Skip to content

Context Override

Some features — such as AI Security Rules — require additional context to function correctly. This context can be configured in two ways:

  • Statically via Security Group Rules
  • Dynamically using a URL query parameter, which overrides any statically configured values

Encrypting Context

To securely override internal context, the data must be encrypted using a symmetric AES cipher with a shared encryption key.

  1. Encode the data as JSON or URL query format.
  2. Encrypt the encoded data using the AES-GCM cipher with the CONTEXT_DATA_KEY.
  3. Base64 URL-safe encode both the initialization vector (IV) and the encrypted data.
  4. Concatenate the IV and encrypted data using a dot (.) as the separator:
base64(iv) + "." + base64(encrypted)

Alternatively, use the POST /v1/context/encrypt endpoint to encrypt the data via the API.

Passing Context Data

To override context data, pass the encrypted payload as a URL query parameter. For example:

/v1/verify?context={ENCRYPTED_CONTEXT_DATA}

The value provided in the URL will override any context previously defined in the Security Group settings.