Documentation
API Reference
Complete reference for the Protectron REST API (v1).
https://api.protectron.ai/v1Overview
The Protectron API allows you to programmatically interact with your compliance data. Use it to:
- Submit events from custom integrations
- Query audit trail data
- Generate compliance reports
- Manage AI systems and configurations
- Set up webhooks for real-time notifications
API Version: v1 (stable)
Authentication
All API requests require authentication using an API key.
Getting Your API Key
- Go to dashboard.protectron.ai
- Navigate to Settings → API Keys
- Click Create New Key
- Copy the key (you won't see it again)
Using Your API Key
Include your API key in the Authorization header:
curl https://api.protectron.ai/v1/systems \
-H "Authorization: Bearer pk_live_xxxxxxxxxxxxxxxx"Key Types
| Key Prefix | Type | Use Case |
|---|---|---|
| pk_live_ | Production | Live applications |
| pk_test_ | Test | Development and testing |
Key Scopes
| Scope | Description |
|---|---|
| events:write | Submit events |
| events:read | Read events and traces |
| systems:read | Read system configurations |
| systems:write | Modify system configurations |
| reports:read | Generate and download reports |
| admin | Full access |
Rate Limits
| Plan | Requests/minute | Requests/day |
|---|---|---|
| Starter | 60 | 10,000 |
| Growth | 300 | 100,000 |
| Scale | 1,000 | 500,000 |
| Enterprise | Custom | Custom |
Rate limit headers are included in every response:
X-RateLimit-Limit: 300
X-RateLimit-Remaining: 299
X-RateLimit-Reset: 1702742400Errors
The API uses standard HTTP status codes:
| Code | Description |
|---|---|
| 200 | Success |
| 201 | Created |
| 400 | Bad Request — Invalid parameters |
| 401 | Unauthorized — Invalid or missing API key |
| 403 | Forbidden — Insufficient permissions |
| 404 | Not Found — Resource doesn't exist |
| 429 | Too Many Requests — Rate limited |
| 500 | Internal Server Error |
Error responses include details:
{
"error": {
"code": "invalid_parameter",
"message": "system_id is required",
"param": "system_id",
"doc_url": "https://docs.protectron.ai/api#events-create"
}
}Endpoints
Systems
| GET | /v1/systems | List all AI systems |
| GET | /v1/systems/{system_id} | Get system details |
| POST | /v1/systems | Create a new system |
| PATCH | /v1/systems/{system_id} | Update a system |
| DELETE | /v1/systems/{system_id} | Delete a system |
Events
| POST | /v1/events | Create a single event |
| POST | /v1/events/batch | Create events in batch (up to 1000) |
| GET | /v1/events | List events with filters |
| GET | /v1/events/{event_id} | Get event details |
Traces
| GET | /v1/traces | List traces |
| GET | /v1/traces/{trace_id} | Get trace with events |
Reports
| POST | /v1/reports | Generate a compliance report |
| GET | /v1/reports/{report_id} | Get report status |
| GET | /v1/reports/{report_id}/download | Download report file |
Webhooks
| POST | /v1/webhooks | Create a webhook |
| GET | /v1/webhooks | List webhooks |
| DELETE | /v1/webhooks/{webhook_id} | Delete a webhook |
Event Types
| Type | Description |
|---|---|
| llm_call | LLM prompt and completion |
| tool_call | Tool/function invocation |
| agent_action | Agent decision or action |
| agent_delegation | Task delegation between agents |
| human_approval | Human approved action |
| human_rejection | Human rejected action |
| human_override | Human overrode decision |
| risk_event | Anomaly or violation |
| error | Error or exception |
| custom | Custom event type |
Code Examples
Python
import requests
API_KEY = "pk_live_xxx"
BASE_URL = "https://api.protectron.ai/v1"
headers = {
"Authorization": f"Bearer {API_KEY}",
"Content-Type": "application/json"
}
# List systems
response = requests.get(f"{BASE_URL}/systems", headers=headers)
systems = response.json()["data"]
# Create event
event = {
"system_id": "sys_abc123",
"event_type": "llm_call",
"data": {
"model": "gpt-5.2",
"input": [{"role": "user", "content": "Hello"}],
"output": "Hi there!",
"tokens_input": 5,
"tokens_output": 3
}
}
response = requests.post(f"{BASE_URL}/events", json=event, headers=headers)TypeScript
const API_KEY = 'pk_live_xxx';
const BASE_URL = 'https://api.protectron.ai/v1';
async function listSystems() {
const response = await fetch(`${BASE_URL}/systems`, {
headers: {
'Authorization': `Bearer ${API_KEY}`,
},
});
return response.json();
}
async function createEvent(event: object) {
const response = await fetch(`${BASE_URL}/events`, {
method: 'POST',
headers: {
'Authorization': `Bearer ${API_KEY}`,
'Content-Type': 'application/json',
},
body: JSON.stringify(event),
});
return response.json();
}cURL
# List systems
curl https://api.protectron.ai/v1/systems \
-H "Authorization: Bearer pk_live_xxx"
# Create event
curl https://api.protectron.ai/v1/events \
-X POST \
-H "Authorization: Bearer pk_live_xxx" \
-H "Content-Type: application/json" \
-d '{
"system_id": "sys_abc123",
"event_type": "llm_call",
"data": {
"model": "gpt-5.2",
"tokens_input": 5,
"tokens_output": 3
}
}'SDKs
For most use cases, we recommend using our SDKs instead of the REST API directly:
| Language | Package | Documentation |
|---|---|---|
| Python | protectron | SDK Overview |
| TypeScript | @protectron/sdk | SDK Overview |
Ready to Integrate?
Get started with the SDK for the easiest integration, or use the REST API for custom implementations.