API docs

Full documentation is in progress. Get started with our quickstart examples below, then log in at app.polyredact.com to join the beta.

Quickstart

Send data through PolyRedact before it reaches external APIs. Here are minimal examples for the two main endpoints.

๐Ÿš€Proxy mode: Forward to OpenAI after redaction

curl https://api.polyredact.com/proxy \
  -H "Authorization: Bearer $POLYREDACT_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "target": "openai",
    "model": "gpt-4o",
    "messages": [{
      "role": "user",
      "content": "Support ticket from alice@example.com about order #12345"
    }]
  }'

๐ŸงฐRedact only: Get back masked data and audit log

curl https://api.polyredact.com/redact/text \
  -H "Authorization: Bearer $POLYREDACT_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "text": "User email is alice@example.com, phone is +1-555-1234",
    "policy": "mask_pii"
  }'

What happens in both flows

  • Detection: PolyRedact scans your input for PII (personally identifiable information), secrets, internal IDs and custom patterns.
  • Redaction: Based on your policy, sensitive fields are masked, partially revealed, or blocked entirely.
  • Forwarding: Clean data is sent to your destination (LLM, analytics, storage). Raw input is never logged.
  • Audit: Every call generates a signed audit record showing what was detected, what was redacted, and why.

Next steps

Log inView full examples (GitHub)

We're actively shaping the API design with early users. Your feedback on these endpoints, policy syntax, and audit formats helps us build the right tool.