Nyoxis API
Nyoxis is an AI-powered HTTP request threat detection API. Send normalized request data to /v0/predict and receive a structured verdict — risk score, attack classification, and IP/session reputation — in a single round trip.
No agents. No infra changes. No SDK required.
How it works
- Capture request context — collect the HTTP method, path, query string, headers, and body for each incoming request in your application.
- POST to
/v0/predict— forward that context to the Nyoxis API, authenticated with your workspace API key. - Act on the verdict — receive a
risklevel, a list of detectedattacks, and reputation signals. Block, rate-limit, flag, or log — the decision is yours.
What the model detects
The classifier scores every request across multiple attack categories and returns the top matches with per-class confidence scores.
| Attack kind | Description |
|---|---|
sql_injection | SQL keywords and syntax embedded in parameters or body |
path_traversal | Directory traversal sequences (../, %2e%2e) |
rce | Remote code execution patterns |
xss | Cross-site scripting payloads |
open_redirect | Redirect parameter manipulation |
ssrf | Server-side request forgery |
xxe | XML External Entity injection |
command_injection | Shell command injection sequences |
ldap_injection | LDAP query manipulation |
nosql_injection | NoSQL operator injection (e.g. MongoDB) |
The response always includes a top-level risk field (none · low · medium · high) and a risk_score (0.0 – 1.0) for programmatic thresholds.
Data privacy
Before any inference, the pipeline:
- Redacts sensitive values (passwords, tokens, API keys, OTP codes) from query strings, request bodies, and headers — replacing them with
<redacted>. - Normalizes dynamic values (integers, floats, UUIDs, booleans) to canonical tokens to improve pattern-matching accuracy.
- Filters headers — only
content-typeandacceptare retained in the stored pattern.
Your raw payload values are never stored.
Next steps
- Quickstart — make your first API call in under 5 minutes.
- API Reference — full request/response schema, status codes, and error formats.