Aegis API

Get a Free API Key

10 requests per day. No credit card required.

Need more? View pricing for higher limits and credit packs.

Base URL

https://se-decoder-api.joshua-j-taylor.workers.dev

Authentication

Include your API key as a Bearer token in the Authorization header:

Authorization: Bearer sed_your_api_key_here

Unauthenticated requests from the web tool are limited to 3/day per IP. Authenticated requests get tier-based limits.

POST /api/analyze

Analyze a suspicious message for social engineering tactics.

Request Body

{
  "message": "string (max 10,000 chars)",
  "messageType": "auto | email | sms | voice_transcript | chat_message | social_media | website_copy"
}

Examples

curl -X POST https://se-decoder-api.joshua-j-taylor.workers.dev/api/analyze \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer sed_your_api_key_here" \
  -d '{
    "message": "Your account has been suspended. Click here to verify: https://example.com/verify",
    "messageType": "email"
  }'

import requests

response = requests.post(
    "https://se-decoder-api.joshua-j-taylor.workers.dev/api/analyze",
    headers={
        "Content-Type": "application/json",
        "Authorization": "Bearer sed_your_api_key_here"
    },
    json={
        "message": "Your account has been suspended. Click here to verify.",
        "messageType": "email"
    }
)

result = response.json()
print(f"Risk: {result['verdict']['risk_level']}")
print(f"Summary: {result['verdict']['summary']}")

const response = await fetch(
  "https://se-decoder-api.joshua-j-taylor.workers.dev/api/analyze",
  {
    method: "POST",
    headers: {
      "Content-Type": "application/json",
      "Authorization": "Bearer sed_your_api_key_here"
    },
    body: JSON.stringify({
      message: "Your account has been suspended. Click here to verify.",
      messageType: "email"
    })
  }
);

const result = await response.json();
console.log(`Risk: ${result.verdict.risk_level}`);
console.log(`Summary: ${result.verdict.summary}`);

Response (200)

{
  "meta": {
    "input_type": "email",
    "language": "en",
    "word_count": 142
  },
  "verdict": {
    "risk_level": "critical | high | medium | low | benign",
    "summary": "One-sentence plain language summary (max 280 chars)",
    "rationale": "Why this risk level was assigned"
  },
  "cialdini": [
    {
      "principle": "authority",
      "present": true,
      "evidence": "Claims to be from account security team",
      "strength": "strong | moderate | weak"
    }
  ],
  "cognitive_biases": [
    {
      "bias": "loss aversion",
      "explanation": "Threatens account suspension to motivate action"
    }
  ],
  "mitre_attack": [
    {
      "technique_id": "T1566.002",
      "technique_name": "Spearphishing Link",
      "tactic": "Initial Access",
      "relevance": "Contains a deceptive URL"
    }
  ],
  "attacker_goal": {
    "primary_goal": "credential_harvest",
    "target_asset": "Account credentials",
    "kill_chain_phase": "delivery"
  },
  "action_plan": {
    "do_now": ["Do not click any links in this message"],
    "do_not": ["Do not enter credentials on any linked page"],
    "report_to": "Forward to your IT security team",
    "verification_steps": ["Log in directly at the official website"]
  },
  "indicators": {
    "urls": ["https://example.com/verify"],
    "domains": ["example.com"],
    "sender_info": "[email protected]",
    "mentioned_orgs": ["Example Corp"],
    "lure_type": "account_verification"
  },
  "confidence": {
    "score": 0.92,
    "caveats": []
  },
  "_submission_id": 42
}

Error Responses

POST /api/feedback

Submit quality feedback on an analysis.

{
  "submission_id": 42,
  "rating": 1,
  "text": "Optional correction or comment"
}

rating: 1 (thumbs up) or -1 (thumbs down). Returns {"ok": true}.

GET /api/credits

Check remaining credits for an API key.

GET /api/credits?key=sed_your_api_key_here

Returns:

{ "tier": "paid", "credits_remaining": 47 }

Rate Limits

Rate limit responses (429) include daily_limit and daily_used fields.