API Reference

All requests go to your BitDrip Policy Engine at http://your-host:3001/api/v1.

For local installations this is http://localhost:3001/api/v1.

Authentication

Generate an API key in Admin Dashboard → Settings → API Keys → Generate.

http

Authorization: Bearer YOUR_API_KEY

Endpoints

GET /health

Returns service health. No authentication required.

bash

curl http://localhost:3001/health

json

{
  "status": "healthy",
  "timestamp": "2026-05-21T18:00:00.000Z",
  "version": "1.0.0",
  "services": {
    "database": { "status": "healthy", "latency": 3 },
    "cache":    { "status": "healthy", "latency": 2 }
  }
}

POST /api/v1/policies/evaluate

Evaluate content against all active policies for your organisation.

http

POST /api/v1/policies/evaluate
Authorization: Bearer YOUR_API_KEY
Content-Type: application/json

Request body:

json

{
  "content": "Text to evaluate",
  "context": {
    "service": "chatgpt",
    "userId": "user_abc"
  }
}

Response — violation detected:

json

{
  "action": "block",
  "violations": [
    {
      "category": "pii",
      "type": "ssn",
      "confidence": "high",
      "message": "Social Security Number detected"
    }
  ]
}

Response — clean:

json

{
  "action": "allow",
  "violations": []
}

Authentication endpoints

POST /api/v1/auth/login
POST /api/v1/auth/refresh
GET  /api/v1/auth/me
POST /api/v1/auth/logout
POST /api/v1/auth/api-keys
DELETE /api/v1/auth/api-keys/:id
GET  /api/v1/auth/subscription/status

Policy endpoints

GET    /api/v1/policies
POST   /api/v1/policies
PUT    /api/v1/policies/:id
DELETE /api/v1/policies/:id
POST   /api/v1/policies/evaluate

User endpoints

GET  /api/v1/users
POST /api/v1/users/invite
GET  /api/v1/users/:id

OpenAPI Spec

Full request/response schemas, field definitions, and interactive testing are available in the OpenAPI spec served by your running Policy Engine:

http://localhost:3001/api-docs

Rate Limits

Tier	Requests / minute
Community	60
Starter	300
Professional	1,000
Enterprise	Unlimited

Error Format

All errors follow this structure:

json

{
  "error": true,
  "code": "VALIDATION_ERROR",
  "message": "Human-readable description",
  "details": {}
}

Common error codes: UNAUTHORIZED, FORBIDDEN, NOT_FOUND, VALIDATION_ERROR, RATE_LIMITED.

API Reference ​

Authentication ​

Endpoints ​

GET /health ​

POST /api/v1/policies/evaluate ​

Authentication endpoints ​

Policy endpoints ​

User endpoints ​

OpenAPI Spec ​

Rate Limits ​

Error Format ​

API Reference

Authentication

Endpoints

GET /health

POST /api/v1/policies/evaluate

Authentication endpoints

Policy endpoints

User endpoints

OpenAPI Spec

Rate Limits

Error Format