Skip to content
REST API · OAuth 2.0 + JWT

PortEden REST API — PII-Safe AI Access for Email, Calendar, Drive

A REST API for backend engineers building AI features against email, calendar, drive, and SharePoint — with redaction, RBAC, and an audit log enforced on every call so the model never sees raw PII, PHI, or secrets.

See pricing

Free tier · No credit card required

Maps to
SOC 2
GDPR
HIPAA
CCPA
EU AI Act
Five-Minute Quickstart

Authenticate Once. Call Anything.

quickstart.sh
# Generate an API key from your dashboard at my.porteden.com,
# or run `porteden auth login` to mint one via the browser flow.
export PE_API_KEY=pe_k1_... 
 
# Read the inbox — PortEden redacts PII before the response is built
curl https://api.porteden.com/api/access/email/messages?q=invoice \ 
  -H "Authorization: Bearer $PE_API_KEY" 
 
# Every call is policy-checked, redacted, and audited
# Full reference: /docs/api/authentication/
Full reference, including all 30+ endpoints and error codes. Read the API reference
The Risk

What Goes Wrong Without PortEden

Your AI Feature Is Sending Raw Inbox Content to OpenAI

You wired Gmail's API into a Claude or GPT-4 prompt. Every reply, attachment, and signature block now flows to a third-party processor in the clear — including SSNs, customer PII, internal account numbers, and credentials pasted into legitimate threads.

OAuth Tokens Grant Way More Than the Agent Needs

A single Google OAuth grant gives an agent access to every message, every file, every calendar event in the user's account. There's no built-in way to scope it to one inbox label or one Drive folder, and no audit trail of which messages the agent actually read.

You're Reinventing the Redaction Layer Yourself

Regex for SSNs, allow-lists for domains, custom rate limits per agent, an internal audit log nobody trusts — six engineers spend a quarter rebuilding what isn't your product. And it still misses the unstructured PII a 7B-param classifier would catch in 200 ms.

How the API Protects Every Call

PII, PHI, and Secrets — Stripped at the Boundary.

Every response from PortEden is policy-checked and redacted before it reaches your service. The agent calling your service sees placeholders, not raw values.

Your data
PortEdenRedact
Your AI
Claude
ChatGPT
Copilot
Gemini
Grok
Safe
Sensitive
Redacted
The Solution

Built For REST API

Redaction Enforced at the API Layer

Every response body passes through a 50+ identifier classifier (SSN, EIN, PHI, credit card, secret token, 120+ patterns) in under 200 ms. Sensitive values are replaced with stable placeholders the agent can reason about — never the underlying data.

Scoped Tokens, Not Raw OAuth

Mint a JWT scoped to one mailbox label, one Drive folder, one calendar, one set of HTTP verbs, with an expiry. Revoke any token in a single call. The agent never holds your customer's Google or Microsoft refresh token.

30+ Endpoints Across Email, Calendar, Drive, SharePoint, Tasks

List, search, read, write, and modify across Gmail, Outlook, Google Calendar, Microsoft Calendar, Google Drive, OneDrive, SharePoint, Jira, Asana, Monday, Linear, and Notion. One auth, one policy model, one error shape.

SIEM-Exportable Audit Log

Every call is logged: which token, which agent, which endpoint, which records, which redactions fired, allow-or-deny outcome. Stream to Splunk, Datadog, or S3. Reconstruct any agent's view of any user's data on demand.

Endpoint Reference

30+ Endpoints, One Policy Model.

POST/api/auth/token/loginStart the browser login flow to mint an API key.GET/api/access/email/messagesList or search inbox messages — redacted by default.POST/api/access/email/messages/sendSend mail through PortEden, with per-recipient policy.GET/api/access/calendar/eventsList events with attendee + title redaction options.POST/api/access/calendar/eventsCreate, update, or move events — Google + Microsoft.GET/api/access/drive/filesSearch Drive / OneDrive with folder-scoped tokens.GET/api/access/sharepoint/sitesEnumerate SharePoint sites and lists by label.GET/api/access/tasks/itemsCross-tool task list across Jira, Asana, Linear, Notion.
See the full API reference →
With and Without PortEden

The Same Workflow, Two Very Different Outcomes

Reading a User's Inbox From an AI Agent
Without
Gmail's raw OAuth API streams full message bodies to the agent — every SSN, secret, and PII string in the clear, no audit, no per-label scope.
With
PortEden returns the same message shape with sensitive values redacted, the request scoped to a single label, every read logged.
Letting the Agent Send Email on a User's Behalf
Without
The agent holds a refresh token that can send anything, anywhere. Revocation requires the user to revisit Google or Microsoft.
With
Mint a JWT scoped to send-only, with a recipient allow-list and a 24-hour expiry. Revoke server-side in a single call.
Searching a Drive or SharePoint Folder
Without
Microsoft Graph's `/sites/.../drive/root` returns every file in the tenant the user can see. Easy to over-fetch, hard to audit.
With
Folder-scoped tokens limit the search surface. PortEden's `/api/access/drive/files` returns the same shape with PII redacted in document bodies.
Compliance Reviewer Asks 'What Did the Agent Read on Tuesday?'
Without
You parse application logs for hours, miss half the requests, and still can't show what was returned vs. what was redacted.
With
Per-token, per-endpoint audit log with the exact redactions that fired. Export to SIEM or hand off as a CSV.
Rolling Out the Agent to 10,000 Users
Without
Every user goes through your OAuth consent flow, you store their refresh tokens, you become the breach blast-radius.
With
Tokens are minted from your service account against the user's PortEden grant. You never touch the underlying provider tokens.
Ship the Integration

Five-Minute Quickstart. Free Tier, No Credit Card.

Mint your first scoped token, run the curl in our quickstart, watch the redaction fire in the audit log. Free tier covers 1,000 calls/month.

See pricing

Frequently Asked Questions

Is the PortEden API a drop-in replacement for Gmail or Microsoft Graph?
It mirrors the shape of the underlying providers (messages, threads, files, events, tasks) but adds redaction, scoped tokens, and an audit log on every call. Most teams swap a Graph or Gmail SDK call for a PortEden equivalent in under a day. The full migration map is in /docs/api/.
How does authentication work?
Generate an API key in the PortEden dashboard, or run `porteden auth login` to mint one via the browser flow (POST /api/auth/token/login → poll → key). The key (prefix `pe_k1_`) is the Bearer token; send it on every call to `/api/access/...`. The key carries the scope (mailbox, folder, verbs) and is revocable in one call. End users OAuth into PortEden once for each underlying provider; your agent never holds their refresh token.
What gets redacted, and can I tune it?
Out of the box, 50+ identifier types: SSN, EIN, credit card, IBAN, US/EU phone, IP, MAC, AWS/GCP/Azure secrets, JWTs, OAuth tokens, plus PHI patterns (MRN, ICD, NPI). Plus 120+ secret patterns from the internal classifier. Tune via Access Rules — disable categories per token, allow-list specific values, or layer on org-wide policies. See /docs/api/access-rules/.
How do I scope a token to one folder or one Gmail label?
Tokens get three layers of scoping: Permissions (verbs and field visibility) via PUT /api/auth/token/{tokenId}/permissions, Resource Links (which Gmail labels, Drive folders, SharePoint sites this token can reach) via POST /api/auth/token/{tokenId}/resources, and Access Rules (per-contact/per-domain overrides) via POST /api/auth/token/{tokenId}/rules. See /docs/api/token-permissions/ and /docs/api/resource-links/.
What about rate limits and SLA?
Free tier: 1,000 calls/month. Pro ($15/mo) and Business ($19/seat): 10,000 calls/month per user. Enterprise: custom, with a 99.95% SLA and dedicated capacity. The API returns 429 with a Retry-After header on rate-limit; idempotency keys are supported on every write endpoint. Full tier breakdown on /pricing/.
What HIPAA capabilities does this expose?
PortEden's API surfaces redaction at egress and a per-request audit log. PHI is stripped before any agent or downstream processor sees it, so the threat model isn't 'OpenAI under contract' but 'OpenAI never receives PHI in the first place'. Compliance with HIPAA remains your responsibility — PortEden provides the technical control, you operate the program around it.
Can I run this on-prem or in our VPC?
The redaction engine and policy engine ship as a single binary you can run in your VPC (Kubernetes Helm chart available). The audit log can write to your S3, your Splunk, or your Datadog account. Talk to sales for the deployment package.
What happens if the API is down?
Tokens are stateless JWTs, so you can verify them locally during a brief outage. For data-plane calls, PortEden runs active-active across two regions with per-region failover under 30 seconds. Status lives at status.porteden.com. SLA terms are in the contract.

Keep Exploring

Ready to Ship the AI Feature Without Shipping the PII?

Mint a scoped token, run the quickstart, watch the audit log fill in. Free tier covers 1,000 calls/month — no credit card.

See pricing

On-prem or 50k+ users? Talk to sales →