Test Console
The PII Firewall Test Console lets you run live API calls directly in your browser — no code required. Use it to explore endpoints, test with your own text, and generate code samples.
Overview
The console is divided into three areas:
| Area | Description |
|---|---|
| Left sidebar | Select an API endpoint or load a preset test scenario |
| Center pane | Edit the request body and view the response side-by-side |
| Session stats | Live counters for requests sent, PII detected, and injections blocked |
API Endpoints
POST /mask
Detects and masks PII in a text string. Returns a masked version and a tokenMap for restoring original values later.
When to use: Before sending user input to an AI model.
POST /detect
Scans text and returns the location and type of each PII found, without modifying the text.
When to use: Auditing or logging — when you need to know what PII is present without masking.
POST /detect-injection
Scans text for prompt injection and jailbreak patterns.
When to use: Validating untrusted input (user messages, incoming emails) before passing to an AI.
Full Pipeline
Runs mask → AI call → restore in a single flow to demonstrate the complete protection lifecycle.
When to use: Understanding the end-to-end integration pattern.
Test Scenarios
Use the preset scenarios in the sidebar to quickly load example payloads:
| Scenario | What it tests |
|---|---|
| Email + Phone | Basic contact information masking |
| Credit Card | Financial PII detection |
| Medical Record | Healthcare data masking |
| Injection Attack | Prompt injection detection |
Code Samples
Switch to the Code Sample tab in the console to get auto-generated code in:
curl- Node.js (fetch)
- Python (requests)
The code sample updates in real time as you edit the request body.
Authentication
To use the console with your own API key:
- Click the key icon in the top-right toolbar
- Enter your API key (
pf_live_...) - All subsequent requests will be authenticated
Without an API key, the console runs in sandbox mode against a demo endpoint with limited functionality.
Session Stats
The sidebar tracks your activity for the current browser session:
| Stat | Description |
|---|---|
| Requests | Total API calls made |
| PII Detected | Cumulative count of PII items found |
| Injections | Number of injection attempts detected |
| Avg Latency | Average API response time in ms |
Custom Dictionary
The Dictionary tab lets you register business-specific keywords, project codes, or internal terminology as custom PII. Registered keywords are automatically applied when sending /mask requests.
Setting Up a Dictionary
Open the Dictionary tab and enter keywords or regex patterns in JSON format:
[
{ "label": "PROJECT_CODE", "pattern": "Project Alpha" },
{ "label": "CONFIDENTIAL", "pattern": "confidential" },
{ "label": "PJ_CODE", "pattern": "PJ-[A-Z]{2,4}-\\d{4}" }
]| Field | Description |
|---|---|
label | Token name shown after masking (e.g., [PROJECT_CODE_1]) |
pattern | Exact string or regular expression pattern |
Enabling / Disabling
- Toggle the switch at the top of the Dictionary tab to ON — the dictionary applies from the next request onward
- Toggling ON auto-saves the editor content (no need to click "Save" manually)
- If the JSON is invalid, an error is shown and the toggle stays OFF
- When active, a "🔑 N entries applied" indicator appears in the Request Body area
Verification Demo
- Use the default text (which includes example project keywords)
- Open the Dictionary tab → enter your custom patterns → toggle ON
- Return to the Request tab and click Send Request — confirm your keywords are now masked
Tip: With Dictionary OFF, standard PII (name, email, phone) is masked but custom keywords remain. Toggle ON to see all custom terms masked — a clear before/after comparison.
Storage
Dictionary data is stored in the browser's localStorage — it is never sent to any server. Your dictionary persists across browser sessions.
Next Steps
- REST API Reference — full endpoint documentation
- SDK (Node.js) — integrate into your application