> ## Documentation Index
> Fetch the complete documentation index at: https://docs.trusys.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Get monitoring configuration

> Returns the eval metrics, security plugins, and application security context configured for monitoring.



## OpenAPI

````yaml /openapi.json get /applications/{applicationId}/monitoring
openapi: 3.0.0
info:
  title: Trusys API
  version: 1.0.0
  description: >-
    Programmatic access to Trusys for integrating AI quality monitoring,
    evaluation, and guardrails into your own systems — without using the Trusys
    UI.


    **Typical integration flow**


    1. `POST /applications` — register your application and get an id.

    2. `PUT /applications/{id}/monitoring` and/or `PUT
    /applications/{id}/guardrails` — configure which metrics, security plugins,
    and guardrails apply.

    3. `POST /applications/{id}/evaluations` — submit prompt/response traces to
    be scored as your application runs.

    4. `GET /applications/{id}/traces`, `GET /applications/{id}/evaluations`,
    and `POST /applications/{id}/widget-data` — pull results, trends, and
    dashboard-equivalent chart data back into your own tools.


    All requests require an `x-api-key` header (see Authentication). All
    timestamps are ISO 8601 UTC. Paginated endpoints default to 20 items per
    page (max 100).
servers:
  - url: https://app.trusys.ai/api/external
security:
  - ApiKeyAuth: []
paths:
  /applications/{applicationId}/monitoring:
    get:
      tags:
        - Monitoring
      summary: Get monitoring configuration
      description: >-
        Returns the eval metrics, security plugins, and application security
        context configured for monitoring.
      operationId: getMonitoringConfig
      parameters:
        - $ref: '#/components/parameters/applicationId'
      responses:
        '200':
          description: Current monitoring configuration.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/MonitoringConfigResponse'
              example:
                success: true
                data:
                  metrics:
                    - type: answer-relevance
                      threshold: 0.7
                  plugins:
                    harmful:
                      - harmful:hate
                  securityPurpose: Customer support chatbot handling account queries
                  securityConfig:
                    hasAccessTo: >-
                      Help center knowledge base, customer profile metadata
                      (non-sensitive)
                    doesNotHaveAccessTo: >-
                      Core banking systems, full customer PII, internal support
                      logs
                    userTypes: Retail customers, customer support agents
                    securityRequirements: PCI-DSS awareness, least-privilege access, audit logging
                    sensitiveDataTypes: Masked customer identifiers, limited account metadata
                    exampleIdentifiers: 'Customer ID: TB-987654, Support Ticket ID: SR-2025-00123'
                    criticalActions: Card block requests (require external OTP confirmation)
                    forbiddenTopics: Fraud instructions, explicit financial advice, hate speech
                    competitors: Other banks and fintech providers
                    redteamUser: A retail banking customer exploring savings accounts
        '401':
          $ref: '#/components/responses/Unauthorized'
        '404':
          $ref: '#/components/responses/NotFound'
components:
  parameters:
    applicationId:
      name: applicationId
      in: path
      required: true
      schema:
        type: string
        format: uuid
      description: >-
        Unique identifier (UUID) of the application. Returned by `POST
        /applications`.
  schemas:
    MonitoringConfigResponse:
      type: object
      properties:
        success:
          type: boolean
        data:
          $ref: '#/components/schemas/MonitoringConfigData'
    MonitoringConfigData:
      type: object
      description: >-
        Monitoring evaluation metrics, security plugins, and application
        security context.
      properties:
        metrics:
          type: array
          description: Quality metrics to run on ingested traces.
          items:
            type: object
        plugins:
          type: object
          description: Enabled security plugins grouped by risk category.
          additionalProperties:
            type: array
            items:
              type: string
        securityPurpose:
          type: string
          description: Same as `securityConfig.purpose` when present.
        securityConfig:
          $ref: '#/components/schemas/ExternalSecurityConfig'
        logLocation:
          type: string
          description: Where traces are ingested from (for example `sdk`).
    ErrorResponse:
      type: object
      description: Standard error envelope for non-validation failures.
      properties:
        success:
          type: boolean
          example: false
          description: Always `false` for errors.
        message:
          type: string
          description: Human-readable explanation of the error.
      required:
        - success
        - message
    ExternalSecurityConfig:
      type: object
      additionalProperties: false
      description: >-
        Application security context used to tailor adversarial security
        testing. All fields are optional on update; omitted keys are left
        unchanged. Provide `purpose` (or top-level `securityPurpose`) to
        describe what the AI application does.
      properties:
        purpose:
          type: string
          description: The primary objective of the AI in this application.
        hasAccessTo:
          type: string
          description: >-
            Systems, data, or resources the application legitimately has access
            to (RBAC and data-scope context for security testing).
        doesNotHaveAccessTo:
          type: string
          description: >-
            Systems and data the application should not access (unauthorized
            access and exfiltration scenarios).
        userTypes:
          type: string
          description: >-
            User roles and permissions that interact with the application
            (privilege escalation and role abuse scenarios).
        securityRequirements:
          type: string
          description: >-
            Security and compliance requirements (for example HIPAA, audit
            logging) for policy enforcement tests.
        sensitiveDataTypes:
          type: string
          description: >-
            Sensitive data categories handled by the application
            (privacy-related attack scenarios).
        exampleIdentifiers:
          type: string
          description: >-
            Example identifiers, names, or data points used by the application
            (exposure and pattern leak tests).
        criticalActions:
          type: string
          description: >-
            High-risk operations the application can perform (misuse and
            escalation tests).
        forbiddenTopics:
          type: string
          description: >-
            Content or topics the application must never discuss (content-policy
            bypass and prompt-injection tests).
        competitors:
          type: string
          description: Competitor names that should not be endorsed or promoted.
        redteamUser:
          type: string
          description: Persona used during adversarial security testing.
  responses:
    Unauthorized:
      description: >-
        The API key is missing, invalid, or revoked. Verify the `x-api-key`
        header and that the key is active in Trusys settings.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorResponse'
          example:
            message: Error while verifying api key
    NotFound:
      description: The requested resource does not exist, or your API key cannot access it.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorResponse'
          example:
            success: false
            message: Application not found
  securitySchemes:
    ApiKeyAuth:
      type: apiKey
      in: header
      name: x-api-key
      description: >-
        Your Trusys API key. Create and manage keys in the Trusys UI under
        **Settings → API Keys**.


        Include the key on every request:


        ```

        x-api-key: <your-api-key>

        ```

````