Documentation
Protect each LLM request with one server-side scan before you call your model.
1. Request Flow
- Your backend receives a prompt or other user-controlled input.
- Your backend calls
POST /v1/scan/inputwith that input in thecontentfield. - Axiom returns a result with an
action. - If
actionisblock, stop the request before it reaches your LLM. - Use
verdictas the scanner judgment andactionas the behavior your app should obey.
2. Environment
Generate a key in the dashboard and store it server-side only.
- API keys use the
ax_live_prefix. - The plaintext key is shown once after generation.
- Do not send the key to browser code or mobile clients.
- Never put API keys in query params; use the Authorization header.
- Use the staging URL below until the production API domain is live.
# .env AXIOM_API_KEY=ax_live_your_generated_key AXIOM_API_BASE=https://axiom-stg-app.ashycoast-7f303533.eastus2.azurecontainerapps.io
3. Simple Scan Request
const res = await fetch("https://axiom-stg-app.ashycoast-7f303533.eastus2.azurecontainerapps.io/v1/scan/input", {
method: "POST",
headers: {
"content-type": "application/json",
"authorization": `Bearer ${process.env.AXIOM_API_KEY}`,
},
body: JSON.stringify({
content: userPrompt,
}),
});
const result = await res.json();
if (result.action === "block") {
throw new Error("Prompt blocked by Axiom");
}4. Next.js Route Example
// app/api/chat/route.ts
export const runtime = "nodejs";
export async function POST(req: Request) {
const { prompt } = await req.json();
const scan = await fetch(`${process.env.AXIOM_API_BASE}/v1/scan/input`, {
method: "POST",
headers: {
"content-type": "application/json",
"authorization": `Bearer ${process.env.AXIOM_API_KEY}`,
},
body: JSON.stringify({ content: prompt }),
});
const result = await scan.json();
if (result.action === "block") {
return Response.json({ error: "Prompt blocked by Axiom" }, { status: 403 });
}
// Continue to your LLM call here.
return Response.json({ ok: true });
}5. Key Management
- GenerateCreate keys from the dashboard. The website stores only a SHA-256 hash.
- StoreSave the plaintext key in your server environment when it is shown.
- RevokeRevoke keys from the dashboard when they are rotated or no longer needed.