API Reference
Policies
Policies define which entity types to detect and how to handle them. Each organization starts with a default policy, and you can create custom policies for different use cases.
The Policy Object
{
"id": "pol_abc123xyz",
"name": "Customer Support Policy",
"description": "Redact customer PII in support conversations",
"entity_types": ["PERSON", "EMAIL", "PHONE", "SSN", "CREDIT_CARD"],
"redaction_format": "token",
"detection_mode": "balanced",
"template": null,
"custom_patterns": [
{
"name": "CUSTOMER_ID",
"pattern": "CUS-[A-Z]{2}[0-9]{6}",
"description": "Internal customer identifier"
}
],
"response_redaction": {
"enabled": false,
"method": "regex",
"action": "redact",
"buffer_size": 256
},
"provider_overrides": {},
"prompt_injection_detection": {
"enabled": false,
"mode": "log",
"sensitivity": "medium"
},
"is_default": false,
"created_at": "2026-01-15T10:00:00Z",
"updated_at": "2026-01-16T14:30:00Z"
}response_redaction
Configure response-side PII detection on LLM outputs. Professional+
provider_overrides
Define per-provider redaction rules to enforce different settings for specific LLM providers. Professional+
prompt_injection_detection
Enable prompt injection scanning on incoming requests with configurable sensitivity levels. Professional+
template
Reference to the compliance or utility template this policy was created from, if applicable.
List Policies
/api/policiesReturns a list of all policies for your organization.
Response
{
"policies": [
{
"id": "pol_abc123",
"name": "Default Policy",
"is_default": true,
"entity_types": ["PERSON", "EMAIL", "PHONE", "SSN"],
"redaction_format": "token",
"created_at": "2024-12-01T00:00:00Z"
},
{
"id": "pol_xyz789",
"name": "HIPAA Compliance",
"is_default": false,
"entity_types": ["PERSON", "MEDICAL_RECORD", "HEALTH_PLAN", "SSN"],
"redaction_format": "hash",
"created_at": "2024-12-10T00:00:00Z"
}
]
}Create Policy
/api/policiesCreates a new PII detection policy.
Request Body
{
"name": "Financial Services Policy",
"description": "Protect financial data in banking applications",
"entity_types": [
"PERSON",
"SSN",
"CREDIT_CARD",
"BANK_ACCOUNT",
"ROUTING_NUMBER",
"IBAN"
],
"redaction_format": "hash",
"detection_mode": "thorough",
"response_redaction": {
"enabled": true,
"method": "regex"
},
"prompt_injection_detection": {
"enabled": true,
"mode": "warn"
}
}Response
{
"id": "pol_new123",
"name": "Financial Services Policy",
"description": "Protect financial data in banking applications",
"entity_types": ["PERSON", "SSN", "CREDIT_CARD", "BANK_ACCOUNT", "ROUTING_NUMBER", "IBAN"],
"redaction_format": "hash",
"detection_mode": "thorough",
"response_redaction": {
"enabled": true,
"method": "regex",
"action": "redact",
"buffer_size": 256
},
"prompt_injection_detection": {
"enabled": true,
"mode": "warn",
"sensitivity": "medium"
},
"provider_overrides": {},
"is_default": false,
"created_at": "2026-01-16T15:00:00Z",
"updated_at": "2026-01-16T15:00:00Z"
}Update Policy
/api/policies/{policy_id}Updates an existing policy. Only specified fields are updated.
Parameters
| Parameter | Type | Description |
|---|---|---|
| policy_id | stringrequired | The policy ID to update |
Request Body
{
"name": "Updated Policy Name",
"entity_types": ["PERSON", "EMAIL", "PHONE"]
}Response
{
"id": "pol_abc123",
"name": "Updated Policy Name",
"entity_types": ["PERSON", "EMAIL", "PHONE"],
"redaction_format": "token",
"updated_at": "2024-12-16T16:00:00Z"
}Delete Policy
/api/policies/{policy_id}Deletes a policy. The default policy cannot be deleted.
Parameters
| Parameter | Type | Description |
|---|---|---|
| policy_id | stringrequired | The policy ID to delete |
Response
{
"success": true,
"message": "Policy deleted successfully"
}Response Detection Configuration
NewProfessional+The response_redaction object enables PII detection on LLM responses. Configure how NeuronEdge should handle sensitive data detected in model outputs.
enabled
Boolean. Enable or disable response-side PII detection.
method
String: "regex" | "both". Detection method for response analysis.
action
String: "redact" | "log". Action to take when PII is detected in response.
buffer_size
Number. Token buffer size for detection (default 256). Larger buffers detect patterns spanning multiple tokens.
{
"response_redaction": {
"enabled": true,
"method": "regex",
"action": "redact",
"buffer_size": 512
}
}Provider-Specific Overrides
NewProfessional+Override redaction behavior on a per-provider basis. Useful when different LLM providers require different trust levels or entity coverage.
{
"provider_overrides": {
"openai": {
"entity_types": ["PERSON", "SSN", "CREDIT_CARD", "EMAIL", "PHONE"],
"detection_mode": "thorough"
},
"workers-ai": {
"entity_types": ["SSN", "CREDIT_CARD"],
"detection_mode": "real-time"
},
"anthropic": {
"entity_types": ["PERSON", "SSN", "CREDIT_CARD", "EMAIL", "PHONE"],
"detection_mode": "thorough",
"prompt_injection_detection": { "enabled": true, "mode": "block" }
}
}
}Prompt Injection Configuration
NewProfessional+The prompt_injection_detection object configures detection and blocking of prompt injection attacks. Three action modes: log (record only), warn (continue but flag), and block (reject request).
enabled
Boolean. Enable or disable prompt injection detection.
mode
String: "log" | "warn" | "block". Response action when injection is detected.
sensitivity
String: "low" | "medium" | "high". Detection sensitivity threshold.
{
"prompt_injection_detection": {
"enabled": true,
"mode": "block",
"sensitivity": "high"
}
}Policy Templates
Get pre-configured policy templates for common use cases, including 5 compliance-specific templates:
/api/policies/templatesReturns 9 pre-configured policy templates including 5 compliance-specific templates.
Response
{
"templates": [
{
"id": "general",
"name": "General Purpose",
"category": "utility",
"description": "Broad PII protection for general applications",
"entity_count": 15,
"response_detection_enabled": false
},
{
"id": "hipaa",
"name": "HIPAA Safe Harbor",
"category": "compliance",
"regulation": "HIPAA",
"description": "Implements HIPAA Safe Harbor de-identification (18 identifiers)",
"entity_count": 15,
"response_detection_enabled": true
},
{
"id": "pci_dss",
"name": "PCI-DSS Cardholder Protection",
"category": "compliance",
"regulation": "PCI-DSS",
"description": "Protects cardholder data per PCI-DSS v4.0",
"entity_count": 9,
"response_detection_enabled": true
},
{
"id": "soc2",
"name": "SOC 2 Data Protection",
"category": "compliance",
"regulation": "SOC 2",
"description": "General PII protection aligned with SOC 2 Trust Services Criteria",
"entity_count": 12,
"response_detection_enabled": false
},
{
"id": "finra",
"name": "FINRA Client Protection",
"category": "compliance",
"regulation": "FINRA",
"description": "Protects client PII for registered investment advisors",
"entity_count": 14,
"response_detection_enabled": false
},
{
"id": "fedramp",
"name": "FedRAMP PII Protection",
"category": "compliance",
"regulation": "FedRAMP",
"description": "PII protection for government AI applications under FedRAMP moderate",
"entity_count": 20,
"response_detection_enabled": true
},
{
"id": "financial",
"name": "Financial Services",
"category": "utility",
"description": "Financial data and payment protection",
"entity_count": 10,
"response_detection_enabled": false
},
{
"id": "minimal",
"name": "Minimal",
"category": "utility",
"description": "Core identifiers only",
"entity_count": 2,
"response_detection_enabled": false
},
{
"id": "comprehensive",
"name": "Comprehensive",
"category": "utility",
"description": "Maximum protection with all entity types",
"entity_count": 105,
"response_detection_enabled": true
}
]
}Create Policy from Template
/api/policies/from-templateCreate a new policy from a compliance template. The template pre-fills entity types, detection settings, and response detection configuration.
Request Body
{
"template_id": "hipaa",
"name": "My HIPAA Policy",
"description": "HIPAA compliance for patient portal"
}Response
{
"id": "pol_from_template_01",
"name": "My HIPAA Policy",
"description": "HIPAA compliance for patient portal",
"template": "hipaa",
"entity_types": ["PERSON", "DATE_OF_BIRTH", "MEDICAL_RECORD_NUMBER", "HEALTH_PLAN_MEMBER_ID", "BIOMETRIC_ID", "PHONE", "EMAIL", "SSN", "ADDRESS", "ZIP_CODE", "ACCOUNT_NUMBER", "VEHICLE_ID", "DEVICE_ID", "URL", "IP_ADDRESS"],
"redaction_format": "token",
"detection_mode": "balanced",
"response_redaction": {
"enabled": true,
"method": "regex",
"action": "redact",
"buffer_size": 256
},
"is_default": false,
"created_at": "2026-01-16T15:00:00Z",
"updated_at": "2026-01-16T15:00:00Z"
}Available Entity Types
Get the complete list of 105+ supported entity types:
/api/policies/entity-typesReturns all available entity types organized by category.
Response
{
"categories": {
"identity": ["PERSON", "SSN", "PASSPORT", "DRIVERS_LICENSE", "DOB"],
"contact": ["EMAIL", "PHONE", "ADDRESS", "ZIP_CODE"],
"financial": ["CREDIT_CARD", "BANK_ACCOUNT", "IBAN", "ROUTING_NUMBER"],
"medical": ["MEDICAL_RECORD", "HEALTH_PLAN", "NPI", "DEA_NUMBER"],
"location": ["ADDRESS", "COORDINATES", "IP_ADDRESS"],
"technical": ["API_KEY", "PASSWORD", "AWS_KEY", "GITHUB_TOKEN"],
"organization": ["ORG", "GPE", "COMPANY_ID"],
"compliance": ["GDPR_ID", "CCPA_ID", "HIPAA_ID"]
},
"total_count": 105
}Using Policies in Requests
Specify a policy for each request using the X-NeuronEdge-Policy header:
curl -X POST https://api.neuronedge.ai/v1/openai/chat/completions \
-H "Authorization: Bearer ne_live_your_api_key" \
-H "X-Provider-API-Key: sk-your-openai-key" \
-H "X-NeuronEdge-Policy: pol_xyz789" \
-H "Content-Type: application/json" \
-d '{"model": "gpt-5.2", "messages": [...]}'If no policy is specified, your organization's default policy is used.