Skip to main content
CID222Documentation

API Overview

The CID222 API provides programmatic access to content safety features, session management, and administrative functions.

Base URL

https://api.cid222.ai

All API requests should be made to this base URL. For on-premises deployments, use your configured endpoint.

Authentication

All requests authenticate with a Bearer token in the Authorization header — either a tenant API key or a user JWT:

# Tenant API key (server-to-server)
Authorization: Bearer cid_key_your_api_key


# User JWT (from POST /auth/login)
Authorization: Bearer eyJ0eXAiOiJKV1Qi...

Which token where?

Chat, detection, image, and document endpoints accept a tenant API key (cid_key_...) or a JWT. Session and /admin endpoints require a user JWT.

API Endpoints

Chat Endpoints

MethodEndpointDescription
POST/chat/completionsStreamed completion with input/output safety filtering (SSE)
POST/chat/harden-promptRewrite a prompt to be safer and more robust
GET/chat/providersList available LLM providers
GET/modelsList models enabled for your tenant

Detection & Files

MethodEndpointDescription
POST/api/v1/guardrails/detectScan text for PII, secrets, toxicity, and jailbreak
POST/image-analysis/analyzeImage PII + OCR + redaction
POST/document-analysis/analyzePDF / DOCX / TXT / CSV PII + redaction
GET/document-analysis/:id/downloadDownload a redacted document

Session Endpoints

MethodEndpointDescription
POST/sessionsCreate a conversation session
GET/sessionsList your tenant's sessions
GET/sessions/:idGet session details with history
POST/sessions/:id/messagesSend a message in a session (SSE)
DELETE/sessions/:idDelete a session

Request Format

All requests should use JSON format with the Content-Type: application/json header.

Example Request
const response = await fetch('https://api.cid222.ai/chat/completions', {
  method: 'POST',
  headers: {
    'Authorization': 'Bearer ' + process.env.CID222_API_KEY,
    'Content-Type': 'application/json',
  },
  body: JSON.stringify({
    model: 'gpt-4o',
    messages: [
      { role: 'system', content: 'You are a helpful assistant.' },
      { role: 'user', content: 'Hello!' }
    ]
  })
});

Response Format

Chat and session messages stream Server-Sent Events. Non-streaming endpoints return JSON; errors include a status code and message:

SSE Response (chat)
data: {"type":"content_block_delta","index":0,"delta":{"type":"text_delta","text":"Hello!"}}


data: {"type":"context_usage","input_tokens":20,"output_tokens":10,"total_tokens":30}


data: {"type":"message_stop","total_duration_ms":540}


data: [DONE]
JSON Error Response (non-streaming endpoints)
{
  "statusCode": 400,
  "message": "Invalid request body",
  "error": "Bad Request"
}

Rate Limits

API rate limits depend on your subscription tier:

TierRequests/minTokens/day
Starter60100,000
Professional3001,000,000
EnterpriseCustomCustom
Rate limit headers are included in responses: X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset

Streaming Responses

Chat completions support Server-Sent Events (SSE) for real-time streaming. Set stream: true in your request.

Handle SSE Stream
const response = await fetch('https://api.cid222.ai/chat/completions', {
  method: 'POST',
  headers: {
    'Authorization': 'Bearer ' + process.env.CID222_API_KEY,
    'Content-Type': 'application/json',
  },
  body: JSON.stringify({ model: 'gpt-4o', messages: [...] })
});


const reader = response.body.getReader();
const decoder = new TextDecoder();


while (true) {
  const { done, value } = await reader.read();
  if (done) break;


  for (const line of decoder.decode(value).split('\n')) {
    if (!line.startsWith('data: ')) continue;
    const data = line.slice(6);
    if (data === '[DONE]') break;


    const event = JSON.parse(data);
    if (event.type === 'content_block_delta') {
      process.stdout.write(event.delta.text);
    } else if (event.type === 'input_rejected' || event.type === 'output_rejected') {
      console.error('Blocked:', event.reason);
    }
  }
}

Next Steps