API quickstart

One endpoint to check risky inputs.

Send text, images, PDFs, documents, OCR output, or extracted content to POST /v1/scan. Mighty returns an allow, review, or block action before people, AI tools, OCR, or automation rely on the material.

Start with curl View fields

Fast test path/v1/scan

Send one payload

JSON text, multipart file, or raw binary.

Set workflow context

Mark the scan as input, output, or workflow-specific material.

Read the route

Use action, risk score, signals, and scan_id in your app.

allow

review

block

Copy this first

A test integration is one POST.

Put Mighty before the workflow step that reads customer material. Start with one file or text blob, then wire the returned action into your existing review path.

file

scan

route

Endpoint

/v1/scan

Payloads

JSON, multipart, binary

Result

allow, review, block

curl -X POST https://gateway.trymighty.ai/v1/scan \
  -H "X-API-Key: $MIGHTY_API_KEY" \
  -F "file=@claim-packet.pdf" \
  -F "scan_phase=input" \
  -F "mode=secure"

Use first

Run against one real intake flow before changing downstream automation.

Read first

The response includes action, risk score, signals, scan_id, and detected content type when available.

Authentication

Send API keys with X-API-Key. Bearer tokens using the mc_ key format are also accepted by the gateway.

Base URL for this environment

https://gateway.trymighty.ai

JSON text scan

Use this when the workflow already has text or OCR output.

curl -X POST https://gateway.trymighty.ai/v1/scan \
  -H "X-API-Key: $MIGHTY_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "content": "Text or OCR output to inspect",
    "content_type": "text",
    "scan_phase": "input",
    "mode": "secure",
    "profile": "balanced"
  }'

Multipart file scan

Use this for PDFs, images, and office documents from intake.

curl -X POST https://gateway.trymighty.ai/v1/scan \
  -H "X-API-Key: $MIGHTY_API_KEY" \
  -F "file=@claim-packet.pdf" \
  -F "scan_phase=input" \
  -F "content_type=pdf" \
  -F "mode=secure"

Raw binary scan

Use this when you stream an image or PDF body directly.

curl -X POST "https://gateway.trymighty.ai/v1/scan?content_type=image&scan_phase=input&mode=secure" \
  -H "X-API-Key: $MIGHTY_API_KEY" \
  -H "Content-Type: image/jpeg" \
  --data-binary "@damage-photo.jpg"

Request fields

JSON, multipart form data, and raw binary uploads all route through the same scan endpoint. Raw binary scans pass options as query parameters.

content

Required for JSON text scans. For multipart scans use file or content.

file

Multipart file field for PDFs, images, and documents.

scan_phase

Required. Use input for submitted material or output for generated/extracted output.

content_type

Optional. auto, text, image, pdf, or document. Defaults to auto.

mode

Optional. fast, secure, comprehensive, or auto. Defaults to secure.

analysis_mode

Legacy alias for mode. Accepted for older clients.

profile

Optional. Defaults to balanced. Supports profiles such as strict, balanced, permissive, code_assistant, and ai_safety.

data_sensitivity

Optional. standard, tolerant, or strict. Defaults to standard.

context

Optional workflow context string, for example insurance_claim_intake, repair_estimate_review, damage_photo_review, logistics_pod_review, construction_change_order, or ocr_output_review.

original_prompt

Optional original prompt when scanning model output.

metadata

Optional JSON object for your correlation metadata.

session_id

Optional stable session identifier.

scan_group_id

Required when scan_phase=output. Must be a UUID when supplied.

request_id

Optional UUID. Generated if omitted.

async

Optional boolean. Requires mode=comprehensive and image or pdf content.

webhook_url

Optional. Requires async=true.

ocr_engine

Optional. Current supported value is paddle.

stop_on_first_threat

Optional boolean for early stop behavior.

defer_enhance

Optional boolean. Supported with secure mode.

Response fields

Responses vary by content type, mode, and whether the scan is synchronous or asynchronous.

action

Recommended workflow action such as allow, review, or block.

risk_score

Numeric risk score returned by the scanner.

risk_level

Risk level label when included by the scanner.

threats

Detected categories or signals for the submitted material.

extracted_text

Text extracted from supported files when available.

content_type_detected

Detected input type such as text, image, PDF, or document.

scan_id

Identifier for correlating scan results and logs.

scan_group_id

Group identifier used to connect input and output scans.

scan_status

Status for asynchronous or staged scans when returned.

processing_ms

Processing time reported by the gateway when available.

page_results

Per-page document results when returned for PDFs/documents.

redacted_output

Redacted output when the scanner returns a sanitized version.