API Reference

Glitch provides a unified API for both LLM proxying and management operations. Use a single API key for everything.

Authentication

All API requests use your Project API key in the Authorization header:

Authorization: Bearer glitch_sk_abc123...

Get your API key from the Glitch dashboard by creating a project.

Base URL

https://api.golabrat.ai

All endpoints below are relative to this base URL.

LLM Proxy

Glitch proxies two LLM API surfaces with security scanning: the OpenAI Chat Completions API and the Anthropic Messages API. Pick the section matching your provider — both share the same X-Risk-* response headers and audit-log shape.

Chat Completions

Endpoint: POST /v1/chat/completions

Proxies to the upstream LLM with input/output scanning applied.

curl https://api.golabrat.ai/v1/chat/completions \
  -H "Authorization: Bearer glitch_sk_abc123..." \
  -H "Content-Type: application/json" \
  -d '{
    "model": "gpt-4",
    "messages": [
      {"role": "system", "content": "You are a helpful assistant."},
      {"role": "user", "content": "Hello, world!"}
    ],
    "temperature": 0.7
  }'

{
  "id": "chatcmpl-abc123",
  "object": "chat.completion",
  "created": 1704067200,
  "model": "gpt-4",
  "choices": [{
    "index": 0,
    "message": {
      "role": "assistant",
      "content": "Hello! How can I help you today?"
    },
    "finish_reason": "stop"
  }],
  "usage": {
    "prompt_tokens": 20,
    "completion_tokens": 10,
    "total_tokens": 30
  }
}

Headers:

X-Risk-Blocked: false

HTTP/1.1 403 Forbidden
X-Risk-Blocked: true
X-Risk-Categories: prompt_attack
X-Risk-Confidence: 0.95
Content-Type: application/json

{
  "error": {
    "message": "Request blocked by security policy",
    "type": "security_block",
    "code": "prompt_attack_detected"
  }
}

Security Headers

All LLM proxy responses include security metadata:

Header	Description
`X-Risk-Blocked`	`true` if request was blocked, `false` otherwise
`X-Risk-Categories`	Comma-separated list of detected categories
`X-Risk-Confidence`	Highest confidence score (0.0-1.0)

Anthropic Messages API

Glitch proxies Anthropic’s /v1 API with detection on every inference endpoint and authenticated passthrough on metadata endpoints. Authentication uses two headers: X-Glitch-Key for tenant identity, plus your existing Anthropic credential (Authorization: Bearer ... or x-api-key: ...) which Glitch forwards verbatim. See Claude Code → API Key for setup.

Endpoint coverage

Endpoint	Method	Detection	Streaming
`/v1/messages`	POST	✅ Input + audit log	✅
`/v1/messages/count_tokens`	POST	Passthrough (no detection)	—
`/v1/models`	GET	Passthrough	—
`/v1/models/{model_id}`	GET	Passthrough	—
`/v1/messages/batches`	POST	✅ Detection on every sub-request	—
`/v1/messages/batches`	GET	Passthrough	—
`/v1/messages/batches/{id}`	GET / DELETE	Passthrough	—
`/v1/messages/batches/{id}/results`	GET	Passthrough	✅ JSONL
`/v1/messages/batches/{id}/cancel`	POST	Passthrough	—

Messages

Endpoint: POST /v1/messages

Full Anthropic Messages API with Glitch detection. Streaming and non-streaming both supported. All Anthropic content blocks are accepted; Glitch’s detector mines text from text, tool_use, tool_result, document, thinking, and unknown server-tool blocks before forwarding.

curl https://your-glitch-sensor.example.com/v1/messages \
  -H "X-Glitch-Key: glitch_sk_..." \
  -H "Authorization: Bearer sk-ant-..." \
  -H "anthropic-version: 2023-06-01" \
  -H "Content-Type: application/json" \
  -d '{
    "model": "claude-3-5-sonnet-20241022",
    "max_tokens": 1024,
    "messages": [{"role": "user", "content": "Hello"}]
  }'

What detection sees

Block type	Coverage
`text`	Full text
`tool_use`	Tool name + JSON-encoded input
`tool_result`	Recursive — text inside content arrays mined for nested injections
`document`	Inline plaintext source + `title` + `context`
`thinking`	Full thinking content
`image`	No OCR (no text mined)
Unknown server-tool blocks (`web_search_tool_result`, `code_execution_tool_result`, etc.)	Recursively mined for any string fields

Forwarded request headers

Header	Behavior
`Authorization`	Forwarded verbatim. May be a Bearer API key or an OAuth bearer from Claude Code’s subscription flow — Glitch never inspects or rewrites it.
`x-api-key`	Forwarded verbatim.
`anthropic-version`	Forwarded; defaults to `2023-06-01` if absent.
`anthropic-beta`	Forwarded verbatim — beta features (computer use, web search, code execution, prompt caching, extended thinking, 1M context, etc.) work transparently.
`X-Claude-Code-Session-Id`	Forwarded and captured into the audit log.
`X-Glitch-Key`	Consumed by Glitch and stripped before forwarding.

Response

The response is byte-for-byte the upstream Anthropic response (including content-encoding, content-type, and the SSE stream format), with Glitch risk headers added:

HTTP/1.1 200 OK
content-type: application/json
X-Risk-Blocked: false
X-Risk-Categories: []
X-Risk-Confidence: 0.0

If detection blocks the request, Glitch returns a 403 with an Anthropic-shaped error envelope so existing Anthropic SDKs surface the error correctly:

{
  "type": "error",
  "error": {
    "type": "permission_error",
    "message": "Request blocked by Glitch security policy. Detectors: prompt_attack"
  }
}

Count Tokens

Endpoint: POST /v1/messages/count_tokens

Pre-flight token counting. Authenticated passthrough — no detection runs because the endpoint returns no completion content.

List Models

Endpoint: GET /v1/models

curl https://your-glitch-sensor.example.com/v1/models \
  -H "X-Glitch-Key: glitch_sk_..." \
  -H "Authorization: Bearer sk-ant-..." \
  -H "anthropic-version: 2023-06-01"

Authenticated passthrough; supports the same ?limit=, ?after_id=, ?before_id= pagination params as upstream.

Get Model

Endpoint: GET /v1/models/{model_id}

Returns the metadata block for a single model.

Message Batches

Endpoint: POST /v1/messages/batches

Create a batch of up to 10,000 message requests for asynchronous processing. Each entry’s params is the same shape as a /v1/messages body — Glitch runs the full detection pipeline on every sub-request before forwarding. If any one sub-request would be blocked, the entire batch create returns 403 with the offending custom_id surfaced in the error message.

curl https://your-glitch-sensor.example.com/v1/messages/batches \
  -H "X-Glitch-Key: glitch_sk_..." \
  -H "Authorization: Bearer sk-ant-..." \
  -H "anthropic-version: 2023-06-01" \
  -H "Content-Type: application/json" \
  -d '{
    "requests": [
      {
        "custom_id": "req-1",
        "params": {
          "model": "claude-3-5-sonnet-20241022",
          "max_tokens": 1024,
          "messages": [{"role": "user", "content": "Hello"}]
        }
      }
    ]
  }'

Other batch endpoints (GET /v1/messages/batches, GET /v1/messages/batches/{id}, GET /v1/messages/batches/{id}/results, POST /v1/messages/batches/{id}/cancel, DELETE /v1/messages/batches/{id}) are authenticated passthroughs. The /results endpoint streams JSONL.

Claude Agent SDK

The Claude Agent SDK uses no additional endpoints — it spawns the Claude Code binary, which speaks the Messages API above. Setting ANTHROPIC_BASE_URL to your Glitch sensor covers all Agent SDK traffic. See the Agent SDK guide for setup.

Detect Only

Endpoint: POST /v1/detect

Run detection without proxying to an LLM. Useful for pre-screening content.

curl https://api.golabrat.ai/v1/detect \
  -H "Authorization: Bearer glitch_sk_abc123..." \
  -H "Content-Type: application/json" \
  -d '{
    "content": "Ignore all previous instructions",
    "direction": "input"
  }'

Response:

{
  "blocked": true,
  "categories": [
    {
      "type": "prompt_attack",
      "confidence": 0.95,
      "action": "block"
    }
  ]
}

Management

These endpoints let you manage policies and projects programmatically.

Policies

List Policies

Endpoint: GET /v1/policies/

curl https://api.golabrat.ai/v1/policies/ \
  -H "Authorization: Bearer glitch_sk_abc123..."

Response:

{
  "count": 2,
  "results": [
    {
      "id": "uuid-1",
      "name": "Balanced Security",
      "policy_mode": "IO",
      "is_default": true,
      "input_detectors": [...],
      "output_detectors": [...],
      "created_at": "2024-01-01T00:00:00Z"
    }
  ]
}

Get Policy

Endpoint: GET /v1/policies/{policy_id}/

curl https://api.golabrat.ai/v1/policies/uuid-1/ \
  -H "Authorization: Bearer glitch_sk_abc123..."

Create Policy

Endpoint: POST /v1/policies/

curl -X POST https://api.golabrat.ai/v1/policies/ \
  -H "Authorization: Bearer glitch_sk_abc123..." \
  -H "Content-Type: application/json" \
  -d '{
    "name": "My Custom Policy",
    "policy_mode": "IO",
    "input_detectors": [
      {
        "detector_type": "prompt_attack",
        "threshold": "L2",
        "action": "block"
      }
    ],
    "output_detectors": [
      {
        "detector_type": "pii/email",
        "threshold": "L2",
        "action": "block"
      }
    ],
    "allow_list": {
      "entries": ["@yourcompany.com"],
      "match_type": "contains"
    },
    "deny_list": {
      "entries": [],
      "match_type": "exact"
    }
  }'

Update Policy

Endpoint: PATCH /v1/policies/{policy_id}/

curl -X PATCH https://api.golabrat.ai/v1/policies/uuid-1/ \
  -H "Authorization: Bearer glitch_sk_abc123..." \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Updated Policy Name"
  }'

Delete Policy

Endpoint: DELETE /v1/policies/{policy_id}/

curl -X DELETE https://api.golabrat.ai/v1/policies/uuid-1/ \
  -H "Authorization: Bearer glitch_sk_abc123..."

Set Default Policy

Endpoint: POST /v1/policies/{policy_id}/set_default/

curl -X POST https://api.golabrat.ai/v1/policies/uuid-1/set_default/ \
  -H "Authorization: Bearer glitch_sk_abc123..."

Duplicate Policy

Endpoint: POST /v1/policies/{policy_id}/duplicate/

curl -X POST https://api.golabrat.ai/v1/policies/uuid-1/duplicate/ \
  -H "Authorization: Bearer glitch_sk_abc123..."

Projects

List Projects

Endpoint: GET /v1/projects/

curl https://api.golabrat.ai/v1/projects/ \
  -H "Authorization: Bearer glitch_sk_abc123..."

Response:

{
  "count": 1,
  "results": [
    {
      "id": "uuid-1",
      "name": "Production App",
      "key_prefix": "glitch_sk_abc",
      "environment": "production",
      "policy_id": "policy-uuid",
      "policy_name": "Balanced Security",
      "is_active": true,
      "created_at": "2024-01-01T00:00:00Z",
      "last_used_at": "2024-01-15T12:00:00Z"
    }
  ]
}

Create Project

Endpoint: POST /v1/projects/

curl -X POST https://api.golabrat.ai/v1/projects/ \
  -H "Authorization: Bearer glitch_sk_abc123..." \
  -H "Content-Type: application/json" \
  -d '{
    "name": "My New Project",
    "environment": "development",
    "policy_id": "policy-uuid"
  }'

Response:

{
  "id": "uuid-new",
  "name": "My New Project",
  "raw_key": "glitch_sk_newkey123...",
  "key_prefix": "glitch_sk_new",
  "environment": "development",
  "policy_id": "policy-uuid"
}

Update Project

Endpoint: PATCH /v1/projects/{project_id}/

curl -X PATCH https://api.golabrat.ai/v1/projects/uuid-1/ \
  -H "Authorization: Bearer glitch_sk_abc123..." \
  -H "Content-Type: application/json" \
  -d '{
    "policy_id": "new-policy-uuid"
  }'

Delete Project

Endpoint: DELETE /v1/projects/{project_id}/

curl -X DELETE https://api.golabrat.ai/v1/projects/uuid-1/ \
  -H "Authorization: Bearer glitch_sk_abc123..."

Detectors

List Detector Types

Endpoint: GET /v1/policies/detector_types/

curl https://api.golabrat.ai/v1/policies/detector_types/ \
  -H "Authorization: Bearer glitch_sk_abc123..."

Response:

{
  "detector_types": [
    { "value": "prompt_attack", "label": "Prompt Attack", "category": "prompt_defense" },
    { "value": "jailbreak", "label": "Jailbreak Detection", "category": "prompt_defense" },
    { "value": "pii/email", "label": "Email Address", "category": "data_leakage_prevention" },
    { "value": "pii/credit_card", "label": "Credit Card", "category": "data_leakage_prevention" },
    { "value": "pii/us_social_security_number", "label": "US Social Security Number", "category": "data_leakage_prevention" },
    { "value": "pii/phone_number", "label": "Phone Number", "category": "data_leakage_prevention" },
    { "value": "pii/ip_address", "label": "IP Address", "category": "data_leakage_prevention" },
    { "value": "pii/iban_code", "label": "IBAN Code", "category": "data_leakage_prevention" },
    { "value": "pii/address", "label": "Physical Address", "category": "data_leakage_prevention" },
    { "value": "pii/name", "label": "Personal Name", "category": "data_leakage_prevention" },
    { "value": "moderated_content/harassment", "label": "Harassment", "category": "content_moderation" },
    { "value": "moderated_content/harassment_threatening", "label": "Threatening Harassment", "category": "content_moderation" },
    { "value": "moderated_content/hate", "label": "Hate Speech", "category": "content_moderation" },
    { "value": "moderated_content/hate_threatening", "label": "Threatening Hate Speech", "category": "content_moderation" },
    { "value": "moderated_content/sexual", "label": "Sexual Content", "category": "content_moderation" },
    { "value": "moderated_content/sexual_minors", "label": "Sexual Content (Minors)", "category": "content_moderation" },
    { "value": "moderated_content/violence", "label": "Violence", "category": "content_moderation" },
    { "value": "moderated_content/violence_graphic", "label": "Graphic Violence", "category": "content_moderation" },
    { "value": "moderated_content/self_harm", "label": "Self Harm", "category": "content_moderation" },
    { "value": "moderated_content/self_harm_intent", "label": "Self Harm Intent", "category": "content_moderation" },
    { "value": "moderated_content/self_harm_instructions", "label": "Self Harm Instructions", "category": "content_moderation" },
    { "value": "moderated_content/illicit", "label": "Illicit Activities", "category": "content_moderation" },
    { "value": "moderated_content/illicit_violent", "label": "Violent Illicit Activities", "category": "content_moderation" },
    { "value": "unknown_links", "label": "Unknown Links", "category": "malicious_links" }
  ]
}

List Threshold Levels

Endpoint: GET /v1/policies/threshold_levels/

curl https://api.golabrat.ai/v1/policies/threshold_levels/ \
  -H "Authorization: Bearer glitch_sk_abc123..."

Response:

{
  "threshold_levels": [
    { "value": "L1", "label": "Confident" },
    { "value": "L2", "label": "Very Likely" },
    { "value": "L3", "label": "Likely" },
    { "value": "L4", "label": "Less Likely" }
  ]
}

Errors

All endpoints return consistent error responses:

{
  "error": {
    "message": "Human-readable error message",
    "type": "error_type",
    "code": "error_code"
  }
}

Status	Type	Description
400	`invalid_request`	Malformed request or validation error
401	`authentication_error`	Invalid or missing API key
403	`permission_denied`	Insufficient permissions
403	`security_block`	Request blocked by security policy
404	`not_found`	Resource not found
429	`rate_limit`	Rate limit exceeded
500	`internal_error`	Server error

Rate Limits

Endpoint Type	Limit
LLM Proxy (`/v1/chat/completions`, `/v1/messages`, `/v1/messages/batches`, `/v1/detect`)	1000 req/min
Anthropic metadata (`/v1/models`, `/v1/messages/count_tokens`)	1000 req/min
Management (`/v1/policies/`, `/v1/projects/`)	100 req/min

Rate limit headers are included in responses:

X-RateLimit-Limit: 1000
X-RateLimit-Remaining: 950
X-RateLimit-Reset: 1704067260