Skip to main content

Quick Start

Policies are configured through the Oximy Dashboard. Configure policies in two simple steps:
1

Choose Guardrails

Select which protections to enable (prompt injection, data leakage, jailbreak prevention, content moderation)
2

Set Enforcement

Choose BLOCK or WARN for each guardrail

Enforcement Levels

Choose how policies respond to violations:

BLOCK

Stops requests with violations before they reach the model. Returns an error and logs the violation.

WARN

Allows requests but logs violations. Content is sanitized before proceeding.

Common Configurations

Start with these templates and customize as needed:
  • Customer-Facing API
  • Internal Tool
  • Development
Protect public-facing applications with strict enforcement:
{
  "name": "Customer API Policy",
  "guardrails": ["all"],
  "enforcement": {
    "prompt_injection": "BLOCK",
    "data_leakage": "BLOCK",
    "jailbreak": "BLOCK",
    "content_moderation": "WARN"
  }
}
Key Features:
  • Blocks all critical threats
  • Warns on content violations for monitoring
  • Maximum protection for public APIs

Compliance Templates

Pre-configured policies for common regulations:

HIPAA

  • PHI detection (SSN, medical records, DOB) - Medical content moderation - BLOCK enforcement - Comprehensive audit logging

PCI DSS

  • Payment card data detection - CVV and expiration protection - BLOCK enforcement for card data
  • Transaction logging

GDPR

  • EU personal data protection - Data minimization rules - WARN enforcement with logging - Right to deletion support

Advanced Configuration

Custom Patterns

Add organization-specific detection rules: 
{
	"custom_patterns": [
		{
			"name": "employee_id",
			"pattern": "EMP\\d{6}",
			"placeholder": "[EMPLOYEE_ID]",
			"enforcement": "BLOCK"
		},
		{
			"name": "customer_account",
			"pattern": "CUST-[A-Z0-9]{8}",
			"placeholder": "[CUSTOMER_ACCOUNT]",
			"enforcement": "WARN"
		}
	]
}

Environment-Specific Settings

Different rules for different environments: 
{
	"production": {
		"enforcement": "BLOCK",
		"alerting": "immediate"
	},
	"staging": {
		"enforcement": "WARN",
		"alerting": "daily_summary"
	},
	"development": {
		"enforcement": "WARN",
		"alerting": "none"
	}
}

Testing & Monitoring

Test Your Policy

Test policies before deploying to production: 
curl -X POST https://gateway.oximy.com/v1/test \
  -H "x-oximy-api-key: oxi-test-YOUR_KEY" \
  -H "x-oximy-project-id: test-project" \
  -d '{"prompt": "Test prompt with [email protected]"}'
Check response headers:
  • x-oximy-violations: Number of violations detected
  • x-oximy-guardrails-status: Processing status
  • x-oximy-blocked-patterns: What was detected

Shadow Mode

Run policies in monitoring mode without enforcement:
  1. Set enforcement to WARN
  2. Monitor for false positives
  3. Analyze violation patterns
  4. Gradually increase enforcement to BLOCK

Key Metrics

Track policy effectiveness in the dashboard:
  • Detection: Violations by category, false positive rate
  • Enforcement: Blocked vs warned requests
  • Performance: Processing latency, throughput impact

Best Practices

Policy Design

  • Start strict, relax gradually - Use compliance templates as starting points - Document policy decisions - Version control all changes

Deployment

  • Test thoroughly in staging - Deploy gradually (start with small percentage) - Monitor closely for first 24 hours - Have a rollback plan ready

Next Steps

Gateway Projects

Assign policies to Gateway projects