Documentation / api
API Reference
Integrate SupraWall directly into your AI agents or platforms using our REST API.
Authentication
All API requests must include an apiKey in the request body. You can find your API keys in the dashboard under "Connected Agents" or "Platform Connect".
Key Types
- Agent Keys: Used for individual agents configured in the dashboard.
- Connect Keys: Start with
agc_. Used for multi-tenant platform integrations.
Endpoints
POST
/api/v1/evaluate
Evaluates a tool call against defined security policies. It performs zero-trust validation, injects secrets from the vault, and logs the action for auditing.
Request Body
{
"apiKey": "string", // Required
"toolName": "string", // Required (e.g., 'read_file')
"args": "object", // Required (arguments for the tool)
"agentRole": "string", // Optional
"sessionId": "string", // Optional
"model": "string" // Optional (for cost estimation)
}Response
{
"decision": "ALLOW" | "DENY" | "REQUIRE_APPROVAL",
"reason": "string",
"resolvedArguments": "object", // If vault injected
"vaultInjected": "boolean",
"branding": "object",
"estimated_cost_usd": "number"
}POST
/api/v1/scrub
Helper utility to redact sensitive substrings from text. Primarily used to prevent LLMs from leaking secrets back to the user or logs.
Request Body
{
"text": "string", // Required
"secretValues": "string[]" // Required (list of strings to redact)
}Response
{
"text": "string", // Scrubbed text
"scrubbed": "boolean" // Whether any changes were made
}Quick Example (Node.js)
example.js
const response = await fetch("https://www.supra-wall.com/api/v1/evaluate", {
method: "POST",
headers: { "Content-Type": "application/json" },
body: JSON.stringify({
apiKey: process.env.SUPRAWALL_API_KEY,
toolName: "send_email",
args: { to: "user@example.com", subject: "Hello" }
})
});
const { decision, reason } = await response.json();
if (decision === "DENY") {
throw new Error(`Security Block: ${reason}`);
}
// Proceed with tool call...Need a custom integration?
Our enterprise team can help you build high-throughput security wrappers.