Policies
Set org-wide governance policies that flag any event violating model allowlists, banned prompts, key-environment rules, or cost thresholds.
Policies are org-wide rules evaluated against every captured event. Violations surface in the alerts feed and on the dashboard. Hard enforcement at the proxy is in development — the current pass is detection-only.
List policies
/api/v1/policiesReturns every policy configured for your organization, enabled or not.
Response
{
"policies": [
{
"id": 12,
"policy_type": "approved_models",
"config": {"models": ["claude-sonnet-4-5", "claude-opus-4-7"]},
"enabled": true,
"updated_at": "2026-05-12T14:08:32+00:00"
}
]
}
Example
curl https://token.audit.id/api/v1/policies \
-H "Authorization: Bearer td_live_xxxx"
Upsert a policy
PUT /api/v1/policies/{policy_type}
Creates or replaces the policy of the given type. policy_type must be one of approved_models, banned_patterns, key_environment_check, or approval_required_threshold_cents.
Request body
| Field | Type | Description |
|---|---|---|
config |
object | Policy-type-specific config — see the four sections below |
enabled |
boolean | Whether the policy is active. Defaults to true |
Response
{
"id": 12,
"policy_type": "approved_models",
"config": {"models": ["claude-sonnet-4-5"]},
"enabled": true
}
Policy types
approved_models
Flags any event whose model is not in the allowlist. Use it to keep teams on sanctioned tiers (e.g. block one-off use of unreleased preview models).
| Field | Type | Description |
|---|---|---|
models |
string[] | Allowed model IDs. Empty list disables the check |
curl -X PUT https://token.audit.id/api/v1/policies/approved_models \
-H "Authorization: Bearer td_live_xxxx" \
-H "Content-Type: application/json" \
-d '{
"config": {"models": ["claude-sonnet-4-5", "claude-opus-4-7", "gpt-5"]},
"enabled": true
}'
banned_patterns
Flags any event whose prompt matches one of the supplied regexes. Useful for catching prompt-injection attempts, secrets exfiltration patterns, or policy-banned phrasing. Only the first 512 characters of each prompt are scanned.
| Field | Type | Description |
|---|---|---|
regexes |
string[] | Python-compatible regex patterns. Invalid patterns are skipped silently |
curl -X PUT https://token.audit.id/api/v1/policies/banned_patterns \
-H "Authorization: Bearer td_live_xxxx" \
-H "Content-Type: application/json" \
-d '{
"config": {"regexes": ["(?i)please ignore previous", "(?i)reveal your system prompt"]},
"enabled": true
}'
key_environment_check
Flags events that use a production API key from an environment that is not on the allowed list — catches the classic "prod key copied into staging" mistake. The SDK reports its environment via the _tokenid.environment payload tag.
| Field | Type | Description |
|---|---|---|
prod_key_prefixes |
string[] | API-key prefixes treated as production (e.g. sk_live_) |
allowed_envs |
string[] | Environments where prod keys are permitted (e.g. ["production"]) |
curl -X PUT https://token.audit.id/api/v1/policies/key_environment_check \
-H "Authorization: Bearer td_live_xxxx" \
-H "Content-Type: application/json" \
-d '{
"config": {
"prod_key_prefixes": ["sk_live_", "sk-ant-api03-"],
"allowed_envs": ["production"]
},
"enabled": true
}'
approval_required_threshold_cents
Flags any single call whose cost_usd (converted to cents) meets or exceeds the threshold — a tripwire for unusually expensive calls that should have human review.
| Field | Type | Description |
|---|---|---|
threshold_cents |
integer | Cost threshold in cents. 0 disables the check |
curl -X PUT https://token.audit.id/api/v1/policies/approval_required_threshold_cents \
-H "Authorization: Bearer td_live_xxxx" \
-H "Content-Type: application/json" \
-d '{
"config": {"threshold_cents": 5000},
"enabled": true
}'