// documentation
alpha 1.0
Raiplus Engine
The only content moderation API built specifically for Hinglish + English. Dual-node AI pipeline: Raiplus Classifier v2 detects toxicity in under 50ms, Raiplus Refiner v1 rewrites it contextually in ~350ms.
Node 1 — Guard
Raiplus Classifier v2
HostSecure Inference Node
Model sizeHigh-Precision Quantized
Latency<50ms
Thresholdconfidence ≥ 0.85
Training50k+ Hinglish samples
Front-doorRegex pre-check (instant)
Node 2 — Sanitizer
Raiplus Refiner v1
HostHigh-speed Inference Node
Latency~300–400ms
Temperature0.6
TriggersOnly when toxic=true
Safety shieldOutput cross-verified post-rewrite
Short textTemplate used (≤3 words)
Request lifecycle
Client
→
Rate limiter
→
Front-door check
→
Node 1 (Raiplus Classifier v2)
→
Node 2 (Raiplus Refiner v1)
→
Safety shield
→
Response
Quick start
Make your first moderation request in under 60 seconds.
1. Register and get a session cookie
bash
# Step 1: Register curl -X POST https://raiplus.in/api/auth/register \ -H "Content-Type: application/json" \ -d '{"email":"[email protected]","password":"yourpassword","username":"devbhai"}' # Step 2: Verify OTP (check your email) curl -X POST https://raiplus.in/api/auth/verify-otp \ -H "Content-Type: application/json" \ -c cookies.txt \ -d '{"email":"[email protected]","otp":"123456"}'
2. Moderate text
bash
curl -X POST https://raiplus.in/api/demo/moderate \ -H "Content-Type: application/json" \ -b cookies.txt \ -d '{"text":"ye frontend walo ka code ekdum bakwas hai bkl","mode":"full"}'
JavaScript (fetch)
javascript
const res = await fetch('https://raiplus.in/api/demo/moderate', { method: 'POST', credentials: 'include', // sends httpOnly cookie automatically headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({ text: 'ye frontend walo ka code ekdum bakwas hai bkl', mode: 'full' // 'full' | 'detect_only' }) }); const data = await res.json(); console.log(data.action_taken); // 'sanitized_via_engine' console.log(data.clean_text); // cleaned output console.log(data.telemetry); // full latency breakdown
Python
python
import requests # Session maintains the httpOnly cookie automatically session = requests.Session() # Login session.post('https://raiplus.in/api/auth/login', json={ 'email': '[email protected]', 'password': 'yourpassword' }) # Moderate res = session.post('https://raiplus.in/api/demo/moderate', json={ 'text': 'ye code ekdum bakwas hai bkl', 'mode': 'full' }) data = res.json() print(data['clean_text']) print(data['telemetry']['total_latency_ms'])
Authentication
Raiplus uses httpOnly cookies for authentication — XSS-safe by design. JWT is never exposed to JavaScript.
How it works
StoragehttpOnly cookie
JS readableNever (XSS-safe)
Expiry24 days
SameSiteStrict (CSRF safe)
SecureHTTPS-only in production
For API clients
curlUse -c / -b flags
fetchcredentials: 'include'
axioswithCredentials: true
Pythonrequests.Session()
Bearer tokenAlso supported as fallback
Auth flow
POST /register
→
OTP email sent
→
POST /verify-otp
→
Cookie set (24d)
→
Authenticated
POST /login
→
Password check
→
Cookie set
→
Authenticated
// No OTP on login
POST /api/demo/moderate
Moderate a text string. Detects toxicity and optionally rewrites it.
Request body
| Field | Type | Required | Description |
|---|---|---|---|
| text | string | yes | Text to moderate. Max 500 chars. |
| mode | string | no | full (detect + rewrite) or detect_only. Default: full |
json — request
{
"text": "ye frontend walo ka code ekdum bakwas hai bkl",
"mode": "full"
}
Request headers
http
POST /api/demo/moderate HTTP/1.1
Content-Type: application/json
Cookie: rp_token=eyJhbGci... # set automatically by browser
Response schema
Enterprise-grade JSON with full telemetry on every response.
json — 200 OK (toxic text)
{
"success": true,
"original_text": "ye frontend walo ka code bakwas hai bkl",
"is_toxic": true,
"confidence": 1.0,
"clean_text": "ye frontend walo ka code thoda aur improve ho sakta hai",
"action_taken": "sanitized_via_engine",
"telemetry": {
"node1_latency_ms": 43,
"node2_latency_ms": 318,
"total_latency_ms": 361,
"nodes_hit": ["Node-1", "Node-2"],
"delayed_by": null,
"circuit_breaker": "closed",
"node1_source": "classifier_v1",
"mode_requested": "full"
}
}
action_taken — all possible values| Value | Meaning |
|---|---|
| clean | Text was not toxic — returned as-is |
| front_door_blocked | Instant keyword match — confidence=1.0, no Raiplus Classifier v2 call |
| sanitized_via_engine | Raiplus Refiner v1 rewrote the text contextually |
| polite_template_used | Short text (≤3 words) or Generative Transformation Engine output failed shield check |
| fallback_detection_only | Circuit breaker open or mode=detect_only requested |
Response headers
http
X-RateLimit-Remaining: 49 X-RateLimit-Reset: 1711245600 X-RateLimit-Tier: alpha
200 OK — clean text
json
{
"success": true,
"original_text": "bhai kya scene hai",
"is_toxic": false,
"confidence": 0.04,
"clean_text": "bhai kya scene hai",
"action_taken": "clean",
"telemetry": {
"node1_latency_ms": 41,
"node2_latency_ms": null,
"total_latency_ms": 41,
"nodes_hit": ["Node-1"],
"delayed_by": null,
"circuit_breaker": "closed"
}
}
Errors
All errors return a consistent JSON shape with success: false.
| HTTP | error field | Cause | Fix |
|---|---|---|---|
| 400 | invalid_input | Empty text or over 500 chars | Trim input, check length |
| 401 | unauthorized | No session cookie | Login first |
| 401 | token_invalid | Cookie expired or tampered | Re-login |
| 403 | account_banned | User is banned | Contact support |
| 403 | admin_required | Accessing admin endpoint | Admin role needed |
| 429 | rate_limit_exceeded | Quota hit | Wait for retry_after seconds |
| 503 | node1_unavailable | Classifier Node unavailable | Retry after 30s |
| 500 | internal_error | Unexpected server error | Report via /report page |
Error response shape
json — 429 rate limit
{
"success": false,
"error": "rate_limit_exceeded",
"retry_after": 47,
"message": "Daily quota khatam. Resets at midnight. Share your link for +100 bonus!"
}
Rate limits
Three independent layers of rate limiting protect the service.
| Tier | Limit | Window | Key | Response |
|---|---|---|---|---|
| guest | 20 req | per minute | IP address | 429 + signup_url nudge |
| alpha | 50 req | per day | User ID | 429 + retry_after |
| alpha + referral | 150 req | per day | User ID | Bonus active 30 days |
| email OTP | 5 emails | per hour | Email address | Silent block + console log |
| report | 2 reports | per day | IP address | 429 + Discord link |
Why guest limit is 20/min not 5/min
NAT routers in offices, college hostels, and coworking spaces share a single public IP. A limit of 5/min would block 10 developers behind the same NAT after 1 person makes 5 requests. 20/min is the practical sweet spot for shared environments.
Handling 429 in your code
javascript
const res = await fetch('/api/demo/moderate', { ... }); if (res.status === 429) { const data = await res.json(); const retryAfter = data.retry_after; // seconds // Show countdown timer to user console.log(`Rate limited. Retry in ${retryAfter}s`); // Check X-RateLimit-Remaining header too const remaining = res.headers.get('X-RateLimit-Remaining'); }
Crash protection
Multiple layers prevent cascading failures from taking the service down.
Circuit Breaker
Threshold3 consecutive Node 2 failures
Stateopen / closed
Auto-reset60 seconds
Fallbackdetection_only mode
In responsetelemetry.circuit_breaker
Safety Shield
WhatRe-checks Generative Transformation Engine output
WhyLLMs can hallucinate abuse
If triggeredPolite template used instead
action_takenpolite_template_used
Timeouts
Node 110s (AbortController)
Node 210s (Promise.race)
delayed_bynode1 / node2 / null
Front-door
WhatRegex keyword pre-check
SpeedInstant (no network call)
ConfidenceAlways 1.0
action_takenfront_door_blocked
Changelog
What changed and when.
v1.0.5March 2025current
securityJWT moved to httpOnly cookies — XSS-safe
featureEnterprise API response with
action_taken + telemetry blockfeatureSafety shield — Generative Transformation Engine output re-checked before returning
featureAdmin panel — 6 tabs including Morgan HTTP logs with auto-refresh
fixGuest rate limit raised 5 → 20/min for NAT/shared IP environments
uxReport submission OTP removed — IP rate limit used instead (2/day)
feature4th email template — bonus quota unlock notification
infraBrevo removed — AWS SES only
v1.0.4Feb 2025
featureShare/referral system — +100 req/day for 30 days on referral
featureReport system with category + severity + admin notes
featureMongoDB schemas — User, Request, Report, Share, ActionLog
fixnode-fetch removed — Node 18+ built-in fetch used
v1.0.0Jan 2025
featureInitial release — dual-node pipeline, JWT auth, rate limiting
featurePlayground, dashboard, docs, waitlist pages
featureCircuit breaker, timeout handling, demo mode