Redact secrets from arbitrary text. Deterministic, keyless, pure compute — no data is stored. Pass `text` (up to 256 KB); each detected credential is replaced in-place with a `[redacted:<kind>]` marker (surrounding text is preserved so the result stays greppable), and you get per-kind hit counts. Detects: PEM private-key blocks, JWTs, AWS access-key ids (AKIA/ASIA), GitHub tokens (ghp_/gho_/ghu_/ghs_/ghr_), Stripe keys (sk_/pk_/rk_ live|test), OpenAI keys (sk-…), npm tokens (npm_…), Slack tokens (xox[baprs]-…), Google API keys (AIza…), HTTP Bearer tokens, scheme://user:password@host URL credentials, and generic api_key/secret/token/password assignments. Idempotent. Useful before logging, storing (see store.doc-put redact=true), or sharing agent/tool output.
/api/text/redactPAYMENT-SIGNATURE.The redact API is a pay-per-call text endpoint built for AI agents and autonomous software. Redact secrets from arbitrary text.
There is no signup and no API key. An agent (or any HTTP client) hits the endpoint, receives an x402 "402 Payment Required" challenge, signs a sub-cent USDC payment on Base or Solana, and retries — the data comes back on the paid request. That makes it a drop-in redact data source for an agent tool-use loop, an MCP host, or a backend that needs text data on demand without onboarding to yet another vendor portal.
| Name | Type | Description |
|---|---|---|
textrequired | string | The text to scrub. Up to 256 KB. min 1 chars · max 262144 chars |
# 1. Probe the endpoint with no auth — receive 402 with PaymentRequirements
curl -sS -X POST 'https://2s.io/api/text/redact' \
-H 'Content-Type: application/json' \
-d '{"text":"example"}'
# 2. Sign the EIP-3009 transferWithAuthorization for the advertised price +
# payTo from the 402 envelope, then retry with PAYMENT-SIGNATURE:
curl -sS -X POST 'https://2s.io/api/text/redact' \
-H 'Content-Type: application/json' \
-H 'PAYMENT-SIGNATURE: <base64-json-payload>' \
-d '{"text":"example"}'
# Or just use the canonical runner — it handles the whole loop:
# EVM_PRIVATE_KEY=0x... node --env-file=.env.local \
# --experimental-strip-types scripts/x402-pay.ts \
# 'https://2s.io/api/text/redact'import { TwoS } from '@2sio/sdk'
const client = new TwoS({
privateKey: process.env.EVM_PRIVATE_KEY as `0x${string}`,
})
const result = await client.text.redact({
"text": "example"
})
console.log('endpoint:', result.endpoint)
console.log('cost:', result.costUsd, 'USDC')
console.log('tx:', result.settlement?.txHash)
console.log('data:', result.data)import os
from twosio import TwoS
client = TwoS(private_key=os.environ["EVM_PRIVATE_KEY"])
result = client.text.redact(text="example")
print("endpoint:", result.endpoint)
print("cost:", result.cost_usd, "USDC")
print("tx:", (result.settlement or {}).get("tx_hash"))
print("data:", result.data)// 1. Add @2sio/mcp to your MCP host config (Claude Desktop example below).
// EVM_PRIVATE_KEY funds x402 payments per call.
// claude_desktop_config.json
{
"mcpServers": {
"2sio": {
"command": "npx",
"args": ["-y", "@2sio/mcp"],
"env": { "EVM_PRIVATE_KEY": "0x..." }
}
}
}
// 2. Once the server is running, agents call this tool via standard MCP:
{
"jsonrpc": "2.0",
"id": 1,
"method": "tools/call",
"params": {
"name": "text.redact",
"arguments": {
"text": "example"
}
}
}| Field | Type | Description |
|---|---|---|
ok | boolean | one of: true |
items | array | |
total | integer | Total matching rows upstream; null when unknown. |
source | object |
{
"ok": true,
"items": [
{
"redacted": "example",
"counts": {
"pem_private_key": 1,
"jwt": 1,
"aws_access_key_id": 1,
"github_token": 1,
"stripe_key": 1,
"openai_key": 1,
"npm_token": 1,
"slack_token": 1,
"google_api_key": 1,
"bearer_token": 1,
"url_credentials": 1,
"secret_assignment": 1
},
"totalRedacted": 1
}
],
"total": 1,
"source": {
"provider": "example",
"url": "example",
"license": "example"
}
}