OpenAPI · modules/a4p_api_webapp_backend/openapi.yaml

Privacy API v1

Everything about the public surface is expressed in openapi.yaml. This page simply renders highlights from that spec: same request shapes, same response envelopes, no backend-specific shortcuts.

Download openapi.yaml Open in Swagger Editor

Repo path: modules/a4p_api_webapp_backend/openapi.yaml

Spec excerpt

openapi: 3.1.1
info:
  title: A4P API
  version: 1.0.0
servers:
  - url: https://a4p.ai4privacy.com
paths:
  /v1/models:
    get:
      summary: List available models and datasets
  /v1/anonymise:
    post:
      summary: Submit text or files for PII redaction

Auth & headers

curl -H "Authorization: Bearer $A4P_API_KEY" \
     -H "Content-Type: application/json" \
     https://api.ai4privacy.com/v1/...

Every path expects a live API key in the Authorization header (Bearer token). Content is JSON unless stated otherwise.

Rotate keys that leak. Requests without this header return 401 Unauthorized.

GET /v1/models

Enumerate deployable models

This response matches paths./v1/models.get in openapi.yaml. Use it to drive dropdowns, capability checks, or policy inspectors.

Request

HTTP

curl https://api.ai4privacy.com/v1/models \
  -H "Authorization: Bearer $A4P_API_KEY"

Python (requests)

import os, requests

api_key = os.getenv("A4P_API_KEY")
response = requests.get(
    "https://api.ai4privacy.com/v1/models",
    headers={"Authorization": f"Bearer {api_key}"},
    timeout=15,
)
response.raise_for_status()
print(response.json())

JavaScript (fetch)

const apiKey = process.env.A4P_API_KEY;
const res = await fetch("https://api.ai4privacy.com/v1/models", {
  headers: { Authorization: `Bearer ${apiKey}` },
});
if (!res.ok) throw new Error(await res.text());
const models = await res.json();
console.log(models);

Response · 200 OK

[
  {
    "id": "ai4privacy/llama-ai4privacy-english-anonymiser-openpii",
    "type": "model",
    "description": "English-specific detection",
    "tier": "standard"
  },
  {
    "id": "ai4privacy/multilingual-pii",
    "type": "model",
    "description": "Multilingual detection",
    "tier": "standard"
  }
]

Each entry mirrors the schema in openapi.yaml, so your client can trust these field names (id, type, description, tier).

POST /v1/anonymise

Send text for redaction

Derived directly from paths./v1/anonymise.post, including the example payload defined in the spec.

Request

HTTP

curl -X POST https://api.ai4privacy.com/v1/anonymise \
  -H "Authorization: Bearer $A4P_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "model": "ai4privacy/llama-ai4privacy-english-anonymiser-openpii",
    "input": "Patient John Doe (DOB: 12/05/1980) visited..."
  }'

Python (requests)

import os, requests

payload = {
    "model": "ai4privacy/llama-ai4privacy-english-anonymiser-openpii",
    "input": "Patient John Doe (DOB: 12/05/1980) visited...",
}
response = requests.post(
    "https://api.ai4privacy.com/v1/anonymise",
    headers={
        "Authorization": f"Bearer {os.getenv('A4P_API_KEY')}",
        "Content-Type": "application/json",
    },
    json=payload,
    timeout=30,
)
response.raise_for_status()
print(response.json())

JavaScript (fetch)

const apiKey = process.env.A4P_API_KEY;
const payload = {
  model: "ai4privacy/llama-ai4privacy-english-anonymiser-openpii",
  input: "Patient John Doe (DOB: 12/05/1980) visited...",
};
const res = await fetch("https://api.ai4privacy.com/v1/anonymise", {
  method: "POST",
  headers: {
    Authorization: `Bearer ${apiKey}`,
    "Content-Type": "application/json",
  },
  body: JSON.stringify(payload),
});
if (!res.ok) throw new Error(await res.text());
const mask = await res.json();
console.log(mask);

Response · 200 OK

{
  "privacy_mask": [
    {"label": "DATE", "start": 15, "end": 30, "label_index": 1},
    {"label": "GIVENNAME", "start": 42, "end": 48, "label_index": 1},
    {"label": "SURNAME", "start": 49, "end": 55, "label_index": 1},
    {"label": "TIME", "start": 59, "end": 64, "label_index": 1}
  ],
  "tokens_used": 128
}

label_index increments per occurrence of a label family within a single payload.

Items arrive in the order they appear in the text; use start/end to rebuild the mask on your side.

Schema references

Components pulled from the spec

Use these fragments when generating typed clients. They map 1:1 to components.responses and components.schemas.

Privacy mask item

type: object
properties:
  label:
    type: string
  start:
    type: integer
  end:
    type: integer
  label_index:
    type: integer

We deliberately omit value; the requester already owns the payload, so we avoid echoing raw text to keep the response lean and safer to handle.

Standard errors

components:
  responses:
    UnauthorizedError:
      description: Missing or invalid API key.
    UnprocessableEntityError:
      description: Semantic errors in request payload.
    InternalServerError:
      description: Unexpected server error.

Operational notes

401 means the Bearer token is missing/invalid. Mint a new A4P_API_KEY from the dashboard.
422 indicates payload shape drift: confirm model and input are present and encoded as UTF-8 JSON.
500 responses surface request-id headers; include them when escalating to [email protected].