Silker AISilker AI
Get started

Platform

Data & privacy

The SDK and proxy report sanitized security telemetry over a single internal endpoint. This page documents exactly what leaves your infrastructure - and how it is handled.

No public REST API (yet)

Silker does not expose a public developer REST API. The platform endpoints power the dashboard and the SDK; they are not a stable, documented surface to build against. The only contract your deployment uses is the ingest endpoint below, and the SDK/proxy calls it for you - you should not call it by hand.

Need programmatic access (export, custom integrations)? Contact support@silkerai.com. A scoped API may be offered to eligible accounts in the future.

The ingest contract

The SDK batches events and posts them to /api/ingest with your API key. Requests authenticate via the x-api-key header; the app is resolved from the key.

POST /api/ingest (sent by the SDK)
{
  "events": [
    {
      "type": "request",
      "payload": {
        "endpoint": "/api/users",
        "method": "GET",
        "status_code": 200,
        "response_time": 142,
        "ip": "203.0.113.10",
        "user_agent": "Mozilla/5.0 ...",
        "app_id": "my-app"
      }
    },
    {
      "type": "threat",
      "payload": {
        "type": "SQL Injection",
        "severity": "critical",
        "blocked": true,
        "endpoint": "/api/users",
        "ip": "203.0.113.10",
        "description": "SQLi pattern in query string"
      }
    }
  ]
}

The response returns processing results plus config the SDK applies on the fly:

ingest response
{
  "data": {
    "processed": 2,
    "partial": false,
    "errors": [],
    "bannedIps": [{ "ip": "203.0.113.10", "until": "2026-01-01T00:05:00Z" }],
    "config": { "features": { "ssrfDetection": true } }
  },
  "error": null,
  "status": 200
}

What is sent

  • Request metadata - endpoint, method, status, response time, IP, user agent.
  • Threat events - type, severity, blocked flag, affected endpoint, short description.
  • Context - optionally body/headers/query, capped and truncated (bodies/headers/queries at 64 KB; short fields at 2 KB).

Geo (country/city) is derived server-side from the IP or edge headers - the SDK does not send it.

PII handling & sanitization

Outbound payloads are sanitized before they leave your process. With dataLeakageDetection you can redact, block, or monitor detected PII (emails, phone numbers, credit cards, SSN/PESEL). Oversized fields are truncated rather than sent in full.

Avoid logging secrets into request bodies you forward for inspection. Use maxPayloadSize and a redact strategy to minimize sensitive data in telemetry.

Retention

Telemetry is retained per plan (7 / 30 / 90 days, or indefinite on Enterprise) and then purged automatically. See Plans & limits.

Running without telemetry

Omit the API key (or set cloudCommunication: false) to run in detection-only mode: attacks are still blocked locally, but nothing is sent to the cloud and the dashboard shows no data.