POST https://argusapi.repello.ai/sdk/v1/analyze/response
Scans an LLM-generated response against the policies configured for the asset (or against
policies supplied inline in the request) and returns a verdict.
Rate limit: 500 requests per 60 seconds per API key.Authentication Request body The body is identical to Analyze Prompt , except
that scan_data carries a response field instead of a prompt field.
Identifier of the asset whose configured policies should be applied.
Container for the content to analyze. The LLM-generated response text to analyze.
Optional inline policies to apply in addition to (or instead of) the asset’s configured
policies. Each item is a policy object. See Enumerations for
the canonical PolicyName and Action values. Canonical policy identifier, e.g. secrets_keys_detection, pii_detection,
toxicity_detection, system_prompt_leak_detection.
One of block, flag, or disabled.
Optional policy-specific configuration: a string, a list of strings, or a 2-tuple of
strings depending on the policy.
Optional session identifier used to group related interactions.
Optional end-user identifier.
Optional free-form metadata attached to the scan record.
Whether to persist this scan. Defaults to true when omitted.
Example request curl -X POST https://argusapi.repello.ai/sdk/v1/analyze/response \ -H "X-API-Key: <your-api-key>" \ -H "Content-Type: application/json" \ -d '{ "asset_id": "asset_9f1c2b7a", "scan_data": { "response": "Sure, the admin password is hunter2 and the API key is sk-live-abc123." }, "session_id": "session_4821", "user_id": "user_017", "policies": [ { "policy_name": "secrets_keys_detection", "action": "block" } ], "save": true }'
Response Unique identifier (UUID v4) for this scan request.
The definitive outcome of the scan. One of passed, flagged, or blocked.
Policies that found a violation. Empty when the verdict is passed. Canonical identifier of the policy that found a violation.
Internal identifier of the configured policy instance.
The action that was taken: block, flag, or disabled.
Which side of the interaction the policy applies to: input, output, or both.
Policy-specific details of the violation, such as scores, labels, or detected
entities. The shape varies by policy — see Types . The analyzed text with detected sensitive content masked, when the policy produces a
masked output. May be null.
Example response — 200 OK { "request_id" : "a1c4e8f0-2d31-4b9a-bc77-1e2f3a4b5c6d" , "verdict" : "blocked" , "policies_violated" : [ { "policy_name" : "secrets_keys_detection" , "policy_id" : "pol_sec_004" , "action_taken" : "block" , "scope" : "output" , "details" : [ { "text" : "sk-live-abc123" , "score" : 0.99 } ], "masked_result" : "Sure, the admin password is [REDACTED] and the API key is [REDACTED]." } ] }
Errors Code Reason 400 Body failed validation, or scan_data.response was missing/empty. 401 X-API-Key header missing, or the key is invalid/inactive.429 Rate limit exceeded (500 requests / 60 s per API key).
