Skip to main content

Policies API

Policies allow you to control how Perf routes requests and handles content. Set model preferences, enforce cost limits, detect PII, and filter sensitive terms.

Why Policies?

  • Cost Control: Set budget limits and prefer cheaper models
  • Compliance: Block specific providers or require certain models
  • Security: Detect and redact PII from outputs
  • Governance: Monitor and control content with term filtering

Policy Types

TypeDescriptionAvailable Tiers
routingModel selection and routing rulesAll tiers
contentPII detection and term filteringPro, Growth, Team, Enterprise

Policy Templates API

Get pre-built policy templates to quickly enable common configurations.

List Templates

GET https://api.withperf.pro/v1/policies/templates
Response: 
{
  "templates": [
    {
      "slug": "budget-mode",
      "name": "Budget Mode",
      "description": "Aggressive cost optimization - prefer cheapest models",
      "category": "cost",
      "policy_type": "routing",
      "config": {
        "prefer_cheaper_models": true,
        "cost_ceiling_usd": 0.01
      }
    },
    {
      "slug": "pii-protection",
      "name": "PII Protection",
      "description": "Detect and redact PII from outputs",
      "category": "compliance",
      "policy_type": "content",
      "config": {
        "pii_detection": {
          "enabled": true,
          "types": ["ssn", "credit_card", "email"],
          "action": "redact"
        }
      }
    }
  ]
}

Get Template by Slug

GET https://api.withperf.pro/v1/policies/templates/{slug}
Example: 
curl https://api.withperf.pro/v1/policies/templates/budget-mode \
  -H "Authorization: Bearer pk_live_abc123"

Available Templates

Routing Templates

TemplateSlugCategoryDescription
Budget Modebudget-modecostPrefer cheapest models, set cost ceiling
Performance Modeperformance-modeperformanceOptimize for low latency
Quality Modequality-modeperformanceMaximize output quality with best models
No OpenAIno-openaicomplianceBlock all OpenAI models
No Anthropicno-anthropiccomplianceBlock all Anthropic models
Google Onlygoogle-onlycomplianceOnly use Google Gemini models

Content Templates (Pro+)

TemplateSlugCategoryDescription
PII Protectionpii-protectioncomplianceDetect and redact PII from outputs
Healthcare Compliancehealthcare-compliancecomplianceMedical context awareness + PII detection
Child-Safe Contentchild-safecomplianceAge-appropriate content enforcement
Professional Communicationprofessional-communicationcomplianceBusiness-appropriate tone
Custom Terms Filtercustom-terms-filtercomplianceBlock or require specific terms

Routing Policy Options

Configure how Perf selects models:
OptionTypeDescription
model_allow_liststring[]Only allow these specific models
model_block_liststring[]Block these models from selection
provider_allow_liststring[]Only use these providers (openai, anthropic, google)
provider_block_liststring[]Block these providers
cost_ceiling_usdnumberMaximum cost per API call
prefer_cheaper_modelsbooleanPrefer lower-cost models when quality is similar
latency_target_msnumberTarget maximum latency
prefer_faster_modelsbooleanPrefer lower-latency models
on_violationstringAction: info, warn, soft_block, hard_block
Example - Google Only Policy: 
{
  "name": "Google Only",
  "policy_type": "routing",
  "config": {
    "provider_allow_list": ["google"],
    "on_violation": "hard_block"
  }
}

Content Policy Options

Configure content filtering and PII detection:
OptionTypeDescription
evaluate_outputbooleanEvaluate model output (default: true)
pii_detection.enabledbooleanEnable PII detection
pii_detection.typesstring[]PII types to detect
pii_detection.actionstringAction: warn, redact, block
pii_detection.redaction_formatstringRedaction text (default: [REDACTED])
blocked_terms.enabledbooleanEnable blocked term detection
blocked_terms.termsstring[]List of terms to block
blocked_terms.actionstringAction: warn, redact, block
on_violationstringOverall violation action
Example - PII Protection Policy: 
{
  "name": "PII Protection",
  "policy_type": "content",
  "config": {
    "evaluate_output": true,
    "pii_detection": {
      "enabled": true,
      "types": ["ssn", "credit_card", "email", "phone_us"],
      "action": "redact",
      "redaction_format": "[REDACTED]"
    },
    "on_violation": "soft_block"
  }
}

Supported PII Types

TypePatternDescription
ssnXXX-XX-XXXXSocial Security Numbers
ssn_no_dashXXXXXXXXXSSN without dashes
credit_card13-19 digitsCredit cards (with Luhn validation)
emailuser@domain.comEmail addresses
phone_us(XXX) XXX-XXXXUS phone numbers
ip_addressX.X.X.XIPv4 addresses
date_of_birthMM/DD/YYYYDates of birth

Violation Actions

ActionDescription
infoLog only (audit mode) - request proceeds
warnLog warning - request proceeds with warning in response
soft_blockApply modifications (redact PII, override model) - request proceeds
hard_blockReject request with 403 error

Policy Blocked Response

When a request is blocked by a hard_block policy: 
{
  "error": "Request blocked by policy",
  "code": "POLICY_BLOCKED",
  "message": "Request blocked by policy: Model gpt-4o-mini is not in allow list",
  "policy_evaluation": {
    "result": "hard_block",
    "violations": [
      {
        "policy_name": "Google Only",
        "rule": "model_allow_list",
        "message": "Model gpt-4o-mini is not in allow list"
      }
    ]
  }
}

Managing Policies via Dashboard

Policies are configured per-project in the Perf Dashboard:
  1. Navigate to Configure > Policies
  2. Click Create Policy or Apply Template
  3. Configure rules and violation actions
  4. Set priority (lower number = higher priority)
  5. Enable the policy
Multiple policies can be active simultaneously. They are evaluated in priority order.

Plan Limits

TierMax PoliciesPolicy Types
Starter3routing
Pro10routing, content
Growth25routing, content
Team50routing, content
Enterprise1000all types