DLP
Redact PII
Detects PII, replaces it with stable tokens, and stores the originals in a time-limited vault. Returns a vault_id you can later pass to /unredact to restore the originals.
POST
/v1/pii/redactConfig fields
| Field | Type | Description |
|---|---|---|
| entities | string[] | Entity types to redact (e.g. EMAIL, CREDIT_CARD, PERSON). Defaults to all. |
| threshold | number | Detection confidence threshold. Default 0.3. |
| vault_ttl | integer | Seconds the vault retains originals. Default 3600. |
| one_time_restore | boolean | If true, originals can be restored only once. Default true. |
| hash_seed | string | Optional seed for deterministic token hashing. |
Body Parameters
messagesMessage[]requiredMessages to scan and redact ({ role, content }).
configPIIConfigRedaction config (see Config fields below).
Response
messagesMessage[]Messages with PII replaced by tokens.
vault_idstringPass this to /unredact to restore.
redactedbooleanWhether anything was redacted.
entities_foundintegerNumber of PII entities found.
curl https://api.guardion.ai/v1/pii/redact \
-H "Authorization: Bearer $GUARDION_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"messages": [{ "role": "user", "content": "Email me at jane@acme.com, SSN 123-45-6789." }],
"config": { "entities": ["EMAIL", "US_SSN"], "vault_ttl": 1800 }
}'
Response
{
"messages": [{ "role": "user", "content": "Email me at [EMAIL_1], SSN [US_SSN_1]." }],
"vault_id": "vault_7c2a",
"redacted": true,
"entities_found": 2
}