Use Azure Content Safety plugin

Uses: Kong Gateway AI Gateway decK

Deployment Platform:

Prerequisites

Kong Konnect

This is a Konnect tutorial and requires a Konnect personal access token.

Create a new personal access token by opening the Konnect PAT page and selecting Generate Token.
Export your token to an environment variable:
```
 export KONNECT_TOKEN='YOUR_KONNECT_PAT'
```
Run the quickstart script to automatically provision a Control Plane and Data Plane, and configure your environment:
```
 curl -Ls https://get.konghq.com/quickstart | bash -s -- -k $KONNECT_TOKEN --deck-output
```
This sets up a Konnect Control Plane named quickstart, provisions a local Data Plane, and prints out the following environment variable exports:
```
 export DECK_KONNECT_TOKEN=$KONNECT_TOKEN
 export DECK_KONNECT_CONTROL_PLANE_NAME=quickstart
 export KONNECT_CONTROL_PLANE_URL=https://us.api.konghq.com
 export KONNECT_PROXY_URL='http://localhost:8000'
```
Copy and paste these into your terminal to configure your session.

Kong Gateway running

This tutorial requires Kong Gateway Enterprise. If you don’t have Kong Gateway set up yet, you can use the quickstart script with an enterprise license to get an instance of Kong Gateway running almost instantly.

Export your license to an environment variable:

 export KONG_LICENSE_DATA='LICENSE-CONTENTS-GO-HERE'

Run the quickstart script:

 curl -Ls https://get.konghq.com/quickstart | bash -s -- -e KONG_LICENSE_DATA 

Once Kong Gateway is ready, you will see the following message:

 Kong Gateway Ready

decK

decK is a CLI tool for managing Kong Gateway declaratively with state files. To complete this tutorial you will first need to install decK.

Required entities

For this tutorial, you’ll need Kong Gateway entities, like Gateway Services and Routes, pre-configured. These entities are essential for Kong Gateway to function but installing them isn’t the focus of this guide. Follow these steps to pre-configure them:

Run the following command:

echo '
_format_version: "3.0"
services:
  - name: example-service
    url: http://httpbin.konghq.com/anything
routes:
  - name: example-route
    paths:
    - "/anything"
    service:
      name: example-service
' | deck gateway apply -

To learn more about entities, you can read our entities documentation.

OpenAI

This tutorial uses OpenAI:

Create an OpenAI account.
Get an API key.
Create a decK variable with the API key:

export DECK_OPENAI_API_KEY='YOUR OPENAI API KEY'

Azure Content Safety key

To complete this tutorial, you need an Azure subscription and a Content Safety key (static key from the Azure Portal). If you need to set this up, follow Microsoft’s Azure quickstart.

Export them as decK environment variables:

export DECK_AZURE_CONTENT_SAFETY_KEY='YOUR-CONTENT-SAFTEY-KEY'
export DECK_AZURE_CONTENT_SAFETY_URL='YOUR-CONTENT-SAFTEY-URL'

Configure the AI Proxy plugin

Enable the AI Proxy plugin with your OpenAI API key and the model details to proxy requests to OpenAI. In this example, we’ll use the GPT-4o model.

echo '
_format_version: "3.0"
plugins:
  - name: ai-proxy
    config:
      route_type: llm/v1/chat
      auth:
        header_name: Authorization
        header_value: Bearer ${{ env "DECK_OPENAI_API_KEY" }}
      model:
        provider: openai
        name: gpt-4o
' | deck gateway apply -

Configure the AI Azure Safety plugin

In this tutorial, we configure the plugin with an array of supported harm categories, as defined by Azure AI Content Safety. For reference, see:

We’ll start with the following configuration:

Map each harm category (Hate, SelfHarm, Sexual, and Violence) to categories.name.
Set rejection_level: 2 for each category.
It instructs the plugin to reject content when Azure classifies it at severity level 2 or higher. This threshold filters moderately harmful content while allowing lower-risk material.
Configure output_type: FourSeverityLevels.
It tells Azure to use a four-level severity scale (1–4) when evaluating content. For finer-grained filtering, you could instead configure output_type: EightSeverityLevels.

For more details about severity grading, see Azure severity grading.
Also set reveal_failure_reason: true
We want to make sure that if the plugin blocks content, the caller receives a clear explanation. Revealing failure reasons helps with transparency and debugging. If stricter confidentiality is required, you could configure this option as false instead.

Here’s the full plugin configuration:

echo '
_format_version: "3.0"
plugins:
  - name: ai-azure-content-safety
    config:
      content_safety_url: "${{ env "DECK_AZURE_CONTENT_SAFETY_URL" }}"
      content_safety_key: "${{ env "DECK_AZURE_CONTENT_SAFETY_KEY" }}"
      categories:
      - name: Hate
        rejection_level: 2
      - name: SelfHarm
        rejection_level: 2
      - name: Sexual
        rejection_level: 2
      - name: Violence
        rejection_level: 2
      text_source: concatenate_user_content
      reveal_failure_reason: true
      output_type: FourSeverityLevels
' | deck gateway apply -

Make sure that $DECK_AZURE_CONTENT_SAFETY_URL points at the /contentsafety/text:analyze endpoint.

Test the configuration

Using this configuration, send the following AI Chat request that violates the content policy set in the plugin:

curl "$KONNECT_PROXY_URL/anything" \
     -H "Content-Type: application/json"\
     -H "Authorization: Bearer $DECK_OPENAI_API_KEY" \
     --json '{
       "messages": [
         {
           "role": "system",
           "content": "You are a mathematician."
         },
         {
           "role": "user",
           "content": "What is 1 + 1?"
         },
         {
           "role": "assistant",
           "content": "The answer is 3."
         },
         {
           "role": "user",
           "content": "You lied, I hate you!"
         }
       ]
     }'

curl "http://localhost:8000/anything" \
     -H "Content-Type: application/json"\
     -H "Authorization: Bearer $DECK_OPENAI_API_KEY" \
     --json '{
       "messages": [
         {
           "role": "system",
           "content": "You are a mathematician."
         },
         {
           "role": "user",
           "content": "What is 1 + 1?"
         },
         {
           "role": "assistant",
           "content": "The answer is 3."
         },
         {
           "role": "user",
           "content": "You lied, I hate you!"
         }
       ]
     }'

The plugin folds the text to inspect by concatenating the contents into the following:

You are a mathematician.; What is 1 + 1?; The answer is 3.; You lied, I hate you!

Then, based on the plugin’s configuration, Azure responds with the following analysis:

{
    "categoriesAnalysis": [
        {
            "category": "Hate",
            "severity": 2
        }
    ]
}

This breaches the plugin’s configured threshold of ≥2 for Hate based on Azure’s ruleset, and sends a 400 error code to the client:

{
	"error": {
		"message": "request failed content safety check: breached category [Hate] at level 2"
	}
}

(Optional) Hide the failure reason from the API response

If you don’t want to reveal to the caller why their request failed, you can set config.reveal_failure_reason in the plugin configuration to false, in which case the response looks like this:

{
	"error": {
		"message": "request failed content safety check"
	}
}

Cleanup

Clean up Konnect environment

If you created a new control plane and want to conserve your free trial credits or avoid unnecessary charges, delete the new control plane used in this tutorial.

Destroy the Kong Gateway container

curl -Ls https://get.konghq.com/quickstart | bash -s -- -d