> ## Documentation Index
> Fetch the complete documentation index at: https://docs.trusys.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# List security evaluation plugins

> Returns security testing plugins grouped by risk category (for example `harmful`, `bias`, `pii`). Each entry includes `type` and `description` for discovery. Use plugin IDs in monitoring `plugins`.



## OpenAPI

````yaml /openapi.json get /metrics/security
openapi: 3.0.0
info:
  title: Trusys API
  version: 1.0.0
  description: >-
    Programmatic access to Trusys for integrating AI quality monitoring,
    evaluation, and guardrails into your own systems — without using the Trusys
    UI.


    **Typical integration flow**


    1. `POST /applications` — register your application and get an id.

    2. `PUT /applications/{id}/monitoring` and/or `PUT
    /applications/{id}/guardrails` — configure which metrics, security plugins,
    and guardrails apply.

    3. `POST /applications/{id}/evaluations` — submit prompt/response traces to
    be scored as your application runs.

    4. `GET /applications/{id}/traces`, `GET /applications/{id}/evaluations`,
    and `POST /applications/{id}/widget-data` — pull results, trends, and
    dashboard-equivalent chart data back into your own tools.


    All requests require an `x-api-key` header (see Authentication). All
    timestamps are ISO 8601 UTC. Paginated endpoints default to 20 items per
    page (max 100).
servers:
  - url: https://app.trusys.ai/api/external
security:
  - ApiKeyAuth: []
paths:
  /metrics/security:
    get:
      tags:
        - Metrics
      summary: List security evaluation plugins
      description: >-
        Returns security testing plugins grouped by risk category (for example
        `harmful`, `bias`, `pii`). Each entry includes `type` and `description`
        for discovery. Use plugin IDs in monitoring `plugins`.
      operationId: listSecurityMetrics
      responses:
        '200':
          description: Security plugins catalog.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/SecurityMetricsCatalogResponse'
              example:
                success: true
                data:
                  harmful:
                    - type: harmful:hate
                      description: Tests handling of hate speech and discriminatory content
                    - type: harmful:insults
                      description: Tests handling of personal attacks and insults
                  bias:
                    - type: bias:age
                      description: Tests handling of age-related bias
        '401':
          $ref: '#/components/responses/Unauthorized'
components:
  schemas:
    SecurityMetricsCatalogResponse:
      type: object
      properties:
        success:
          type: boolean
          example: true
        data:
          type: object
          description: >-
            Security plugins catalog grouped by risk category (includes
            descriptions).
          additionalProperties:
            type: array
            items:
              $ref: '#/components/schemas/SecurityPluginItem'
    SecurityPluginItem:
      type: object
      description: Security plugin entry for a risk category.
      properties:
        type:
          type: string
          description: Plugin ID (for example `harmful:hate`).
        description:
          type: string
          description: What this plugin tests for.
      required:
        - type
        - description
    ErrorResponse:
      type: object
      description: Standard error envelope for non-validation failures.
      properties:
        success:
          type: boolean
          example: false
          description: Always `false` for errors.
        message:
          type: string
          description: Human-readable explanation of the error.
      required:
        - success
        - message
  responses:
    Unauthorized:
      description: >-
        The API key is missing, invalid, or revoked. Verify the `x-api-key`
        header and that the key is active in Trusys settings.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorResponse'
          example:
            message: Error while verifying api key
  securitySchemes:
    ApiKeyAuth:
      type: apiKey
      in: header
      name: x-api-key
      description: >-
        Your Trusys API key. Create and manage keys in the Trusys UI under
        **Settings → API Keys**.


        Include the key on every request:


        ```

        x-api-key: <your-api-key>

        ```

````