Language Support

The Layerup Security SDK is currently available for JavaScript and Python. We also offer an adjacent API that can achieve the same as the SDK for other languages.

Throughout the SDK documentation, you can view the cURL tab on code snippets to understand how to make the same call using the Layerup Security API.

Installation

npm install @layerup/layerup-security

API Key

Grab your API key from our dashboard and add it to your project environment as LAYERUP_API_KEY.

Import and Configure

const { LayerupSecurity } = require("@layerup/layerup-security");
const layerup = new LayerupSecurity({ apiKey: process.env.LAYERUP_API_KEY });

Metadata

You can specify metadata to be sent with your request for all endpoints. The metadata object and each of its attributes are optional, but specifying metadata will help Layerup identify and thwart LLM threats with more precision.

{
  "customer": "email@example.com",
  "scope": "layerup.project.feature",
  "abuse_config": {
    "project_rpm": 600,
    "customer_rpm": 60,
    "scope_rpm": 300,
    "customer_scope_rpm": 30
  }
}

Fields

customer
string

Specify a customer ID string in order to attribute an LLM call to a specific user. This can be any arbitrary string, such as a user ID, email address, IP address, etc.

Note: this field is required for any query to detect customer-level or customer-scope level abuse.

scope
string

Specify a scope string in order to attribute an LLM call to a specific scope. This is often useful when trying to identify where an LLM originated from, or for flagging specific LLM call features. This can be any arbitrary string, but we recommend following the fully-qualified-name (FQN) convention.

Note: this field is required for any query to detect scope-level or customer-scope-level abuse.

abuse_config
object

Specify an abuse configuration for detecting project-wide abuse. Abuse can be measured on 4 levels: (1) project level, (2) customer level, (3) scope level, (4) customer-scope level.

Abuse is measured based on requests per minute (RPM). Upon configuring abuse thresholds in the abuse configuration, the layerup.abuse guardrail will compare requests per minute to the specified thresholds, and if exceeded, will mark an LLM call as unsafe.

project_rpm - if a project-level threshold is set, then all requests to the project will be measured. If the project’s RPM exceeds the given threshold, the LLM call will be marked as unsafe.

customer_rpm - if a customer-level threshold is set, then all requests made by the customer will be measured for a given project. If the customer’s RPM exceeds the given threshold, the LLM call will be marked as unsafe.

scope_rpm - if a scope-level threshold is set, then all requests made for the scope will be measured for a given project. If the scope’s RPM exceeds the given threshold (regardless of customer), the LLM call will be marked as unsafe.

customer_scope_rpm - if a customer-scope-level threshold is set, then all requests made by the customer for a given scope will be measured for a project. If the customer’s RPM exceeds the given threshold for the given scope, the LLM call will be marked as unsafe.

QuickstartExecute Guardrails