Documentation Index Fetch the complete documentation index at: https://pasteguard.com/docs/llms.txt
Use this file to discover all available pages before exploring further.
Standalone endpoint for masking PII and secrets in text. Use this endpoint when you need to mask text independently of LLM provider proxies.
Use Cases
Browser extensions that need to mask clipboard content before pasting
CLI tools that pre-process prompts
Custom integrations that handle their own LLM communication
Multi-turn conversations where you need to maintain placeholder numbering
Request curl -X POST http://localhost:3000/api/mask \ -H "Content-Type: application/json" \ -d '{ "text": "Contact john@example.com or call 555-1234" }'
Parameters Parameter Type Required Description textstring Yes Text to scan and mask languagestring No Language code for PII detection (auto-detected if not provided) startFromobject No Counter values to continue numbering from previous calls detectarray No What to detect: ["pii"], ["secrets"], or ["pii", "secrets"] (default: both)
Response { "masked" : "Contact [[EMAIL_ADDRESS_1]] or call [[PHONE_NUMBER_1]]" , "context" : { "[[EMAIL_ADDRESS_1]]" : "john@example.com" , "[[PHONE_NUMBER_1]]" : "555-1234" }, "counters" : { "EMAIL_ADDRESS" : 1 , "PHONE_NUMBER" : 1 }, "entities" : [ { "type" : "EMAIL_ADDRESS" , "placeholder" : "[[EMAIL_ADDRESS_1]]" }, { "type" : "PHONE_NUMBER" , "placeholder" : "[[PHONE_NUMBER_1]]" } ], "language" : "en" , "languageFallback" : false }
Field Description maskedText with PII/secrets replaced by placeholders contextMapping of placeholder to original value (for client-side unmasking) countersFinal counter values per entity type entitiesList of detected entities with their placeholders languageLanguage used for PII detection languageFallbackWhether the configured fallback language was used (auto-detection failed)
Detection Options Control what gets detected using the detect parameter:
PII Only
Secrets Only
Both (Default)
curl -X POST http://localhost:3000/api/mask \ -H "Content-Type: application/json" \ -d '{ "text": "Email john@example.com", "detect": ["pii"] }'
Multi-Turn Support For conversations spanning multiple requests, use the counters from the response as startFrom in the next request to maintain consistent numbering:
First request: curl -X POST http://localhost:3000/api/mask \ -H "Content-Type: application/json" \ -d '{ "text": "Contact john@example.com" }'
Response:
{ "masked" : "Contact [[EMAIL_ADDRESS_1]]" , "counters" : { "EMAIL_ADDRESS" : 1 }, ... }
Second request (continue numbering): curl -X POST http://localhost:3000/api/mask \ -H "Content-Type: application/json" \ -d '{ "text": "Also reach out to jane@example.com", "startFrom": { "EMAIL_ADDRESS": 1 } }'
Response:
{ "masked" : "Also reach out to [[EMAIL_ADDRESS_2]]" , "counters" : { "EMAIL_ADDRESS" : 2 }, ... }
Client-Side Unmasking The context field provides a mapping for unmasking responses on the client side:
function unmask ( text , context ) { let result = text ; for ( const [ placeholder , original ] of Object . entries ( context )) { result = result . replaceAll ( placeholder , original ); } return result ; } // Usage const response = await fetch ( '/api/mask' , { method: 'POST' , headers: { 'Content-Type' : 'application/json' }, body: JSON . stringify ({ text: 'Email john@example.com' }) }); const { masked , context } = await response . json (); // Later, unmask an LLM response const llmResponse = "I'll contact [[EMAIL_ADDRESS_1]] right away." ; const unmasked = unmask ( llmResponse , context ); // "I'll contact john@example.com right away."
Error Responses Validation Error (400) { "error" : { "message" : "Invalid request" , "type" : "validation_error" , "details" : [ { "path" : "text" , "message" : "text is required" } ] } }
Detection Error (503) Returned when Presidio or secrets detection is unavailable:
{ "error" : { "message" : "PII detection failed" , "type" : "detection_error" , "details" : [ { "message" : "Failed to connect to Presidio..." } ] } }
