> ## Documentation Index
> Fetch the complete documentation index at: https://docs.promptguard.co/llms.txt
> Use this file to discover all available pages before exploring further.

# Apply Overlay Endpoint

> Promote the overlay to active as a new version for the key's scope.



## OpenAPI

````yaml /api-reference/openapi-developer.json post /api/v1/overlays/apply
openapi: 3.1.0
info:
  title: PromptGuard Developer API
  description: >-
    Public API for developers to integrate PromptGuard security into their
    applications
  version: 1.0.0
servers:
  - url: https://api.promptguard.co
    description: Production
security:
  - ApiKeyAuth: []
paths:
  /api/v1/overlays/apply:
    post:
      tags:
        - overlays
      summary: Apply Overlay Endpoint
      description: Promote the overlay to active as a new version for the key's scope.
      operationId: apply_overlay_endpoint_api_v1_overlays_apply_post
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/OverlayApplyRequest'
        required: true
      responses:
        '200':
          description: Successful Response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/OverlayOut'
        '422':
          description: Validation Error
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/HTTPValidationError'
components:
  schemas:
    OverlayApplyRequest:
      properties:
        name:
          type: string
          maxLength: 120
          minLength: 1
          title: Name
        delta:
          $ref: '#/components/schemas/OverlayDelta'
        project_id:
          anyOf:
            - type: string
            - type: 'null'
          title: Project Id
        acknowledge_loosening:
          type: boolean
          title: Acknowledge Loosening
          default: false
      type: object
      required:
        - name
        - delta
      title: OverlayApplyRequest
    OverlayOut:
      properties:
        id:
          type: string
          title: Id
        name:
          type: string
          title: Name
        version:
          type: integer
          title: Version
        status:
          type: string
          title: Status
        project_id:
          anyOf:
            - type: string
            - type: 'null'
          title: Project Id
        warnings:
          items:
            $ref: '#/components/schemas/OverlayWarningOut'
          type: array
          title: Warnings
      type: object
      required:
        - id
        - name
        - version
        - status
        - project_id
        - warnings
      title: OverlayOut
    HTTPValidationError:
      properties:
        detail:
          items:
            $ref: '#/components/schemas/ValidationError'
          type: array
          title: Detail
      type: object
      title: HTTPValidationError
    OverlayDelta:
      properties:
        detection_levels:
          additionalProperties:
            type: string
            enum:
              - strict
              - moderate
              - permissive
          type: object
          title: Detection Levels
        toxicity_threshold:
          anyOf:
            - type: number
              maximum: 1
              minimum: 0
            - type: 'null'
          title: Toxicity Threshold
        add_custom_patterns:
          items:
            type: string
          type: array
          title: Add Custom Patterns
        add_blocked_domains:
          items:
            type: string
          type: array
          title: Add Blocked Domains
        guardrails:
          additionalProperties:
            $ref: '#/components/schemas/GuardrailDelta'
          type: object
          title: Guardrails
      type: object
      title: OverlayDelta
      description: >-
        Additive deltas over a base policy config.


        Everything here is meant to *tighten*. Loosening ops (raising a
        threshold,

        dropping a detection level toward permissive, disabling a guardrail) are

        permitted to be expressed but are flagged as warnings in the diff.
    OverlayWarningOut:
      properties:
        kind:
          type: string
          title: Kind
        field:
          type: string
          title: Field
        message:
          type: string
          title: Message
        severity:
          type: string
          enum:
            - warning
            - critical
          title: Severity
      type: object
      required:
        - kind
        - field
        - message
        - severity
      title: OverlayWarningOut
    ValidationError:
      properties:
        loc:
          items:
            anyOf:
              - type: string
              - type: integer
          type: array
          title: Location
        msg:
          type: string
          title: Message
        type:
          type: string
          title: Error Type
        input:
          title: Input
        ctx:
          type: object
          title: Context
      type: object
      required:
        - loc
        - msg
        - type
      title: ValidationError
    GuardrailDelta:
      properties:
        enabled:
          anyOf:
            - type: boolean
            - type: 'null'
          title: Enabled
        level:
          anyOf:
            - type: string
              enum:
                - strict
                - moderate
                - permissive
            - type: 'null'
          title: Level
        threshold:
          anyOf:
            - type: number
              maximum: 1
              minimum: 0
            - type: 'null'
          title: Threshold
      type: object
      title: GuardrailDelta
      description: >-
        Per-guardrail override the overlay wants to apply.


        Matches the ``guardrails`` override shape PolicyEngine already reads:

        ``{enabled, level, threshold}``. ``enabled=False`` disables a detector
        and

        is only ever a *loosening* op (surfaced as a critical warning).
  securitySchemes:
    ApiKeyAuth:
      type: apiKey
      in: header
      name: X-API-Key
      description: >-
        PromptGuard API key for developer endpoints. Keys start with pg_live_
        and are created in the dashboard.

````