API Reference
The Expunct API provides programmatic access to detect, redact, and manage personally identifiable information across text, files, and cloud storage.
Base URL
https://api.pii-redactor.dev/api/v1All endpoints are relative to this base URL.
Authentication
Every request must include an API key in the X-API-Key header:
curl https://api.pii-redactor.dev/api/v1/health \
-H "X-API-Key: pk_live_your_key_here"See Authentication for details on creating and managing keys.
Content Type
All request and response bodies use JSON:
Content-Type: application/jsonFile uploads use multipart/form-data where noted.
Tenant Scoping
All tenant-scoped endpoints accept an optional ?tenant_id=... query parameter. If omitted, the tenant associated with the API key is used.
Error Format
Errors return standard HTTP status codes with a JSON body:
{
"detail": "error message describing what went wrong"
}| Status Code | Meaning |
|---|---|
| 400 | Bad request — invalid parameters or body |
| 401 | Unauthorized — missing or invalid API key |
| 403 | Forbidden — insufficient permissions |
| 404 | Not found — resource does not exist |
| 409 | Conflict — resource already exists |
| 422 | Validation error — request body failed validation |
| 429 | Rate limit exceeded |
| 500 | Internal server error |
Rate Limits
Rate limits vary by plan and are enforced per API key:
| Plan | Requests per Minute |
|---|---|
| Free | 100 |
| Pro | 1,000 |
| Enterprise | Unlimited |
When rate limited, the API returns 429 Too Many Requests with a Retry-After header indicating how many seconds to wait.
Pagination
List endpoints support pagination with limit and offset query parameters:
GET /jobs?limit=20&offset=40The default limit is 50 and the maximum is 100.
Endpoint Categories
| Category | Description |
|---|---|
| Redaction | Synchronous text redaction and async file/URI redaction |
| Jobs | Track and manage async redaction jobs |
| Batch Processing | Submit multiple files for redaction at once |
| Policies | Configure reusable redaction policies |
| Reviews (HITL) | Human-in-the-loop review queue for findings |
| Configuration | Custom recognizers, webhooks, allowlists/blocklists |
| Connectors | Cloud storage integrations (S3, GCS) |
| Billing & Usage | Subscription management and usage tracking |
| Audit Logs | Activity logs for compliance |
| API Keys | Create and manage API keys |
| Pseudonymization | Reverse pseudonymized values |
| Feature Flags | Check and manage feature flags |
| Health | Liveness and readiness probes |