Authenticating API Requests

Every request to the Guardian Layer API must include your API key in the X-API-Key header.

Header format

X-API-Key: cai_your_key_here

Replace cai_your_key_here with the key from your API Keys page.

Integration examples

Python (requests)

import requests
import os

response = requests.post(
    'https://api.custodianai.com/api/v1/deidentify/text',
    headers={
        'X-API-Key': os.environ['CUSTODIAN_API_KEY'],
        'Content-Type': 'application/json',
    },
    json={
        'text': 'Your input text here',
        'compliance_mode': 'MASKED',
    }
)

data = response.json()

JavaScript / TypeScript (fetch)

const response = await fetch('https://api.custodianai.com/api/v1/deidentify/text', {
  method: 'POST',
  headers: {
    'X-API-Key': process.env.CUSTODIAN_API_KEY!,
    'Content-Type': 'application/json',
  },
  body: JSON.stringify({
    text: 'Your input text here',
    compliance_mode: 'MASKED',
  }),
});

const data = await response.json();

cURL

curl -X POST https://api.custodianai.com/api/v1/deidentify/text \
  -H "X-API-Key: $CUSTODIAN_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"text": "Your input text here", "compliance_mode": "MASKED"}'

Storing your key safely

Always store your API key in an environment variable — never hard-code it in source files.

# .env
CUSTODIAN_API_KEY=cai_your_key_here

:::danger Never do this

// ❌ Hard-coded key — do NOT commit this
const apiKey = 'cai_abc123...';

:::

Authentication errors

HTTP Status	Meaning
`401 Unauthorized`	Missing or invalid API key
`403 Forbidden`	Key found but expired or credit limit reached

See Troubleshooting for how to resolve these.

Header format​

Integration examples​

Python (requests)​

JavaScript / TypeScript (fetch)​

cURL​

Storing your key safely​

Authentication errors​