> ## Documentation Index
> Fetch the complete documentation index at: https://docs.waffo.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# 扫描提示词

> 生成前对提示词进行内容安全检查

在产品生成图片或视频之前，对用户的文本提示词运行 Waffo 内容安全检查。响应在 `action` 字段中承载判定结果 —— 仅当其为 `allow` 时才继续生成。该检查无状态，返回后不留存提示词原文。

```
POST /v1/actions/verification/scan-prompt
```

**认证方式：** API Key

## 请求体

| 字段         | 类型     | 必需 | 说明                                    |
| ---------- | ------ | -- | ------------------------------------- |
| `prompt`   | string | 是  | 用户的生成提示词（1-10000 字符）                  |
| `locale`   | string | 否  | 检查的语言提示 —— `ja`、`en`、`zh` 之一          |
| `semantic` | string | 否  | 语义评分模式 —— `off`、`shadow`、`enforce` 之一 |

<Note>
  `semantic` 控制可选的语义评分层：`off` 关闭该层，`shadow` 仅评分而不影响判定，`enforce` 让评分参与判定。省略时，服务采用其默认模式。
</Note>

## 请求示例

<CodeGroup>
  ```typescript SDK theme={"system"}
  import { WaffoPancake } from "@waffo/pancake-ts";

  const client = new WaffoPancake({
    merchantId: process.env.WAFFO_MERCHANT_ID!,
    privateKey: process.env.WAFFO_PRIVATE_KEY!,
  });

  const { data } = await client.contentSafety.scanPrompt({
    prompt: "A serene mountain landscape at sunset",
    locale: "en",
    semantic: "enforce",
  });

  if (data.action === "allow") {
    // safe to generate
  }
  ```

  ```typescript TypeScript (fetch) theme={"system"}
  // Uses callApi() helper from authentication.mdx
  const result = await callApi("POST", "/v1/actions/verification/scan-prompt", {
    prompt: "A serene mountain landscape at sunset",
    locale: "en",
    semantic: "enforce",
  });
  console.log(result.data.action);     // => "allow"
  console.log(result.data.reasonCode); // => "allowed"
  ```

  ```java Java theme={"system"}
  // Uses callApi() helper from authentication.mdx
  String body = """
      {"prompt":"A serene mountain landscape at sunset","locale":"en","semantic":"enforce"}""";

  String response = callApi("POST", "/v1/actions/verification/scan-prompt", body);
  System.out.println(response);
  // => {"data":{"action":"allow","reasonCode":"allowed","matchedCategories":[],...}}
  ```

  ```python Python theme={"system"}
  # Uses call_api() helper from authentication.mdx
  result = call_api("POST", "/v1/actions/verification/scan-prompt", {
      "prompt": "A serene mountain landscape at sunset",
      "locale": "en",
      "semantic": "enforce",
  })
  data = result["data"]
  print(data["action"])     # => "allow"
  print(data["reasonCode"]) # => "allowed"
  ```

  ```go Go theme={"system"}
  // Uses callAPI() helper from authentication.mdx
  body := map[string]interface{}{
      "prompt":   "A serene mountain landscape at sunset",
      "locale":   "en",
      "semantic": "enforce",
  }
  result, err := callAPI("POST", "/v1/actions/verification/scan-prompt", body)
  if err != nil {
      log.Fatal(err)
  }
  fmt.Println(string(result))
  // => {"data":{"action":"allow","reasonCode":"allowed","matchedCategories":[],...}}
  ```

  ```rust Rust theme={"system"}
  // Uses call_api() helper from authentication.mdx
  let body = serde_json::json!({
      "prompt": "A serene mountain landscape at sunset",
      "locale": "en",
      "semantic": "enforce"
  });
  let result = call_api("POST", "/v1/actions/verification/scan-prompt", &body).await?;
  println!("{}", result);
  // => {"data":{"action":"allow","reasonCode":"allowed","matchedCategories":[],...}}
  ```

  ```c C theme={"system"}
  /* Uses call_api() helper from authentication.mdx */
  const char *body = "{\"prompt\":\"A serene mountain landscape at sunset\",\"locale\":\"en\",\"semantic\":\"enforce\"}";
  char *response = call_api("POST", "/v1/actions/verification/scan-prompt", body);
  printf("%s\n", response);
  free(response);
  ```

  ```cpp C++ theme={"system"}
  // Uses callApi() helper from authentication.mdx
  std::string body = R"({"prompt":"A serene mountain landscape at sunset","locale":"en","semantic":"enforce"})";
  std::string response = callApi("POST", "/v1/actions/verification/scan-prompt", body);
  std::cout << response << std::endl;
  // => {"data":{"action":"allow","reasonCode":"allowed","matchedCategories":[],...}}
  ```

  ```bash cURL theme={"system"}
  MERCHANT_ID="MER_2aUyqjCzEIiEcYMKj7TZtw"
  TIMESTAMP=$(date +%s)
  BODY='{"prompt":"A serene mountain landscape at sunset","locale":"en","semantic":"enforce"}'
  BODY_HASH=$(echo -n "$BODY" | openssl dgst -sha256 -binary | base64 -w 0)
  CANONICAL_REQUEST="POST
  /v1/actions/verification/scan-prompt
  $TIMESTAMP
  $BODY_HASH"

  SIGNATURE=$(echo -n "$CANONICAL_REQUEST" | openssl dgst -sha256 -sign private_key.pem | base64 -w 0)

  curl -X POST "https://api.waffo.ai/v1/actions/verification/scan-prompt" \
    -H "Content-Type: application/json" \
    -H "X-Merchant-Id: $MERCHANT_ID" \
    -H "X-Timestamp: $TIMESTAMP" \
    -H "X-Signature: $SIGNATURE" \
    -d "$BODY"
  ```

  ```bash wget theme={"system"}
  MERCHANT_ID="MER_2aUyqjCzEIiEcYMKj7TZtw"
  TIMESTAMP=$(date +%s)
  BODY='{"prompt":"A serene mountain landscape at sunset","locale":"en","semantic":"enforce"}'
  BODY_HASH=$(echo -n "$BODY" | openssl dgst -sha256 -binary | base64 -w 0)
  CANONICAL_REQUEST="POST
  /v1/actions/verification/scan-prompt
  $TIMESTAMP
  $BODY_HASH"

  SIGNATURE=$(echo -n "$CANONICAL_REQUEST" | openssl dgst -sha256 -sign private_key.pem | base64 -w 0)

  wget -qO- "https://api.waffo.ai/v1/actions/verification/scan-prompt" \
    --header="Content-Type: application/json" \
    --header="X-Merchant-Id: $MERCHANT_ID" \
    --header="X-Timestamp: $TIMESTAMP" \
    --header="X-Signature: $SIGNATURE" \
    --post-data="$BODY"
  ```
</CodeGroup>

## 成功响应 (200)

```json theme={"system"}
{
  "data": {
    "action": "allow",
    "reasonCode": "allowed",
    "matchedCategories": [],
    "requestId": "REQ_2aUyqjCzEIiEcYMKj7TZtw",
    "semanticStatus": "scored"
  }
}
```

## 响应字段

| 字段                  | 类型        | 说明                                                                           |
| ------------------- | --------- | ---------------------------------------------------------------------------- |
| `action`            | string    | 判定结果：`allow`、`review` 或 `block`。仅在 `allow` 时继续生成。                            |
| `reasonCode`        | string    | 机器可读原因：`allowed`、`review_required`、`restricted_content` 或 `service_degraded` |
| `matchedCategories` | string\[] | 提示词命中的受限类别；判定为 `allow` 时为空                                                   |
| `requestId`         | string    | 本次检查的标识；在申诉中引用该请求时附上它                                                        |
| `semanticStatus`    | string    | 语义评分层的状态：`disabled`、`scored`、`shadow_scored`、`provider_error` 等              |

## 判定处理

| `action` | 推荐处理                           |
| -------- | ------------------------------ |
| `allow`  | 照常调用你的生成模型。                    |
| `review` | 暂缓请求并稍后重试；通常约 1 小时内出结果。        |
| `block`  | 不要生成。展示友好提示，例如"该内容不符合我们的使用规范"。 |

<Note>
  当审核服务暂时不可用时，检查会返回 `action: "review"` 并附带 `reasonCode: "service_degraded"`，以确保没有判定结果时不会生成任何内容。收到降级响应时应重试请求，而不是直接生成。
</Note>

## 错误响应

> **重试策略**：4xx 一律不要重试 — 修正请求后重发。5xx 指数退避重试（起步 5s，最多 3 次）。

| 状态码 | `errors[0].message`                                           | 含义                   | 推荐处理                      |
| --- | ------------------------------------------------------------- | -------------------- | ------------------------- |
| 400 | `Missing required field: prompt`                              | 请求体未传 `prompt`       | 修正输入后重新提交。                |
| 400 | `Prompt cannot be empty or contain only whitespace`           | 去除首尾空格后 `prompt` 为空  | 修正输入后重新提交。                |
| 400 | `Prompt cannot exceed 10000 characters`                       | `prompt` 超过 10000 字符 | 缩短提示词后重新提交。               |
| 400 | `Invalid locale. Must be one of: ja, en, zh`                  | `locale` 不是受支持的值     | 使用受支持的 `locale` 后重新提交。    |
| 400 | `Invalid semantic mode. Must be one of: off, shadow, enforce` | `semantic` 不是受支持的值   | 使用受支持的 `semantic` 值后重新提交。 |

<Note>
  在生成前筛查提示词，仅在 `allow` 时继续。若需完整覆盖，请按 [AIGC 合规](/zh/mor/account-reviews/aigc-compliance)所述再增加生成后阶段的检查。
</Note>
