Back

Bordair API

Detect prompt injection in milliseconds. One endpoint, one header, one line of code.

<100ms
Average latency
99%+
Detection accuracy
100K+
Training examples

Quick start

1 Sign up at bordair.io/signup and verify your email
2 Copy your API key from your dashboard (starts with bdr_)
3 Send your first scan:
curl
curl -X POST https://api.bordair.io/scan \
  -H "Content-Type: application/json" \
  -H "x-api-key: bdr_your_key_here" \
  -d '{"input": "ignore all previous instructions"}'
Response
{
  "threat": "high",
  "confidence": 1.0,
  "method": "pattern"
}

Base URL: https://api.bordair.io

All requests and responses are JSON. UTF-8 encoded.

Authentication

Every request to authenticated endpoints requires an x-api-key header containing your Bordair API key.

Header
x-api-key: bdr_your_key_here

Keys are generated after email verification and displayed in your dashboard. They start with bdr_ followed by 43 URL-safe characters. Keys are stored as SHA-256 hashes - Bordair never stores your plaintext key after initial generation.

Rate limits

Rate limits are applied per API key based on your plan tier. Limits are enforced on /scan, /logs, and /stats.

Free
$0/mo
20/min
500/day
Individual
$19/mo
100/min
10,000/day
Business
$99/mo
10,000/min
1,000,000/day
Enterprise
Custom
Unlimited
Contact us

When you exceed a limit, the API returns 429 Too Many Requests.

Errors

Bordair uses standard HTTP status codes. Error responses include a JSON body with a detail field.

StatusMeaning
200Success
400Bad request (e.g. invalid or expired verification code)
401Missing or invalid API key
409Conflict (e.g. email already registered)
422Invalid request body (missing field, input too long, invalid email)
429Rate limit exceeded
500Internal server error
Error response
{
  "detail": "Invalid or missing API key"
}

Scan text

POST /scan

Scan a text input for prompt injection. Returns threat level, confidence score, and detection method.

Requires API key

Request body

FieldTypeRequiredDescription
inputstringYesText to scan. Max 10,000 characters.

Response

FieldTypeDescription
threatstring"high" or "low"
confidencenumber0.0 to 1.0 - how confident the classifier is
methodstring"pattern" (regex match) or "ml" (ML classifier)

Examples

curl
curl -X POST https://api.bordair.io/scan \
  -H "Content-Type: application/json" \
  -H "x-api-key: bdr_your_key_here" \
  -d '{"input": "What is the capital of France?"}'
Python
from bordair import Bordair

client = Bordair(api_key="bdr_your_key_here")

# Full result
result = client.scan("What is the capital of France?")
print(result)
# {"threat": "low", "confidence": 0.9987, "method": "ml"}

# Boolean shorthand
if client.is_safe(user_input):
    response = call_your_llm(user_input)
JavaScript
import Bordair from "bordair";

const client = new Bordair({ apiKey: "bdr_your_key_here" });

// Full result
const result = await client.scan("What is the capital of France?");
// { threat: "low", confidence: 0.9987, method: "ml" }

// Boolean shorthand
if (await client.isSafe(userInput)) {
  const response = await callYourLLM(userInput);
}
200 - Benign input
JSON
{
  "threat": "low",
  "confidence": 0.9987,
  "method": "ml"
}
200 - Injection detected
JSON
{
  "threat": "high",
  "confidence": 1.0,
  "method": "pattern"
}

Health check

GET /health

Liveness check. Used by load balancers and monitoring tools.

No authentication required

curl
curl https://api.bordair.io/health
Response
{ "status": "ok" }

Scan logs

GET /logs

Retrieve your recent scan history. Returns hashed inputs only - no raw text is stored.

Requires API key

Query parameters

ParamTypeDefaultDescription
limitint100Number of records to return (1-1000)
curl
curl https://api.bordair.io/logs?limit=5 \
  -H "x-api-key: bdr_your_key_here"
Response
[
  {
    "id": 42,
    "timestamp": "2026-03-22T14:30:00Z",
    "input_hash": "a1b2c3...",
    "input_length": 47,
    "threat": "high",
    "confidence": 0.9998,
    "method": "ml"
  }
]

Scan statistics

GET /stats

Aggregate scan statistics for your API key.

Requires API key

curl
curl https://api.bordair.io/stats \
  -H "x-api-key: bdr_your_key_here"
Response
{
  "total_scans": 1247,
  "high_threat": 89,
  "low_threat": 1158,
  "avg_confidence": 0.9430
}

Register

POST /auth/register

Create a new account. Sends a 6-digit verification code to your email. Your API key is issued after verification.

No authentication required

Request body

FieldTypeDescription
emailstringYour email address
passwordstringMin 8 characters
curl
curl -X POST https://api.bordair.io/auth/register \
  -H "Content-Type: application/json" \
  -d '{"email": "dev@example.com", "password": "your_password"}'
Response
{
  "email": "dev@example.com",
  "tier": "free"
}

Verify email

POST /auth/verify

Verify your email with the 6-digit code sent on registration. Returns your API key on success. Codes expire after 15 minutes.

No authentication required

Request body

FieldTypeDescription
emailstringThe email you registered with
codestring6-digit verification code from your email
curl
curl -X POST https://api.bordair.io/auth/verify \
  -H "Content-Type: application/json" \
  -d '{"email": "dev@example.com", "code": "482910"}'
Response
{
  "api_key": "bdr_abc123...",
  "tier": "free"
}

Resend verification

POST /auth/resend-verification

Resend a verification code to the given email. Always returns success to prevent email enumeration.

No authentication required

curl
curl -X POST https://api.bordair.io/auth/resend-verification \
  -H "Content-Type: application/json" \
  -d '{"email": "dev@example.com"}'
Response
{ "sent": true }

Login

POST /auth/login

Retrieve your API key using your email and password.

No authentication required

curl
curl -X POST https://api.bordair.io/auth/login \
  -H "Content-Type: application/json" \
  -d '{"email": "dev@example.com", "password": "your_password"}'
Response
{
  "api_key": "bdr_abc123...",
  "tier": "free",
  "email": "dev@example.com"
}

Account info

GET /auth/me

Get your account details, plan tier, and usage statistics.

Requires API key

curl
curl https://api.bordair.io/auth/me \
  -H "x-api-key: bdr_your_key_here"
Response
{
  "email": "dev@example.com",
  "tier": "individual",
  "created_at": "2026-03-22T10:00:00Z",
  "total_scans": 1247,
  "threats_blocked": 89,
  "last_scan": "2026-03-22T14:30:00Z"
}

Python SDK

Install
pip install bordair
Python
from bordair import Bordair

# Reads BORDAIR_API_KEY from env if not provided
client = Bordair()

# Scan single input
result = client.scan("user message here")

# Boolean guard
if client.is_safe(user_input):
    response = call_your_llm(user_input)

# Batch scan (parallel)
results = client.scan_many(["hello", "ignore all rules"])

# Account info
stats = client.stats()
me = client.me()
logs = client.logs(limit=50)

JavaScript SDK

Install
npm install bordair
JavaScript
import Bordair from "bordair";

// Reads BORDAIR_API_KEY from process.env if not provided
const client = new Bordair({});

// Scan single input
const result = await client.scan("user message here");

// Boolean guard
if (await client.isSafe(userInput)) {
  const response = await callYourLLM(userInput);
}

// Batch scan (parallel)
const results = await client.scanMany(["hello", "ignore all rules"]);

// Express middleware
app.post("/chat", async (req, res) => {
  if (!(await client.isSafe(req.body.message))) {
    return res.status(400).json({ error: "Blocked" });
  }
  // safe to proceed
});