Calling the Chat API

Guardrail Layer’s Chat API allows you to safely query production data using an API token instead of a user session.

Authentication

All API requests are authenticated using a Bearer token generated from the API Tokens settings page. 

Authorization: Bearer grl_live_XXXXXXXXXXXXXXXX
Important:

API tokens inherit permissions from their assigned role. All guardrails, redaction rules, and enforcement apply automatically.

Chat Endpoint

The Chat API uses the same endpoint as the web app: 

POST /chat

The request body contains a natural language question and a database connection ID. Which can be retrieved from the Connections tab.

Example: cURL 

curl -X POST "https://api.guardraillayer.com/chat" \
  -H "Authorization: Bearer grl_live_XXXXXXXXXXXXXXXX" \
  -H "Content-Type: application/json" \
  -d '{
    "connectionId": "your-connection-id",
    "question": "What is the latest job?"
  }'

Response Format

A successful response includes:

  • summary — natural language answer
  • rows — query results (redacted if needed)
  • rowCount — number of rows returned
  • visualization — optional chart metadata
{
  "summary": "The latest job was created on January 8, 2026.",
  "rowCount": 1,
  "rows": [ { "...": "..." } ],
  "visualization": { "shouldChart": false }
}

Guardrails & Enforcement

Every API request is enforced at query-time. This includes:

✓ Role-based table and column access
✓ Automatic redaction of sensitive fields
✓ Full audit logging of attempted vs allowed access

There is no “API bypass.” The same guardrails apply everywhere.

Scroll to Top