Docs — Raiplus

Getting Started

Raiplus Engine

The only content moderation API built for Hinglish + English. 3-Tier Stealth AI Pipeline — Node-1 rewrites toxic text contextually (~300ms), Node-2 is the HA fallback, Node-3 is a blazing-fast boolean scanner (<50ms) for high-volume pipelines.

⚡

API keys & session cookies

📦

Node.js SDK

npm install raiplus-moderation

Accuracy & latency numbers

⚖️

vs OpenAI

Honest comparison

// 3-tier node architecture

Node-1 — Guard & Sanitizer

Primary Brain

RoleSmart rewrite, context-aware

Latency~300ms

Training60k+ Hinglish samples

Triggers onmode: "full" (default)

Node-2 — Fallback

High-Availability Brain

RoleSeamless takeover if Node-1 times out

Latency~300–400ms

Safety shieldOutput cross-verified post-rewrite

Triggers onNode-1 failure only

Node-3 — Deep Scanner

Fast Boolean Scanner

RoleDetection only — no rewrites

Latency<50ms

Outputis_toxic: true / false

Triggers onmode: "detect_only" or last resort

// request lifecycle

Client

→

Rate limiter

→

Layer 0 Armor

→

Front-door

→

Node-1

→

Node-2

→

Node-3

→

Response

detect_only skips Node-1 & Node-2 entirely — hits Node-3 directly for <50ms boolean results.

Getting Started

Quick start

Make your first moderation request in under 60 seconds.

Node ≥ 18REST or SDKcookie or API key

// option A — npm SDK (recommended)

bash

npm install raiplus-moderation

javascript

const Raiplus = require('raiplus-moderation');
const client = new Raiplus('rp_alpha_xxxxxxxxxxxxxxxx');

// Full mode — detect + contextual rewrite (~300ms)
const result = await client.moderate('ye code ekdum bakwas hai bkl');
console.log(result.isToxic);    // true
console.log(result.cleanText);  // 'ye code thoda aur accha ho sakta hai yaar'
console.log(result.confidence); // 0.97

// Fast mode — boolean detect only (<50ms)
const scan = await client.detect('bhai kya scene hai');
console.log(scan.isToxic);      // false

// option B — curl

bash

# 1. Register
curl -X POST https://raiplus.in/api/auth/register \
  -H "Content-Type: application/json" \
  -d '{"email":"you@example.com","password":"yourpassword","username":"devbhai"}'

# 2. Verify OTP
curl -X POST https://raiplus.in/api/auth/verify-otp \
  -H "Content-Type: application/json" -c cookies.txt \
  -d '{"email":"you@example.com","otp":"123456"}'

# 3. Moderate
curl -X POST https://raiplus.in/api/demo/moderate \
  -H "Content-Type: application/json" -b cookies.txt \
  -d '{"text":"ye frontend walo ka code ekdum bakwas hai bkl","mode":"full"}'

// option C — JavaScript fetch

javascript

const res = await fetch('https://raiplus.in/api/demo/moderate', {
  method: 'POST', credentials: 'include',
  headers: { 'Content-Type': 'application/json' },
  body: JSON.stringify({ text: 'your text here', mode: 'full' })
});
const data = await res.json();
console.log(data.clean_text, data.action_taken, data.telemetry);

// option D — Python

python

import requests
session = requests.Session()
session.post('https://raiplus.in/api/auth/login', json={'email':'you@example.com','password':'pw'})
res = session.post('https://raiplus.in/api/demo/moderate', json={'text':'ye code bakwas hai bkl','mode':'full'})
print(res.json()['clean_text'])

Getting Started

Authentication

Two auth methods. API keys for all programmatic usage. httpOnly session cookies for the browser playground — JWT is never exposed to JavaScript.

httpOnly JWTbcrypt passwordsSameSite: Strict

API Key recommended

Formatrp_alpha_xxxxxxxxxxxxxxxx

HeaderAuthorization: Bearer <key>

Get itraiplus.in/dashboard after login

Best forAll server-side / CLI usage

Session Cookie

StoragehttpOnly cookie

JS readableNever (XSS-safe)

Expiry24 days

SameSiteStrict (CSRF safe)

Client usage

curl-H "Authorization: Bearer KEY"

fetchcredentials: 'include' or Auth header

axioswithCredentials: true

Pythonrequests.Session()

// api key usage

javascript

// SDK — pass key to constructor
const client = new Raiplus('rp_alpha_xxxxxxxxxxxxxxxx');

// Or raw fetch with Authorization header
const res = await fetch('https://raiplus.in/api/demo/moderate', {
  method: 'POST',
  headers: { 'Content-Type': 'application/json', 'Authorization': `Bearer ${process.env.RAIPLUS_API_KEY}` },
  body: JSON.stringify({ text: 'some text', mode: 'full' }),
});

// cookie auth flows

Register + OTP verify

POST /register

→

OTP email

→

POST /verify-otp

→

Cookie set (24d)

→

Authenticated

Login (no OTP needed)

POST /login

→

Password check

→

Cookie set

→

Authenticated

API Reference

POST /api/demo/moderate

The core endpoint. Detects toxicity and optionally rewrites it. Two modes: full (detect + rewrite) and detect_only (boolean only, <50ms).

Auth requiredMax 500 charsJSON body

// request body

Field	Type	Required	Description
text	string	yes	Text to moderate. Max 500 chars.
mode	string	no	`full` or `detect_only`. Default: `full`

// mode comparison

mode: "full"

WhatDetects & rewrites toxic text contextually

RouteNode-1 → Node-2 (on failure)

Latency~300ms average

Rate limit30/min (Alpha) · 20/min (Guest)

Best forComments, user-facing chat

mode: "detect_only"

WhatBoolean scan only — is_toxic: true/false

RouteSkips Node-1 & 2 → Node-3 direct

Latency<50ms

Rate limit300/min burst (Alpha)

Best forBulk logs, chat pipelines, pre-screening

// example request

json — body

{
  "text": "ye frontend walo ka code ekdum bakwas hai bkl",
  "mode": "full"
}

http — headers

POST /api/demo/moderate HTTP/1.1
Content-Type: application/json
Cookie: rp_token=eyJhbGci...  # set automatically by browser

API Reference

Response schema

Enterprise-grade JSON with full telemetry. Both camelCase (SDK) and snake_case (raw API) fields returned simultaneously on every response.

// 200 OK — toxic text

json

{
  "success":      true,
  "is_toxic":     true,
  "isToxic":      true,           // SDK alias
  "confidence":   1.0,
  "original_text":"ye frontend walo ka code bakwas hai bkl",
  "clean_text":   "ye frontend walo ka code thoda aur improve ho sakta hai",
  "cleanText":    "ye frontend...",  // SDK alias
  "action_taken": "sanitized_by_node",
  "tags": { "profanity":true, "insult":false, "threat":false },
  "telemetry": {
    "node1_latency_ms": 43, "node2_latency_ms": null,
    "total_latency_ms": 43, "nodes_hit": ["Node-1"],
    "circuit_breaker": "closed",
    "rate_limit": { "limit":30, "remaining":28, "reset":1711245600 }
  }
}

// action_taken reference

Value	Meaning
clean	Not toxic — returned as-is
front_door_blocked	Instant keyword match — confidence=1.0, routed to Node-1/2
pure_abuse_refused	Short abuse (≤3 words) — rewrite refused, returns polite template
sanitized_by_node	Node-1 or Node-2 rewrote the text contextually
soft_toxic_flagged	Heuristic soft-toxic detected after LLM said clean
detection_only	mode=detect_only — Node-3, no rewrite
fallback_detection_only	Node-1 & Node-2 failed — emergency Node-3 fallback
circuit_breaker_bypass	Circuit breaker open — Node-3 used until 60s reset
obfuscation_blocked	Mixed-script injection (Latin + Devanagari) blocked by Layer 0
unsupported_language	Non-Latin/non-Hinglish script — not processed

// response headers

http

X-RateLimit-Remaining: 49
X-RateLimit-Reset:     1711245600
X-RateLimit-Tier:      alpha

API Reference

Errors & codes

All errors return success: false with a machine-readable error field. Always check retry_after on 429s.

HTTP	error	Cause	Fix
400	invalid_input	Empty text or over 500 chars	Trim input
401	unauthorized	No session cookie	Login first
401	token_invalid	Cookie expired or tampered	Re-login
403	account_banned	User is banned	Contact support
429	rate_limit_exceeded	Quota hit	Wait retry_after seconds
503	node1_unavailable	Classifier Node unavailable	Retry after 30s
500	internal_error	Unexpected server error	Report via /report

// 429 response + handling

json

{ "success":false, "error":"rate_limit_exceeded", "retry_after":47 }

javascript

if (res.status === 429) {
  const { retry_after } = await res.json();
  console.log(`Rate limited. Retry in ${retry_after}s`);
}

SDK

Node.js SDK

Official raiplus-moderation npm package. Zero dependencies. Node ≥ 18 required (uses built-in fetch).

npm install raiplus-moderationNode ≥ 18zero deps

// client.moderate(text)

javascript

const Raiplus = require('raiplus-moderation');
const client  = new Raiplus('rp_alpha_xxxxxxxxxxxxxxxx');

const result = await client.moderate('ye code ekdum bakwas hai bkl');
console.log(result.isToxic);      // true
console.log(result.confidence);   // 0.97
console.log(result.cleanText);    // 'ye code thoda aur accha ho sakta hai yaar'
console.log(result.actionTaken);  // 'sanitized_by_node'
console.log(result.tags);         // { profanity: true, insult: false, threat: false }
console.log(result.telemetry);    // { total_latency_ms: 310, nodes_hit: ['Node-1'], ... }

// client.detect(text) — boolean only, <50ms

javascript

const scan = await client.detect('bhai kya scene hai');
console.log(scan.isToxic);      // false — scan.cleanText is undefined (Node-3 never rewrites)

// client.batch(texts, options)

javascript

const results = await client.batch([
  'ye code bakwas hai bkl',
  'nice work bhai, accha hai',
], { mode: 'detect_only' });  // 300/min burst
results.forEach((r, i) => console.log(`[${i}] toxic: ${r.isToxic}`));

// error handling

javascript

const { RateLimitError, AuthError, ValidationError, NetworkError } = require('raiplus-moderation');
try {
  const result = await client.moderate(text);
} catch (e) {
  if (e instanceof RateLimitError)  console.log(`Retry in ${e.retryAfter}s`);
  if (e instanceof AuthError)       console.log('Check your API key');
  if (e instanceof NetworkError)    console.log('Server unreachable');
}

// auth methods

Method	Description
register(email, password, username)	Create account. Follow with verifyOtp().
verifyOtp(email, otp)	Verify OTP. Stores session cookie.
login(email, password)	Login. Stores cookie internally.
logout()	Clear stored cookie.
me()	Get user profile (quota, role, etc.).

// config options

javascript

const client = new Raiplus('rp_alpha_xxx', {
  baseUrl: 'https://staging.raiplus.in',  // default: 'https://raiplus.in'
  timeout: 15000,                          // ms, default: 30000
  debug:   true,                           // log requests (dev only)
});

SDK

TypeScript

Full TypeScript declarations ship in src/index.d.ts. No @types/ package needed.

typescript

import Raiplus, { RaiplusClient, ModerationResult, DetectResult } from 'raiplus-moderation';

const client: RaiplusClient = new Raiplus('rp_alpha_xxx');
const result: ModerationResult = await client.moderate('ye code bakwas hai bkl');
console.log(result.cleanText);   // string | null
console.log(result.isToxic);     // boolean
console.log(result.confidence);  // number (0–1)

// type definitions

typescript

interface ModerationResult {
  isToxic:      boolean;
  confidence:   number;
  originalText: string;
  cleanText:    string | null;
  actionTaken:  string;
  tags:         { profanity: boolean; insult: boolean; threat: boolean };
  telemetry:    Record<string, unknown>;
}
interface DetectResult {
  isToxic:    boolean;
  confidence: number;
  actionTaken:string;
}

Platform

Rate limits

Two limit axes — per-minute burst and per-day quota. Mode-based: detect_only gets 10× more burst because Node-3 is ~6× cheaper to run.

Tier	Mode	Per-min	Per-day	Keyed by	On exceed
guest	any	20/min	100/day	IP	429 + signup nudge
alpha	full	30/min	500/day	User ID	429 + retry_after
alpha	detect_only	300/min	5,000/day	User ID	429 + retry_after
email OTP	—	5 emails/hr	—	Email	Silent block
report	—	2/day	—	IP	429 + Discord link

Why 20/min guest: NAT routers in offices/hostels/coworking share one IP. 5/min would block 10 devs after one person makes 5 requests.

Why 300/min detect_only: Node-3 never calls a rewrite model — compute cost is ~6× lower. Quota still applies; 300/min is a burst cap, not a free pass.

Platform

Crash protection

Multiple layers prevent cascading failures. Even during a full LLM outage, every request gets a usable answer via Node-3 fallback.

Circuit Breaker

Threshold3 consecutive Node-1 + Node-2 failures

Stateopen / closed

Auto-reset60 seconds

FallbackNode-3 detect-only

Safety Shield

WhatRe-checks rewrite before returning

WhyLLMs can hallucinate abuse in output

If triggeredReturns polite refusal template

Timeouts

Node-110s (Promise.race)

Node-212s (Promise.race)

Node-310s (AbortController)

Layer 0 Armor

NFKC + ZWC stripPre-processing

Mixed-script blockLatin + Devanagari in same token

Front-door checkRegex keyword — instant, conf=1.0

Platform

Uptime & SLA

Live status at raiplus.in/status — auto-refreshes every 30s with a public incident history.

Alpha (now)

Target95%+ — best-effort

Maintenance24h notice on Discord

IncidentsPosted to /status — nothing hidden

Telemetrycircuit_breaker state in every response

Beta SLA (Q3 2026)

Availability99.5% — contractual

P1 response<1h

P2 response<4h

CreditsApplied automatically on breach

⚠ Alpha — not for production. No contractual SLA. Contact us for early Beta access.

Why we rarely go fully down: even when Node-1 and Node-2 are degraded, the circuit breaker routes to Node-3 within milliseconds. detect_only mode has never been affected by Node-1/Node-2 incidents.

Trust & Safety

Performance

Accuracy and latency from our internal test suite. Alpha numbers — we publish these so you can make an informed decision.

⚠ Alpha numbers — internal 8,000-sample holdout (Hinglish + English). Third-party benchmarks planned for Beta.

// classifier accuracy — Node-1, full mode

Metric	Hinglish	English	Mixed
Precision	92.4%	94.1%	91.8%
Recall	89.7%	91.2%	88.3%
F1 Score	91.0%	92.6%	90.0%
False Positive Rate	3.2%	2.8%	4.1%
False Negative Rate	7.6%	5.9%	8.9%

// Node-3 detect_only accuracy

Metric	Value	Notes
Precision	88.5%	Speed-optimized — slightly lower than Node-1
Recall	94.2%	Higher recall — fewer misses on toxic content
F1 Score	91.2%	—
False Positive Rate	5.8%	Use full mode for final decisions
p50 / p95 / p99	32ms / 48ms / 61ms	—

// latency percentiles — 10,000 requests

Mode	p50	p90	p95	p99
full (Node-1 hit)	280ms	340ms	410ms	820ms
full (Node-2 fallback)	340ms	450ms	560ms	1100ms
detect_only (Node-3)	32ms	44ms	48ms	61ms

Trust & Safety

vs OpenAI Moderation & others

Honest comparison. We built Raiplus to fill a gap — not to claim we're better at everything.

⚠ Methodology: identical Hinglish/English mixed samples run through each API. Results may differ from providers' English-only benchmarks.

Feature	Raiplus (Alpha)	OpenAI Moderation	Perspective API
Hinglish detection	Native ✓	Poor ✗	Poor ✗
English detection	Good ✓	Excellent ✓	Excellent ✓
Leet-speak / obfuscation	Layer 0 Armor ✓	Partial	Partial
Text rewrite / sanitize	Yes — contextual ✓	No ✗	No ✗
detect_only (<50ms)	Yes ✓	~100–300ms	~80–200ms
Cost	Free (alpha)	Free but rate-limited	Free tier
Production SLA	Beta Q3 2026	99.9% ✓	99.9% ✓

Use Raiplus if: your users write Hinglish or code-mixed text. OpenAI moderation misses 40–60% of Hinglish toxic content — we've tested this.

Use OpenAI/Perspective if: content is purely English and you need battle-tested production SLA today. We're not there yet — Beta Q3 2026.

Best of both: use Raiplus detect_only as a Hinglish pre-screen layer alongside OpenAI moderation for English. Our API is designed to compose.

Trust & Safety

Security

What we do to protect your requests, credentials, and infrastructure. Found a bug? Responsible disclosure is always rewarded — see Hall of Fame.

Authentication

JWT storagehttpOnly — never readable by JS

SameSiteStrict — CSRF-safe

Passwordsbcrypt (salt rounds: 10)

OTP6-digit · 10-min TTL · 5 emails/hr

Input Hardening

Layer 0 ArmorNFKC + zero-width strip

Mixed-scriptLatin + Devanagari → blocked

Max input500 chars

Rate limitsPer-user + per-IP

Transport

ProtocolHTTPS only (TLS 1.2+)

CDN / WAFCloudflare DDoS + WAF

IP storageSHA-256 hashed only

Known Alpha Gaps

API key rotation UIv1.1.0 planned

Per-IP banRate limiting only for now

2FA / TOTPBeta planned

Report vulnerabilities to support@raiplus.in or Discord. We respond within 48h and credit on the Hall of Fame.

Trust & Safety

Privacy & Data

Explicit line-by-line breakdown of what we collect, store, and how it's used. No vague policy language.

// what we log per request

Data point	Logged?	Purpose
Hashed IP (SHA-256)	Yes	Rate limiting only
is_toxic / confidence	Yes	Analytics
latency_ms / action_taken	Yes	Telemetry
Raw input text	Flywheel only	Model training (see below)

// flywheel (training data)

Full mode texts

StoredText + label + confidence

Who sees itRaiplus team only

User linked?No — no user ID attached

TTLIndefinite (training data)

detect_only texts

Stored inFastScan Lake — separate silo

TTL90 days — auto-deleted

Why separateAvoids polluting training sets

// your rights

Delete account: email support@raiplus.in — all data deleted within 7 days

Purge flywheel: email us — texts associated with your session removed

Data export: not automated yet — email for a request history CSV within 48h

          // We never sell data. We never share raw texts with advertisers or data brokers.
        