Scans
Conceptual documentation for the `/v1/scans` endpoint — how scans work, how the `tier` option selects a detector, and how to act on the returned decision.
A scan is a single POST /v1/scans call against an LLM input or
output. The backend runs the configured detectors (prompt injection,
PII, toxicity, policy), evaluates the active policy, and returns an
allow / warn / flag / block decision your application can act
on. The same surface is exposed in SaaS at https://api.sonnylabs.ai
and in self-hosted deployments.
This section covers the conceptual pieces of /v1/scans that do not
fit cleanly into the REST reference or an SDK quickstart.
verify_webhook
Constant-time HMAC-SHA256 verification for inbound Sonny Labs webhook deliveries, plus the tolerance and clock-injection knobs.
Scan tiers
How the `tier` option on POST /v1/scans selects the prompt-injection model — when to use `fast`, `accurate`, or `auto`, and what each tier maps to today.