API Usage Quickstart — AI Safety Gate

AI Safety Gate

Automation Safety Layer

API usage

Quickstart

Contents

Jump to docs

Docs

Docs Home

API usage

Quickstart Approval flow (WARN)Reference examples Anti-patterns Postman collection

Integrations

n8n drop-in workflow Using the HTTP API Approval flow & human review Integration options FAQ

Policies

Policy evolution

Security

Abuse & enforcement Failure modes Retention

⬅️ Back to Docs Home

Standalone enforcement API

Integrate enforcement into any system that executes AI-driven actions.

“AI Safety Gate is a standalone enforcement API that can be integrated into any system that executes AI-driven actions.”

AI Safety Gate evaluates AI output and returns an enforceable decision before you perform real-world actions.

Generic execution flow

Fail-closed control flow for safe execution.

1) Receive intent (the action you are about to execute).

2) Produce AI output (draft email, tool call request, structured payload, etc.).

3) Call POST https://aisafegate.com/api/validate with the AI output and context.

4) Branch on the decision:

- PASS: execute the action.

- WARN: review required — pause and require approval.

- BLOCK: do not execute.

5) If validation fails (network, parsing, missing fields), treat it as blocked and do not execute.

Quick Start (copy/paste)

Run a validate request, then handle PASS / WARN / BLOCK correctly.

Base URL:

https://aisafegate.com

1) Validate (curl)

curl -X POST "https://aisafegate.com/api/validate" \
  -H "Authorization: Bearer REPLACE_ME" \
  -H "Content-Type: application/json" \
  -d '{"ai_output":"Draft an email confirming a refund.","context":{"actionKind":"llm_output","actionType":"llm_text"}}'

2) Validate + enforce (JavaScript fetch)

// Works in Node.js 18+
const API_KEY = "REPLACE_ME";
const BASE_URL = "https://aisafegate.com";

async function validate(ai_output) {
  const res = await fetch(`${BASE_URL}/api/validate`, {
    method: "POST",
    headers: {
      "Content-Type": "application/json",
      Authorization: `Bearer ${API_KEY}`,
    },
    body: JSON.stringify({
      ai_output,
      context: { actionKind: "llm_output", actionType: "llm_text" },
    }),
  });

  if (!res.ok) throw new Error(await res.text());
  return res.json();
}

async function pollApproval({ decision_id, approval_token, timeoutMs = 5 * 60 * 1000 }) {
  const startedAt = Date.now();
  while (Date.now() - startedAt < timeoutMs) {
    const url = new URL(`${BASE_URL}/api/decisions/${decision_id}/approval`);
    const res = await fetch(url, {
      headers: {
        Authorization: `Bearer ${API_KEY}`,
        "X-Approval-Token": approval_token,
      },
    });
    if (!res.ok) return { approved: false };
    const data = await res.json();
    if (data && data.approved === true) return { approved: true };
    await new Promise((r) => setTimeout(r, 2000));
  }
  return { approved: false };
}

async function main() {
  let decision;
  try {
    decision = await validate("Draft an email confirming a refund.");
  } catch {
    // Fail closed
    return;
  }

  if (decision.status === "PASS") {
    // Execute action
    return;
  }

  if (decision.status === "BLOCK") {
    // Do not execute
    return;
  }

  if (decision.status === "WARN") {
    const { approved } = await pollApproval({
      decision_id: decision.decision_id,
      approval_token: decision.approval_token,
    });

    if (!approved) return;
    // Execute action
  }
}

main();

Response handling

Correct expectations for PASS / WARN / BLOCK.

PASS, WARN, and BLOCK are enforcement outcomes. Your system is responsible for honoring the outcome.

Decisions are immutable records of what was evaluated at the time of validation.

Recommended Safety Defaults (Production)

Customer-safe defaults for reliable enforcement.

Fail closed: if validation fails (timeouts, parsing, missing fields), do not execute.
Persist decisions for audit: store status + explanation for later review.
Treat WARN as review-required: pause execution until a human explicitly approves.
Treat BLOCK as terminal for the action path.
Keep environments separate (dev/stage/prod) and validate policy changes before rollout.

Known limitations (v1)

Practical boundaries to plan around.

Decisions depend on the context you provide; include action type and relevant workflow metadata.
The service cannot prevent actions your system executes without enforcing the returned decision.
WARN handling requires explicit workflow implementation (pause, approve, then proceed).

Disclaimer

This documentation is provided for general information only. It is not legal advice, not a guarantee of compliance, and not a substitute for your own security review. You are responsible for evaluating and meeting any legal, regulatory, and contractual obligations applicable to your use case.