Helix PSA API Documentation

This API lets you use Helix PSA, a password strength analyzer AI model.

Changelog

• 1.2 (Latest): Updated API security.

• 1.1: Replaced detection model, with a new model, trained on a newer, larger dataset.

• 1.0: Initial commit for API space.

Access

The API can be accessed from

https://infinitode.netlify.app/api/v1/helix-psa

---

Authentication

API Token

You must include an API token in the request to use this API. The API token should be included in the request body as the apiKey field.

{
  "apiKey": "YOUR_API_TOKEN"
}

You can also use the API with the default GET method.

https://infinitode.netlify.app/api/v1/helix-psa?token=YOUR_API_TOKEN

---

Endpoint

Analyze passwords

Endpoint URL:

https://infinitode.netlify.app/api/v1/helix-psa

HTTP Methods:

• Post

• Get

Request Body

The request body should be a JSON object with the following properties:

• apiKey: Your API token.

• password: The password to analyze.

Example:

{
  "apiKey": "YOUR_API_TOKEN",
  "password": "Hello123"
}

Or, use the GET method (not recommended for advanced passwords, since browser requests don't format the password correctly, which may result in API errors):

https://infinitode.netlify.app/api/v1/helix-psa?token=YOUR_API_TOKEN&password=Hello123

Response

Upon a successful request, you will receive a JSON response with the strength level, a text description, and the password analyzed, using the Helix PSA AI model. If the API token is invalid or the request fails for any reason, an error message will be included in the response. For developer API calls, validation results will also be included along with dummy content.

Example response:

{
  "output": {
    "password": [
	"Hello123"
    ],
    "prediction": [
	1
    ],
    "textDescription": [
	"Password is weak."
    ]
  }
}

The response includes the analyzed password, a strength level, and a text description, and input validation results are excluded since this was a normal API call.

---

Usage example

Here's a usage example in JavaScript using the fetch API:

const apiUrl = 'https://infinitode.netlify.app/api/v1/helix-psa';

const data = {
  "apiKey": "YOUR_API_TOKEN",
  "password": "Hello123"
};

fetch(apiUrl, {
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
  },
  body: JSON.stringify(data),
})
  .then(response => response.json())
  .then(result => {
    console.log('Password analysis:', result.output);
  })
  .catch(error => {
    console.error('Error:', error);
  });

Make sure to replace 'YOUR_API_TOKEN' with your actual API token.

---

Error handling

The API may return error responses in case of invalid input or other issues. Be sure to handle errors gracefully in your application. Error responses will include appropriate status codes and error messages in the JSON format.

---

Parameters

Here are all the available parameters for the API:

`POST` method

Parameter	Description	Optional
apiKey	Your API key, either the developer API key, or your normal API key	false
password	The password string to be analyzed	false

`GET` method

Parameter	Description	Optional
token	Your API key, either the developer API key, or your normal API key	false
password	The password string to be analyzed	false

---

⚠️ Error codes

Here are a few of the error codes, you will receive in responses, to help clarify issues:

Common error codes

Error code	Description
400	Missing or invalid parameters. This is when the parameters you passed to the API, do not match the API's expected inputs.
405	Using an invalid method, to access the API.
429	The rate limit is exceeded within the current timeframe.
401	Error during the request. This can be because of insufficient API calls, input errors, or errors arising from the API's logic.

Our APIs are rigorously tested before deployments, to ensure that they do not produce any unintentional errors during production.

---

⌛ Rate limiting

We use rate limiting, to protect our API's resources. Rate limiting is implemented on all of our APIs, and follows these general principles:

- interval: The rate limiting is set to a default interval of 1 minute. - amount of requests: The amount of requests is set to a default of 25 requests within the given interval.

If the rate limit is exceeded, an error 429 code will be returned, instead of the actual API output.

---

⭐ Best practices

Common guidelines to use, optimize, and protect your implementation of our APIs.

• Do not store/share/expose your API keys

• Implement data cleaning, and validation in your code, to ensure inputs are sanitized

• Handle API errors gracefully

• Use Developer API calls, to help debug your implementation and code

• Handle API outputs accordingly. You can see examples of this API's output in the Endpoint section.

• Implement code to notify users of actions when using our APIs, such as errors, delays, formatting issues, etc.

---

❓ FAQs

Answers to the most common questions and issues when using this API:

I am getting a 405 error, what should I do?

When you are getting a 404 or NotFound error, you likely misspelled the API endpoint or URL. This could also be caused by using an invalid method to access the API.

Is rate limiting set individually, or per API key?

Rate limiting is set individually, this means that rate limiting happens on an end-user level. This ensures that our API is used fairly, among all users.

Are request timeouts a thing?

Yes, we normally timeout requests after the 10-second mark. This, however, can vary significantly, depending on various other factors.

What is the max payload size?

The maximum payload size for buffered executions is 4.5mb per request. For streamed executions, we use a payload restriction size of 20mb per request.

What is the recommended way to call the API?

If you can, call the API using the POST method. The GET method works but is not recommended, especially when you're calling it by directly modifying the URL. This is because URL parameters that are strings, can sometimes be misformatted afterwards, and then incorrectly passed to the API.

Can this AI model be used to improve password security?

While this model can accurately predict the strength level, of any given password, it should not be the only tool used to improve proactive cybersecurity. You can read more about our other model to identify potentially breached passwords, here.

---

Conclusion

That's it! You now have the basics to use the Helix PSA API. If you have any further questions or encounter issues, please contact our support team.