QubitGrid™ Developer Documentation

AI Prompt Injection & Safety Scanner API for LLM apps.

Authentication

All API requests require a valid API Key passed in the header. You can obtain a key by subscribing to any paid plan.

Authorization: Bearer YOUR_API_KEY

Endpoint: /scan

Scans a single text prompt for injection risks, jailbreaks, and PII leaks.

GET https://qubitgrid.ai/scan

Parameters

Name	Type	Description
`text`	string (required)	The user prompt or text to analyze.

Request Examples

cURL

curl -G "https://qubitgrid.ai/scan" \
  --data-urlencode "text=This is a user prompt being scanned" \
  -H "Authorization: Bearer YOUR_API_KEY"

Python

import requests

API_KEY = "YOUR_API_KEY"
BASE_URL = "https://qubitgrid.ai"

resp = requests.get(
    f"{BASE_URL}/scan",
    params={"text": "Check this prompt for injection"},
    headers={"Authorization": f"Bearer {API_KEY}"}
)
print(resp.status_code, resp.json())

Node.js

const API_KEY = "YOUR_API_KEY";
const BASE_URL = "https://qubitgrid.ai";

async function run() {
  const params = new URLSearchParams({ text: "Check this prompt" });
  const res = await fetch(`${BASE_URL}/scan?${params}`, {
    headers: { Authorization: `Bearer ${API_KEY}` },
  });
  const data = await res.json();
  console.log(res.status, data);
}
run();

Response Schema

{
  "flagged": true,           // boolean: true if ANY risk detected
  "severity": "high",        // low | medium | high | critical
  "flags": [                 // detailed findings
    {
      "rule": "obfuscated_code",
      "category": "evasion",
      "severity": "high",
      "message": "Potential obfuscated code detected"
    }
  ],
  "disclaimer": "..."
}

Error Codes

Code	Meaning	Action
401	Unauthorized	Check your API Key is valid and active.
402	Payment Required	Subscription expired or grace period ended. Update billing.
429	Too Many Requests	Daily limit exceeded. Upgrade plan or wait for reset (00:00 UTC).
500	Internal Error	Something went wrong on our side.

Tier Limits

Rate limits reset daily at 00:00 UTC.

Tier	Daily Scans
Free	15
Indie	1,000
Pro	5,000
Team	20,000
Enterprise	Custom
Lifetime	5,000

Billing & Grace Period

If a payment fails, your account enters a 3-day grace period. API requests will continue to function, but warnings will appear in the dashboard. After 3 days, requests will be blocked (402) until payment is restored.

Key Rotation

If a key is leaked, go to your Dashboard and click Rotate API Key. This immediately invalidates the old key and issues a new one.

Architecture & Whitepaper (Coming Soon)

Threat Model: How we define injection vs evasion.
Scanning Engine: Hybrid regex + semantic embeddings approach.
Roadmap: Post-Quantum Cryptography compliance checkers.