# Capsule Security LiteLLM Hooks API

Webhook endpoints for the Capsule LiteLLM gateway plugin.

The plugin calls `events/pre` synchronously before forwarding a
completion/chat request to the upstream model provider, blocking on the
allow/deny verdict. After the upstream call settles (success or failure),
it calls `events/post` for token and latency telemetry. Both endpoints are
JWT-authenticated; the token is scoped to a single tenant and environment.


Version: 1.0.0
License: Proprietary

## Servers

Production agentsecurity server
```
https://agents.capsule.security
```

## Security

### bearerAuth

JWT Bearer token scoped to a tenant and environment

Type: http
Scheme: bearer
Bearer Format: JWT

## Download OpenAPI description

[Capsule Security LiteLLM Hooks API](https://docs.capsulesecurity.io/_bundle/apis/litellm-hooks.yaml)

## LiteLLM Hooks

### Pre-call policy check

 - [POST /v1/litellm/hooks/events/pre](https://docs.capsulesecurity.io/apis/litellm-hooks/litellm-hooks/litellmprehook.md): Sent before LiteLLM forwards a completion request to the upstream model
provider. Capsule evaluates the model and messages against tenant
policies and returns an allow/deny verdict. The plugin rejects the
request when decision is deny and blocking is enabled.

### Post-call telemetry

 - [POST /v1/litellm/hooks/events/post](https://docs.capsulesecurity.io/apis/litellm-hooks/litellm-hooks/litellmposthook.md): Fire-and-forget telemetry sent after the upstream model call settles.
Carries token usage, latency, and success/error detail. Always returns
200 with { "ok": true } once accepted.