---
id: aikit-backend-api
title: Backend API
slug: /ai-kit/backend-api
sidebar_position: 50
description: REST endpoints provided by the AI-Kit AWS backend (SAR template) — Prompt/Writer/Rewriter/Summarizer/Translator/LanguageDetector/Proofreader + Knowledge Base helpers.
tags: [ai-kit, backend, aws, bedrock]
hide_title: true
---

## Backend API (REST)

The AI‑Kit AWS backend exposes “Chrome Built‑in AI parity” endpoints under `/admin/*` and `/frontend/*`, plus helpers for Knowledge Base listings and presigned uploads.

Deployment details, parameter descriptions, and setup notes live in the public Serverless Application Repository readme: [wpsuite-ai-kit on AWS SAR](https://serverlessrepo.aws.amazon.com/applications/us-east-1/637423296378/wpsuite-ai-kit).

---

## Authentication

Authentication is controlled entirely by the **SAR parameters** you choose while deploying the application (see the public README linked above):

- `AdminApiAuthMode`
- `FrontendApiAuthMode`

Each can be set to `NONE`, `IAM`, or `COGNITO`. The value you choose determines how requests to `/admin/*` or `/frontend/*` endpoints must be authenticated. When `NONE`, you typically pair it with reCAPTCHA or WAF (firewall) via the SAR configuration.

Frontend endpoints may additionally require an `X-Recaptcha-Token` header if reCAPTCHA protection is enabled.

---

## How the WordPress plugin uses the backend

- The AI-Kit blocks, chatbot, and JavaScript APIs automatically call the backend according to the settings you configure on the AI-Kit Settings admin screen.
- When reCAPTCHA is enabled for frontend traffic, the plugin requests tokens client-side so requests include the expected `X-Recaptcha-Token` header.
- If you integrate [Gatey](https://wpsuite.io/gatey/) as a transport and configure a matching `apiName` in Gatey Settings → API Settings, IAM/Cognito-protected deployments can exchange and refresh tokens seamlessly after the user signs into WordPress via Gatey.
- Without Gatey wiring, you can still call the backend directly from your own code (for example with `fetch`) against the public endpoint, using whatever auth mode you configured, or opting into network-level controls like firewalls/allow-lists.
- Use this document when you want to build custom flows or external tools on top of the deployed backend rather than the built-in plugin features.

---

## Endpoints

Endpoints are split into **admin** (WordPress dashboard) and **frontend** (public UI) prefixes. Both sets accept `application/json` unless noted otherwise.

### Admin endpoints (`/admin/*`)

| Path | Method | Purpose |
| --- | --- | --- |
| `/admin/knowledge-bases` | GET | List Bedrock Knowledge Bases available for RAG integration |
| `/admin/prompt` | POST | General prompt API parity (used by SEO flows) |
| `/admin/generate-upload-url` | GET | Presigned S3 upload URLs for multimodal prompts |
| `/admin/summarize` | POST | Summarizer backend fallback |
| `/admin/write` | POST | Writer backend fallback (KB enabled by default) |
| `/admin/rewrite` | POST | Rewriter backend fallback |
| `/admin/translate` | POST | Translator backend fallback |
| `/admin/proofread` | POST | Proofreader backend fallback |
| `/admin/detect-language` | POST | Language detector backend fallback |

### Frontend endpoints (`/frontend/*`)

These are feature-gated by SAR parameters (`EnableSummarizerBackend`, `EnableChatbotBackend`, `EnableLanguageAIBackend`). When enabled they mirror the admin routes and may require `X-Recaptcha-Token`.

| Path | Method | Notes |
| --- | --- | --- |
| `/frontend/prompt` | POST | Used by the chatbot's `sendChatMessage` and `sendFeedbackMessage` |
| `/frontend/generate-upload-url` | GET | Presigned uploads for public chatbot |
| `/frontend/summarize` | POST | Same payload as admin summarizer |
| `/frontend/write` | POST | Same payload as admin writer |
| `/frontend/rewrite` | POST | Same payload as admin rewriter |
| `/frontend/translate` | POST | Same payload as admin translator |
| `/frontend/proofread` | POST | Same payload as admin proofreader |
| `/frontend/detect-language` | POST | Same payload as admin language detector |

### Sample payloads

```json
// /admin/prompt (or /frontend/prompt)
{
  "messages": [
    { "role": "system", "content": "You are a helpful assistant." },
    { "role": "user", "content": "Extract a title and 5 bullet points from the text below..." }
  ],
  "saveChatSession": false
}
```

```json
// /admin/write
{
  "text": "Write a short product description...",
  "tone": "professional",
  "format": "markdown",
  "length": "short",
  "outputLanguage": "en"
}
```

```json
// /admin/translate (source language required)
{
  "text": "Hello world",
  "sourceLanguage": "en",
  "targetLanguage": "hu"
}
```

```json
// /admin/language-detector
{
  "text": "Szia! Hogy vagy?"
}
```

```json
// /admin/proofread
{
  "text": "I has a apple.",
  "expectedInputLanguages": ["en"]
}
```

---

## Error responses

Errors return an `ErrorResponse` shape (status code, message, and optional details). Common causes:

- payload too large (image uploads, large prompts)
- invalid enum values (for example missing `sourceLanguage` for translator)
- missing credentials / rejected by IAM, Cognito, WAF, or reCAPTCHA