Confirm Token

When a scan returns a yellow tier result, a confirmation token is provided. Use this endpoint for human-in-the-loop approval — a human reviews the flagged content and explicitly approves it.

POST

/v1/confirm/:tokenId

Consume a yellow-tier confirmation token after human review.

Path Parameters

Parameter	Type	Required	Description
`tokenId`	string	Yes	The token_id from the scan result

Success Response

200 OK

{
  "confirmed": true,
  "sanitized_prompt": "Tell me about [CULTURAL_REFERENCE]"
}

Failure Response

404 Not Found

{
  "confirmed": false,
  "error": "Token is invalid, expired, or already consumed"
}

Example Flow

cURL

curl -X POST https://indigiarmor.com/v1/confirm/tok_abc123 \
  -H "Authorization: Bearer ia_sk_..." \
  -H "Content-Type: application/json"

SDK

// 1. Scan returns yellow tier
const result = await armor.scan(userPrompt);

if (result.action === 'flag' && result.token_id) {
  // 2. Show user the explanation and ask for approval
  const approved = await showApprovalDialog(result.explanation);

  if (approved) {
    // 3. Confirm the token
    const confirmation = await armor.confirm(result.token_id);

    if (confirmation.confirmed) {
      // 4. Proceed with sanitized prompt
      await sendToLLM(confirmation.sanitized_prompt);
    }
  }
}

Token Behavior

Tokens are single-use — once confirmed, they cannot be reused.

Tokens expire after a configurable period (default: 15 minutes).

Only yellow-tier scans generate tokens. Green and red tiers do not.