How do I fix a 401 Unauthorized error from abliteration.ai?

Check that your API key is set and sent as a Bearer token.

How do I fix a 404 Not Found error from abliteration.ai?

Make sure the base URL ends with /v1 and you call /chat/completions.

How do I fix a 400 Bad Request error from abliteration.ai?

Verify the model id and that messages are an array of { role, content } objects.

How do I fix a 429 Rate limit error from abliteration.ai?

Back off and retry. Use the Retry-After header for pacing.

Guides

Policy Gateway backend guide

Configure Policy Gateway, manage projects and keys, and enforce policy with /policy/chat/completions.

Updated 2026-01-14

This guide covers the backend APIs used to configure Policy Gateway and enforce policy on live traffic.

Management endpoints live under /api/policy-gateway and are intended for a user bearer token (JWT from the dashboard).

Enforcement is typically done through /policy/chat/completions with a policy API key (ak_...) plus optional policy_user, policy_project_id, and policy_target metadata.

{
  "policy_id": "policy-gateway",
  "name": "Support Policy",
  "owner": "Platform team",
  "description": "Ensure support replies follow approved topics.",
  "rules": {
    "allowlist": ["refund policy", "account support"],
    "denylist": ["illegal instructions"],
    "redact": true,
    "rewrite_instead_of_refuse": true,
    "response_pattern": "rewrite",
    "reason_codes": ["ALLOW", "REWRITE", "SUMMARY", "ESCALATE", "REFUSE"],
    "flagged_categories": ["self-harm", "self-harm/intent", "sexual/minors"]
  },
  "org_controls": {
    "project_keys": true,
    "user_quotas": true,
    "audit_logs": true,
    "data_classification": "confidential",
    "user_quota": { "requests": 5000, "tokens": 2000000, "window": "daily" },
    "project_quota": { "requests": 20000, "tokens": 10000000, "window": "monthly" }
  },
  "rollout": {
    "shadow": { "enabled": false, "sample_percent": 20, "targets": [] },
    "canary": { "enabled": false, "sample_percent": 5, "targets": [] },
    "rollback_on_spike": true,
    "rollback_threshold": 0.25,
    "rollback_min_requests": 20,
    "rollback_window_minutes": 15,
    "rollback_cooldown_minutes": 30,
    "rollback_decisions": ["refuse", "escalate"]
  },
  "refusal_replacement": {
    "mode": "rewrite",
    "escalation_path": "policy-review@example.com"
  }
}

API endpoints and auth

Policy Gateway splits management APIs (config, projects, history) from the enforcement endpoint.

All endpoints require Authorization; use a user JWT for management and a policy API key (ak_...) for enforcement.

Save policy configuration

POST a config object to store the policy and create a revision entry in history.

curl https://api.abliteration.ai/api/policy-gateway/config \
  -H "Authorization: Bearer $ABLIT_JWT" \
  -H "Content-Type: application/json" \
  -d '{
    "config": {
      "policy_id": "policy-gateway",
      "name": "Support Policy",
      "rules": {
        "allowlist": ["refund policy", "account support"],
        "denylist": ["illegal instructions"],
        "response_pattern": "rewrite"
      }
    }
  }'

Decision logic (what is evaluated)

Policy Gateway applies a consistent evaluation order so outcomes are predictable and testable.

Parse metadata (policy_id, policy_user, policy_project_id, policy_target).
Run moderation on the last user message if configured; some categories are hard-blocked.
Match allowlist/denylist terms against the last user message (substring match).
Compute triggered categories from moderation labels in rules.flagged_categories.
Choose a decision from response_pattern (rewrite/summary/escalate/refuse).
Resolve rollout mode (shadow/canary/enforced) and apply redaction if enforced.
Emit policy metadata and write history if audit logs are enabled.

Enforce policy on live traffic

Send OpenAI-compatible chat completions through the policy endpoint.

curl https://api.abliteration.ai/policy/chat/completions \
  -H "Authorization: Bearer $POLICY_KEY" \
  -H "Content-Type: application/json" \
  -H "X-Policy-User: user-12345" \
  -H "X-Policy-Project: support-bot" \
  -H "X-Policy-Target: support-bot" \
  -d '{
    "model": "abliterated-model",
    "messages": [
      { "role": "user", "content": "Summarize our refund policy." }
    ],
    "policy_id": "policy-gateway"
  }'

Rollouts and targeting

Rollouts are configured in the policy config and targeted with X-Policy-Target or policy_target.

Projects, keys, and quotas

Create a project per app or agent, issue a scoped key, and attach policy_user for per-user quotas.

curl https://api.abliteration.ai/api/policy-gateway/projects \
  -H "Authorization: Bearer $ABLIT_JWT" \
  -H "Content-Type: application/json" \
  -d '{ "name": "Support bot", "monthly_token_limit": 10000000, "monthly_request_limit": 20000 }'

curl https://api.abliteration.ai/api/policy-gateway/projects/support-bot/keys \
  -H "Authorization: Bearer $ABLIT_JWT" \
  -H "Content-Type: application/json" \
  -d '{ "label": "Support bot prod" }'

Simulate and audit

Use simulation for dry runs and history for audits.

curl https://api.abliteration.ai/api/policy-gateway/simulate \
  -H "Authorization: Bearer $ABLIT_JWT" \
  -H "Content-Type: application/json" \
  -d '{ "categories": ["self-harm/intent"] }'

curl "https://api.abliteration.ai/api/policy-gateway/history?type=enforcement&limit=20" \
  -H "Authorization: Bearer $ABLIT_JWT"