Copy the API key — it's shown only once

The key prefix ag_live_ identifies it as an Aguardic key.

Store API keys securely. Never commit them to version control or expose them in client-side code. Use environment variables instead.

Regenerating a Key

You can regenerate an API key from the integration's settings in the dashboard. The old key is immediately invalidated — any requests using it will return 401.

Making Requests

Include your API key in the Authorization header with the Bearer prefix:

curl -X POST https://api.aguardic.com/v1/evaluate \
  -H "Authorization: Bearer ag_live_abc123def456" \
  -H "Content-Type: application/json" \
  -d '{"input": {"message": "Hello, world!"}, "targetKey": "chat"}'

JavaScript/TypeScript

const response = await fetch("https://api.aguardic.com/v1/evaluate", {
  method: "POST",
  headers: {
    Authorization: `Bearer ${process.env.AGUARDIC_API_KEY}`,
    "Content-Type": "application/json",
  },
  body: JSON.stringify({
    input: { message: "Hello, world!" },
    targetKey: "chat",
  }),
});
 
const { data } = await response.json();

Available Endpoints

The following endpoints are accessible via API key authentication:

| Method | Endpoint | Description | |--------|----------|-------------| | POST | /v1/evaluate | Evaluate content against bound policies | | POST | /v1/evaluation-sessions | Create a new evaluation session | | GET | /v1/evaluation-sessions/:id | Get session with action chain | | POST | /v1/evaluation-sessions/:id/end | End an active session | | POST | /v1/mcp | MCP server endpoint (for MCP integrations) |

Dashboard endpoints like /v1/policies and /v1/policy-enforcements/violations are only accessible via session auth (dashboard login), not via API key.

Response Format

All API responses follow a consistent format:

Success

{
  "success": true,
  "statusCode": 200,
  "data": { ... }
}

Paginated Lists

{
  "success": true,
  "statusCode": 200,
  "data": {
    "data": [...],
    "total": 42,
    "page": 1,
    "pageSize": 20
  }
}

Errors

{
  "statusCode": 401,
  "errors": [
    { "message": "Invalid or expired API key" }
  ]
}

Error Codes

| Status | Description | |--------|-------------| | 401 | Invalid or missing API key | | 403 | API key lacks permission for this action | | 404 | Resource not found | | 500 | Internal server error |

Rate Limits

API requests are rate-limited. Contact support for details on your plan's limits.

Base URL

All API endpoints use the following base URL:

https://api.aguardic.com/v1

Next Steps

MarketplaceEvaluate