Custom Headers
The Sequrity Control API supports a set of custom HTTP headers for authentication, session management, and configuring security behavior. These headers fall into two categories: standard headers used in all requests, and Headers-Only Mode headers that allow you to define features and policies inline without pre-configuring a project.
Headers Summary
| Header | Required | Description |
|---|---|---|
X-Api-Key |
No | LLM provider API key (BYOK). If omitted, Sequrity uses its server-managed key. |
X-Session-ID |
Not required most of the time (See Session ID Guide) | Session identifier for continuing an existing conversation. |
X-Features |
Required in Headers Mode | JSON object defining the agent architecture and enabled security features (classifiers, blockers). Must be paired with X-Policy. |
X-Policy |
No | JSON object defining security policies and enforcement behavior. Must be paired with X-Features. |
X-Config |
No | JSON object for fine-tuning session execution behavior, prompt overrides, and response format settings. |