API Documentation
Complete REST API reference for the self-hosted PromptShield engine. All endpoints are available at your deployment URL.
Base URL
http://localhost:8000Replace with your deployment host and port.
Interactive API Docs
When running the server, visit /docs for an auto-generated interactive Swagger UI where you can test every endpoint directly.
http://localhost:8000/docsAuthentication
The self-hosted API runs on your infrastructure. Authentication is optional and configurable via environment variables. By default, the API accepts all local requests.
Quick Start
Get the local API running in under 5 minutes.
Install the package
pip install promptshield-appDownload a language model
python -m spacy download en_core_web_smSet your API key
export PROMPTSHIELD_API_KEY="ps_live_your_key_here"Your API key is available in the API Keys dashboard.
Start the server
promptshield serve --port 8000Process your first document
curl -X POST http://localhost:8000/api/documents/upload \
-F "file=@contract.pdf"
# → {"id": "abc123", "filename": "contract.pdf", "pages": 5}
curl -X POST http://localhost:8000/api/documents/abc123/detect
# → {"status": "completed", "regions_count": 42}
curl -X POST http://localhost:8000/api/documents/abc123/anonymize
# → {"status": "completed", "tokens_created": 42}
curl -o contract-safe.pdf \
http://localhost:8000/api/documents/abc123/download/pdfOr run with Docker (zero install)
docker run -e PROMPTSHIELD_API_KEY="ps_live_your_key_here" \
-p 8000:8000 -v promptshield-data:/data \
promptshield/promptshield-api:latestStep-by-Step Guide
A comprehensive walkthrough to set up the local API and integrate it into your workflow.
1. Prerequisites
Before you begin, make sure you have the following installed:
Optional — for full format support:
2. Install the SDK
Install the PromptShield Python package. The base install handles PDF files. Add the office extra for Word/Excel/PowerPoint.
pip install promptshield-apppip install "promptshield-app[office]"Download at least one spaCy NLP model:
# English (required — at least one model)
python -m spacy download en_core_web_sm
# For better accuracy (larger model)
python -m spacy download en_core_web_lgFor other languages, add the matching model:
python -m spacy download fr_core_news_sm # French
python -m spacy download de_core_news_sm # German
python -m spacy download es_core_news_sm # Spanish
python -m spacy download it_core_news_sm # Italian
python -m spacy download nl_core_news_sm # Dutch
python -m spacy download pt_core_news_sm # Portuguese3. Authentication
The local API uses your PromptShield API key for license validation. Set it as an environment variable or pass it when starting the server.
export PROMPTSHIELD_API_KEY="ps_live_your_key_here"$env:PROMPTSHIELD_API_KEY = "ps_live_your_key_here"The API key is validated online on startup and then cached locally for up to 35 days, so the server can run fully offline after the first launch.
4. Start the API Server
Launch the local server with a single command:
promptshield serve
# Starting PromptShield API server on 127.0.0.1:8000
# API docs available at http://127.0.0.1:8000/docsAvailable options:
| --host | Bind address (default: 127.0.0.1) |
| --port | Bind port (default: 8000) |
| --api-key | API key (alternative to env var) |
Once started, the API is available at the displayed URL. Interactive Swagger docs are at /docs.
5. Docker Deployment (Alternative)
For production deployments, Docker provides a zero-install experience with all dependencies bundled.
docker run -d --name promptshield \
-e PROMPTSHIELD_API_KEY="ps_live_your_key_here" \
-p 8000:8000 \
-v promptshield-data:/data \
promptshield/promptshield-api:latest# docker-compose.yml
services:
promptshield:
image: promptshield/promptshield-api:latest
ports:
- "8000:8000"
volumes:
- promptshield-data:/data
environment:
- PROMPTSHIELD_API_KEY=${PROMPTSHIELD_API_KEY}
restart: unless-stopped
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:8000/api/health"]
interval: 30s
volumes:
promptshield-data:Create a .env file with your API key:
PROMPTSHIELD_API_KEY=ps_live_your_key_hereThe Docker image includes:
6. API Workflow
The standard document processing workflow has 5 steps:
Full workflow example (cURL)
# 1. Upload
DOC_ID=$(curl -s -X POST http://localhost:8000/api/documents/upload \
-F "file=@contract.pdf" | python -c "import sys,json; print(json.load(sys.stdin)['id'])")
echo "Document ID: $DOC_ID"
# 2. Detect PII
curl -X POST http://localhost:8000/api/documents/$DOC_ID/detect
# → {"status": "completed", "regions_count": 42}
# 3. Review detected regions
curl http://localhost:8000/api/documents/$DOC_ID/regions | python -m json.tool
# → [{"type": "PERSON", "text": "John Smith", "score": 0.98}, ...]
# 4. Anonymize
curl -X POST http://localhost:8000/api/documents/$DOC_ID/anonymize
# → {"status": "completed", "tokens_created": 42}
# 5. Download the anonymized document
curl -o contract-safe.pdf \
http://localhost:8000/api/documents/$DOC_ID/download/pdf
echo "Done! Anonymized file saved to contract-safe.pdf"7. CLI Commands
Process documents directly from the command line without starting a server:
promptshield detect invoice.pdf
# Detected 23 PII entities across 5 pages
promptshield detect invoice.pdf -o report.json
# Report saved to report.jsonpromptshield anonymize contract.pdf -o contract-safe.pdf
# Anonymized: 42 tokens created, saved to contract-safe.pdfpromptshield detokenize contract-safe.pdf -o contract-restored.pdf
# Restored 42 tokens, saved to contract-restored.pdfAll CLI commands validate your API key and process documents locally. No data leaves your machine.
8. Python SDK (Direct Import)
For advanced integrations, import the core modules directly in your Python code. This gives you full control over every processing step.
import asyncio
from pathlib import Path
from promptshield import ingest_document, detect_pii_on_page, anonymize_document
async def process(input_path: str, output_path: str):
# Step 1 — Ingest document
doc = await ingest_document(input_path, Path(input_path).name)
print(f"Loaded: {doc.filename} ({len(doc.pages)} pages)")
# Step 2 — Detect PII
total_entities = 0
for page in doc.pages:
regions = detect_pii_on_page(page)
total_entities += len(regions)
print(f" Page {page.number}: {len(regions)} entities found")
print(f"Total PII entities: {total_entities}")
# Step 3 — Anonymize
result = await anonymize_document(doc)
print(f"Anonymized: {result.tokens_created} tokens created")
# Save the result
with open(output_path, "wb") as f:
f.write(result.content)
print(f"Saved to {output_path}")
asyncio.run(process("contract.pdf", "contract-safe.pdf"))Batch processing example
Process multiple files in a directory:
import asyncio
from pathlib import Path
from promptshield import ingest_document, detect_pii_on_page, anonymize_document
async def batch_process(input_dir: str, output_dir: str):
input_path = Path(input_dir)
output_path = Path(output_dir)
output_path.mkdir(parents=True, exist_ok=True)
files = list(input_path.glob("*.pdf"))
print(f"Processing {len(files)} files...")
for i, file in enumerate(files, 1):
print(f"[{i}/{len(files)}] {file.name}")
doc = await ingest_document(str(file), file.name)
for page in doc.pages:
detect_pii_on_page(page)
result = await anonymize_document(doc)
out_file = output_path / f"anon_{file.name}"
with open(out_file, "wb") as f:
f.write(result.content)
print(f" → {result.tokens_created} tokens, saved to {out_file.name}")
print("Batch complete!")
asyncio.run(batch_process("./documents", "./anonymized"))9. Security & Data Privacy
PromptShield is designed for zero-trust environments:
10. Troubleshooting
Common issues and solutions:
'No spaCy model found' error
Install at least one model: python -m spacy download en_core_web_sm
OCR not working on scanned PDFs
Install Tesseract OCR and ensure it's in your PATH. On Windows, the installer adds it automatically.
Office files fail to convert
Install LibreOffice. DOCX has a pure-Python fallback, but XLSX/PPTX require LibreOffice.
'Invalid API key' on startup
Verify your key starts with ps_live_ and that your subscription is active. Keys can be managed at /developers/api-keys.
Documents
/api/documents/uploadUpload Document
Upload a document for processing. Supports PDF, DOCX, XLSX, PPTX, and image files.
/api/documentsList Documents
Retrieve all uploaded documents with their detection and anonymization status.
/api/documents/{id}Get Document
Get detailed information about a specific document including page count and detection status.
/api/documents/{id}Delete Document
Remove a document and all associated data from the server.
Detection
/api/documents/{id}/detectDetect PII
Run the PII detection pipeline on a document. Combines regex, NER, and optional LLM layers.
/api/documents/{id}/regionsGet Regions
Retrieve all detected PII regions for a document with type, text, confidence score, and bounding box.
Anonymize & Export
/api/documents/{id}/anonymizeAnonymize Document
Anonymize a document by replacing detected PII with codes. Returns the processed document.
/api/documents/{id}/download/{type}Download Anonymized
Download the anonymized version of a document as PDF, DOCX, or XLSX.
/api/documents/batch-anonymizeBatch Anonymize
Anonymize multiple documents in a single request. Up to 50 documents processed concurrently.
Decode
/api/detokenizeDecode Text
Replace codes in a text string with their original values from the vault.
/api/detokenize/fileDecode File
Upload an encoded document and receive a version with all codes restored to original values.
Vault & Code Registry
/api/vault/statusVault Status
Get vault statistics: total codes, total documents, registry size.
/api/vault/tokensList Codes
Retrieve all code-to-original mappings stored in the vault.
/api/vault/exportExport Vault
Export the entire vault as a JSON file for backup or migration.
/api/vault/importImport Vault
Import a previously exported vault JSON to restore code mappings.
Health
/api/healthHealth Check
Returns server health status. Use for monitoring and load balancer health probes.
Example
# 1. Upload a document
curl -X POST http://localhost:8000/api/documents/upload \
-F "file=@contract.pdf"
# → {"id": "abc123", "filename": "contract.pdf", "pages": 5}
# 2. Run PII detection
curl -X POST http://localhost:8000/api/documents/abc123/detect
# → {"status": "completed", "regions_count": 42}
# 3. Get detected regions
curl http://localhost:8000/api/documents/abc123/regions
# → [{"type": "PERSON", "text": "John Smith", "score": 0.98, ...}, ...]
# 4. Anonymize the document
curl -X POST http://localhost:8000/api/documents/abc123/anonymize
# → {"status": "completed", "tokens_created": 42}
# 5. Download anonymized PDF
curl -o contract-safe.pdf \
http://localhost:8000/api/documents/abc123/download/pdfPython SDK
Use the core engine directly in your Python code for maximum flexibility.
import asyncio
from promptshield import ingest_document, detect_pii_on_page, anonymize_document
async def process(path: str):
# Ingest a document
doc = await ingest_document(path, "contract.pdf")
# Detect PII on each page
for page in doc.pages:
regions = detect_pii_on_page(page)
print(f"Page {page.number}: {len(regions)} entities")
# Anonymize the document
result = await anonymize_document(doc)
print(f"Done: {result.tokens_created} tokens")
asyncio.run(process("contract.pdf"))Error Handling
All error responses follow a standard JSON format with a detail field describing the error.
Bad request — invalid parameters or file format
Not found — document ID does not exist
Validation error — missing required fields
Server error — check logs for details
{
"detail": "Document not found: abc123"
}Rate Limits
The self-hosted API has no rate limits by default. You can configure rate limiting via environment variables if needed.