Get started
Authentication
Guardion authenticates every request with an API key. How you pass it differs between Guard and the Gateway.
Guard
Guard authenticates with your API key as a Bearer token. Create and manage keys in the console under Settings → API Keys. Keep keys server-side — never ship a Guardion API key in client-side code.
Missing or invalid credentials return 401 Unauthorized.
Authorization header
Authorization: Bearer gd_live_xxxxxxxxxxxxxxxxxxxx
Gateway
When calling the Gateway, your Guardion key goes in the x-guardion-api-key header, and the Authorization header carries your own LLM provider key — which the gateway forwards to the provider untouched (Guardion never stores it).
| Header | Required | Purpose |
|---|---|---|
| x-guardion-api-key | Yes | Your Guardion API key — authenticates against Guard. |
| Authorization | Yes | Your provider key (e.g. Bearer sk-...), forwarded to the LLM provider as-is. |
| x-guardion-policy | No | Policy slug that loads the guardrail definitions to apply. |
| x-guardion-provider | No | LLM provider (openai, anthropic, …). Inferred from the model prefix if omitted. |
curl https://api.guardion.ai/v1/guard \
-H "Authorization: Bearer $GUARDION_API_KEY" \
-H "Content-Type: application/json" \
-d '{ "messages": [{ "role": "user", "content": "Hello" }] }'
Response
{
"detail": "No token provided"
}