Quickstart
Make your first prediction in under 5 minutes using nothing but curl.
Begin in observation-only mode. Do not block requests yet and do not make
your application wait on /v0/predict in the critical response path. Review
detections in the dashboard first, then enforce gradually once confidence is
high. Label detected request patterns in the dashboard to improve model
detection quality and accuracy over time.
Prerequisites
- A Nyoxis account — sign up free
- A workspace API key — create one in the console
1 · Send a request
Replace <YOUR_API_KEY> with your workspace token and run:
curl -s -X POST "https://api.nyoxis.com/v0/predict?api_key=<YOUR_API_KEY>" \
-H "Content-Type: application/json" \
-d '{
"method": "GET",
"path": "/product"
}'The minimum required fields are method and path. The more context you provide, the better the verdict.
2 · Read the response
A clean request returns a 200 or 201 with a JSON body like this:
{
"is_cached": false,
"prediction": {
"evaluator": {
"kind": "http_classifier",
"identifier": "v0.0.4-alpha"
},
"suspicious": { "value": false, "confidence": 0.04 },
"attacks": [],
"risk": "none",
"risk_score": 0.04
}
}| Field | What it means |
|---|---|
is_cached | true if this result came from the request-pattern cache |
suspicious.value | true if the model considers this request a threat |
suspicious.confidence | Model confidence in that decision (0.0 – 1.0) |
attacks | List of detected attack categories with per-class confidence |
risk | Aggregated risk level: none · low · medium · high |
risk_score | Numeric severity score (0.0 – 1.0) |
3 · Try a suspicious request
Send a path that contains a SQL injection attempt:
curl -s -X POST "https://api.nyoxis.com/v0/predict?api_key=<YOUR_API_KEY>" \
-H "Content-Type: application/json" \
-d '{
"method": "GET",
"path": "/users",
"query": "id=1 UNION SELECT username,password FROM users--"
}'Expected response:
{
"is_cached": false,
"prediction": {
"evaluator": { "kind": "http_classifier", "identifier": "v0.0.4-alpha" },
"suspicious": { "value": true, "confidence": 0.97 },
"attacks": [{ "kind": "sql_injection", "confidence": 0.96 }],
"risk": "high",
"risk_score": 0.96
}
}4 · Add fingerprint context for session reputation
Pass ip_addr plus user-agent and accept-language to unlock session reputation tracking:
curl -s -X POST "https://api.nyoxis.com/v0/predict?api_key=<YOUR_API_KEY>" \
-H "Content-Type: application/json" \
-d '{
"method": "POST",
"path": "/login",
"headers": {
"user-agent": "Mozilla/5.0",
"accept-language": "en-US,en;q=0.9"
},
"ip_addr": "203.0.113.42",
"body": "username=admin&password=secret"
}'The response will include ip_reputation and session_reputation objects with risk and ban information. Session reputation is fingerprint-based (ip_addr + user-agent + accept-language).
Next steps
- API Reference — complete schema, all fields, status codes, and error formats.