Prompt Firewall — Dashboard

NEW PASSWORD CONFIRM PASSWORD

Everything you need to get the most out of Prompt Firewall.

Getting Started (All Plans)

Welcome! Here is how to protect your AI chatbot in 3 steps.

Step 1 — Find your API key

When you subscribed, we sent an email to your inbox with a key that looks like pf_abc...xyz. Keep this safe — it is your access token.

Step 2 — Test in the Sandbox first

Before writing any code, use the Sandbox panel on your dashboard. Type any message and instantly see BLOCKED or PASSED. Try typing "ignore previous instructions" to see it in action.

Step 3 — Add it to your code

Works with any language that can make HTTP requests. Choose your language below:

Python

import requests def is_safe(user_message): r = requests.post( "https://prompt-firewall-production.up.railway.app/analyze", headers={"X-API-Key": "YOUR-KEY-HERE"}, json={"message": user_message} ) return r.json()["status"] == "PASSED" if is_safe(user_input): reply = ask_your_ai(user_input) else: reply = "I cannot process that request."

JavaScript / Node.js

async function isSafe(userMessage) { const res = await fetch( "https://prompt-firewall-production.up.railway.app/analyze", { method: "POST", headers: { "X-API-Key": "YOUR-KEY-HERE", "Content-Type": "application/json" }, body: JSON.stringify({ message: userMessage }) } ); const data = await res.json(); return data.status === "PASSED"; } if (await isSafe(userInput)) { reply = await askYourAI(userInput); } else { reply = "I cannot process that request."; }

C#

using System.Net.Http; using System.Text; using System.Text.Json; async Task<bool> IsSafe(string userMessage) { var client = new HttpClient(); client.DefaultRequestHeaders.Add("X-API-Key", "YOUR-KEY-HERE"); var body = JsonSerializer.Serialize(new { message = userMessage }); var content = new StringContent(body, Encoding.UTF8, "application/json"); var res = await client.PostAsync( "https://prompt-firewall-production.up.railway.app/analyze", content ); var json = await res.Content.ReadAsStringAsync(); var data = JsonSerializer.Deserialize<JsonElement>(json); return data.GetProperty("status").GetString() == "PASSED"; } if (await IsSafe(userInput)) reply = await AskYourAI(userInput); else reply = "I cannot process that request.";

PHP

Step 4 — Watch your Security Log

Every blocked attack appears in your Security Log. Click the Blocked tab to see attacks, click any row to expand it and see full details including latency, user ID, and the reason it was blocked.

STARTERStarter Plan Guide

You have access to 10,000 request screenings per month and 1 API key.

What you can do

Screen messages with a single API key
View your Security Log — all BLOCKED and PASSED events
See your monthly usage in the dashboard
Set a password to make future logins easier

Reading your Security Log

Click the Blocked tab to see attacks — this is your main view. Click any row to expand it and see the full details including the reason it was blocked. Click Passed to see safe messages that went through.

Running out of requests?

Your usage bar shows how much of your monthly 10,000 requests you have used. When it turns red you are close to the limit. You can enable the Overages toggle in the billing widget to stay live past your limit at $0.50 per 1,000 extra requests. Or upgrade to Pro to get 100,000 requests.

Using the Sandbox

The Sandbox panel lets you test any message instantly without writing code. Type a message, click Test Message, and see whether it would be BLOCKED or PASSED — and exactly why.

PROPro Plan Guide

Everything in Starter plus 100,000 requests, up to 3 API keys, false positive reporting, and Shadow Mode.

Multiple API Keys

If you have more than one chatbot or team member, generate separate keys for each one. Click Generate New Key in the API Keys panel, give it a label like "Production Bot", and share that key with the relevant developer. You can revoke any key instantly if it is ever leaked.

False Positive Reporting

Available on all plans. If the firewall blocks a harmless message, expand the log entry and click Mark as false positive. It moves to your False Positives tab. You can unmark it anytime to move it back to the Blocked list.

Shadow Mode

Enable Shadow Mode in the Settings panel to put the firewall into monitoring-only mode. Attacks are still logged but nothing is blocked. This is useful when you are testing new rules or onboarding a new chatbot and want to observe without disrupting users.

API Key Labels in the Log

Each log entry shows which API key was used. This helps you see if attacks are targeting a specific app or environment.

BUSINESSBusiness Plan Guide

Everything in Pro plus unlimited requests, unlimited API keys, and full team management.

Unlimited Keys for Your Team

Generate as many API keys as you need — one per developer, one per product, one per environment. Each key has its own label and can be revoked individually without affecting the others.

Tracking Which App Is Under Attack

Because each key has a label, your Security Log will show you exactly which product or environment is being targeted. If your mobile app key is getting hit with SQL injection but your web app is fine, you will see that immediately.

User Identification

Pass a user_id field in your API request to track which of your end users is repeatedly attempting attacks:

json={"message": user_input, "user_id": "user_12345"}

This appears in your log so you can identify and ban repeat attackers.

Target Model Tracking

Pass a target_model field to track which AI model the prompt was heading toward:

json={"message": user_input, "target_model": "gpt-4o"}

Common Questions

What happens if I go over my request limit?

Requests over the limit return a 429 error. We email you before you hit the limit so you have time to upgrade.

My key stopped working — what happened?

Either your account was cancelled, your key was revoked (by you or an admin), or your subscription lapsed. Email info@invenova.tech for help.

The firewall blocked a message it shouldn't have

Click the row in your Security Log, expand it, and click Mark as false positive. This moves it to your False Positives tab. You can unmark it anytime to move it back to the Blocked list.

Can I use this with any AI model?

Yes — Prompt Firewall works with GPT-4, Claude, Gemini, Llama, or any other model. It is completely model-agnostic.

Need more help? Email info@invenova.tech →