Dashboard Get started

Policies are org-wide rules evaluated against every captured event. Violations surface in the alerts feed and on the dashboard. Hard enforcement at the proxy is in development — the current pass is detection-only.

List policies

GET/api/v1/policies

Returns every policy configured for your organization, enabled or not.

Response

{
  "policies": [
    {
      "id": 12,
      "policy_type": "approved_models",
      "config": {"models": ["claude-sonnet-4-5", "claude-opus-4-7"]},
      "enabled": true,
      "updated_at": "2026-05-12T14:08:32+00:00"
    }
  ]
}

Example

curl https://token.audit.id/api/v1/policies \
  -H "Authorization: Bearer td_live_xxxx"

Upsert a policy

PUT /api/v1/policies/{policy_type}

Creates or replaces the policy of the given type. policy_type must be one of approved_models, banned_patterns, key_environment_check, or approval_required_threshold_cents.

Requires the `admin` role. Other roles receive `403 admin role required`.

Request body

Field Type Description
config object Policy-type-specific config — see the four sections below
enabled boolean Whether the policy is active. Defaults to true

Response

{
  "id": 12,
  "policy_type": "approved_models",
  "config": {"models": ["claude-sonnet-4-5"]},
  "enabled": true
}

Policy types

approved_models

Flags any event whose model is not in the allowlist. Use it to keep teams on sanctioned tiers (e.g. block one-off use of unreleased preview models).

Field Type Description
models string[] Allowed model IDs. Empty list disables the check
curl -X PUT https://token.audit.id/api/v1/policies/approved_models \
  -H "Authorization: Bearer td_live_xxxx" \
  -H "Content-Type: application/json" \
  -d '{
    "config": {"models": ["claude-sonnet-4-5", "claude-opus-4-7", "gpt-5"]},
    "enabled": true
  }'

banned_patterns

Flags any event whose prompt matches one of the supplied regexes. Useful for catching prompt-injection attempts, secrets exfiltration patterns, or policy-banned phrasing. Only the first 512 characters of each prompt are scanned.

Field Type Description
regexes string[] Python-compatible regex patterns. Invalid patterns are skipped silently
curl -X PUT https://token.audit.id/api/v1/policies/banned_patterns \
  -H "Authorization: Bearer td_live_xxxx" \
  -H "Content-Type: application/json" \
  -d '{
    "config": {"regexes": ["(?i)please ignore previous", "(?i)reveal your system prompt"]},
    "enabled": true
  }'

key_environment_check

Flags events that use a production API key from an environment that is not on the allowed list — catches the classic "prod key copied into staging" mistake. The SDK reports its environment via the _tokenid.environment payload tag.

Field Type Description
prod_key_prefixes string[] API-key prefixes treated as production (e.g. sk_live_)
allowed_envs string[] Environments where prod keys are permitted (e.g. ["production"])
curl -X PUT https://token.audit.id/api/v1/policies/key_environment_check \
  -H "Authorization: Bearer td_live_xxxx" \
  -H "Content-Type: application/json" \
  -d '{
    "config": {
      "prod_key_prefixes": ["sk_live_", "sk-ant-api03-"],
      "allowed_envs": ["production"]
    },
    "enabled": true
  }'

approval_required_threshold_cents

Flags any single call whose cost_usd (converted to cents) meets or exceeds the threshold — a tripwire for unusually expensive calls that should have human review.

Field Type Description
threshold_cents integer Cost threshold in cents. 0 disables the check
curl -X PUT https://token.audit.id/api/v1/policies/approval_required_threshold_cents \
  -H "Authorization: Bearer td_live_xxxx" \
  -H "Content-Type: application/json" \
  -d '{
    "config": {"threshold_cents": 5000},
    "enabled": true
  }'
Violations are written to the alerts feed and dashboard. Hard enforcement — rejecting offending calls at the proxy before they reach the provider — is in development. See [Enforcement](/guides/enforcement) for the pre-call rules that already block today.