Appearance
API Overview
Base URL for the hosted instance: https://demo.questa-ai.online
Authentication
| Deployment | Method | Header |
|---|---|---|
| Hosted demo | Evaluation API token | Authorization: Bearer <token> |
| Self-hosted (production) | Commercial license key | None required |
Endpoints
| Method | Path | Description |
|---|---|---|
GET | / | Welcome message |
GET | /health | Health check |
POST | /anonymize/text | Anonymize plain text (synchronous) |
POST | /anonymize/pdf | Anonymize PDF (async) |
POST | /anonymize/docx | Anonymize Word document (async) |
POST | /anonymize/csv | Anonymize CSV (async) |
POST | /anonymize/excel | Anonymize Excel file (async) |
GET | /anonymize/status/{job_id} | Poll job status and retrieve result |
GET | /anonymize/entities | List detectable entity types |
Try any of these live (desktop). The API Playground docked on the right lets you set your API key once and pick any endpoint from the dropdown — and copy the equivalent cURL for any request. Collapse it with the arrow; reopen it from the Playground tab on the edge. (On mobile, use the cURL and code samples below.)
Content Types
| Endpoint | Content-Type |
|---|---|
POST /anonymize/text | application/json |
POST /anonymize/{type} | multipart/form-data |
GET /anonymize/status/{job_id} | — |
GET /anonymize/entities | — |
Common Parameters
| Parameter | Type | Location | Required | Description |
|---|---|---|---|---|
text | string | JSON body | Yes (text) | Text to anonymize |
entities | string | Body/Form | No | Comma-separated entity type names |
start_index | int | Body/Form | No | Starting placeholder index (default: 0) |
custom_entities | array/string | Body/Form | No | Custom entity definitions |
file | file | Form | Yes (file) | File to anonymize |
job_id | string | Path | Yes (status) | Job ID from file upload |
CORS
The hosted API sets Access-Control-Allow-Origin: * and allows all methods and headers, so browser-based requests work from any domain. Self-hosted instances are configured the same way by default — see the Self-Hosting guide to restrict CORS for production.
Standard Response Codes
| Code | Description |
|---|---|
200 | Success (text anonymization) |
202 | Accepted (file processing started) |
400 | Bad request |
401 | Unauthorized |
403 | Evaluation request limit reached |
404 | Job not found |
429 | Rate limit exceeded |
500 | Internal server error |