Skip to content
POST/api/v1/security/model-scan/{scanId}/promote

Promote scanned model to an environment

Promotes a scanned model to a deployment environment, gated on verdict='safe'. Suspicious/malicious scans are blocked (403 PROMOTE_BLOCKED) unless override=true with a reason (>=8 chars). Admin only; every call writes a model_promotions audit row.

Authentication

Send Authorization: Bearer YOUR_API_KEY on every request. Generate API keys at /dashboard/api-keys.

Request body required

Example

{
  "toEnv": "<Target environment, e.g. staging, prod.>",
  "fromEnv": "string",
  "override": false,
  "reason": "<Required (>=8 chars) when override=true;>"
}
Schema
{
  "application/json": {
    "schema": {
      "type": "object",
      "required": [
        "toEnv"
      ],
      "properties": {
        "toEnv": {
          "type": "string",
          "pattern": "^[A-Za-z0-9][A-Za-z0-9_-]{0,63}$",
          "description": "Target environment, e.g. staging, prod."
        },
        "fromEnv": {
          "type": "string",
          "pattern": "^[A-Za-z0-9][A-Za-z0-9_-]{0,63}$"
        },
        "override": {
          "type": "boolean",
          "description": "Force promotion of a non-safe scan."
        },
        "reason": {
          "type": "string",
          "minLength": 8,
          "description": "Required (>=8 chars) when override=true; logged for audit."
        }
      }
    }
  }
}

Response

200 example

{
  "success": true
}

All status codes

200Promoted/override decision.
400(no description)
401(no description)
403Forbidden — non-admin, or promotion blocked (PROMOTE_BLOCKED).
404(no description)
429(no description)

Code samples

cURL

curl -X POST \
  https://evalguard.ai/api/v1/security/model-scan/{scanId}/promote \
  -H "Authorization: Bearer $EVALGUARD_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{ "toEnv": "<Target environment, e.g. staging, prod.>", "fromEnv": "string", "override": false, "reason": "<Required (>=8 chars) when override=true;>" }'

TypeScript

import { EvalGuard } from "@evalguard/sdk";

const client = new EvalGuard({ apiKey: process.env.EVALGUARD_API_KEY });

const response = await client.request({
  method: "POST",
  path: "/api/v1/security/model-scan/{scanId}/promote",
  body: {
    "toEnv": "<Target environment, e.g. staging, prod.>",
    "fromEnv": "string",
    "override": false,
    "reason": "<Required (>=8 chars) when override=true;>"
  },
});
console.log(response);

Python

from evalguard import EvalGuard
import os

client = EvalGuard(api_key=os.environ["EVALGUARD_API_KEY"])

response = client.request(
    method="POST",
    path="/api/v1/security/model-scan/{scanId}/promote",
    body={
    "toEnv": "<Target environment, e.g. staging, prod.>",
    "fromEnv": "string",
    "override": False,
    "reason": "<Required (>=8 chars) when override=true;>"
},
)
print(response)

Go

package main

import (
	"context"
	"fmt"
	"net/http"
	"os"
	"strings"
)

func main() {
	body := strings.NewReader(`{"toEnv":"<Target environment, e.g. staging, prod.>","fromEnv":"string","override":false,"reason":"<Required (>=8 chars) when override=true;>"}`)
	req, _ := http.NewRequestWithContext(context.Background(), "POST", "https://evalguard.ai/api/v1/security/model-scan/{scanId}/promote", body)
	req.Header.Set("Authorization", "Bearer "+os.Getenv("EVALGUARD_API_KEY"))
	req.Header.Set("Content-Type", "application/json")
	resp, err := http.DefaultClient.Do(req)
	if err != nil { panic(err) }
	defer resp.Body.Close()
	fmt.Println(resp.Status)
}

Errors

400401403404429

Other Security endpoints