# Escape API
> Escape a string so it is safe to drop into a specific context. Pick a target — a regular expression (so the text matches literally), a shell command (POSIX single-quote wrapping), a JSON string, a CSV field (RFC 4180 quoting) or a SQL string literal — and get back the correctly escaped value, plus a short note on the rule applied. The contexts endpoint lists every target with a worked example. Perfect for code generation, building commands and queries, templating and data export, and safely interpolating user input. Pure local computation — no key, no third-party service, instant. Live, nothing stored. 3 endpoints. The SQL context is a quoted literal for convenience, not a replacement for parameterised queries. Distinct from base64/hex/URL/HTML-entity encoders.

## Authentication
All requests require your oanor API key in the `x-oanor-key` header. Get one at https://www.oanor.com/developer/keys.

```bash
curl -H "x-oanor-key: oanor_live_…" "https://api.oanor.com/escape-api/..."
```

## Pricing
- **Free** (Free) — 1,085 calls/Mo, 2 req/s
- **Starter** ($1/Mo) — 9,250 calls/Mo, 8 req/s
- **Pro** ($21/Mo) — 143,500 calls/Mo, 20 req/s
- **Mega** ($59/Mo) — 760,000 calls/Mo, 50 req/s

## Endpoints

### Escape

#### `GET /v1/escape` — Escape for a context

**Parameters:**
- `text` (query, required, string) — String to escape Example: `O'Brien, a.b*`
- `context` (query, required, string) — regex|shell|json|csv|sql Example: `regex`

**Example:**
```bash
curl -H "x-oanor-key: $KEY" \
  "https://api.oanor.com/escape-api/v1/escape?text=O%27Brien%2C+a.b%2A&context=regex"
```

**Response:**
```json
{
    "data": {
        "note": "Backslash-escapes regex metacharacters so the text matches literally.",
        "input": "O'Brien, a.b*",
        "context": "regex",
        "escaped": "O'Brien, a\\.b\\*"
    },
    "meta": {
        "timestamp": "2026-06-03T01:09:42.529Z",
        "request_id": "3558c5df-1cce-4837-bae6-cd30841f7bd3"
    },
    "status": "ok",
    "message": "Escape for a context",
    "success": true
}
```

### Reference

#### `GET /v1/contexts` — Supported contexts

**Example:**
```bash
curl -H "x-oanor-key: $KEY" \
  "https://api.oanor.com/escape-api/v1/contexts"
```

**Response:**
```json
{
    "data": {
        "contexts": [
            {
                "name": "regex",
                "note": "Backslash-escapes regex metacharacters so the text matches literally.",
                "example": {
                    "input": "O'Brien, a.b*",
                    "escaped": "O'Brien, a\\.b\\*"
                }
            },
            {
                "name": "shell",
                "note": "POSIX single-quote wrapping — safe to drop into a sh/bash command.",
                "example": {
                    "input": "O'Brien, a.b*",
                    "escaped": "'O'\\''Brien, a.b*'"
                }
            },
            {
                "name": "json",
                "note": "A JSON string literal, including the surrounding double quotes.",
                "example": {
                    "input": "O'Brien, a.b*",
                    "escaped": "\"O'Brien, a.b*\""
                }
            },
            {
                "name": "csv",
                "note": "RFC 4180 — quotes the field only if it contains a comma, quote or newline.",
                "example": {
                    "input": "O'Brien, a.b*",
                    "escaped": "\"O'Brien, a.b*\""
                }
            },
            {
                "name": "sql",
                "note": "A single-quoted SQL string literal. NOT a substitute for parameterised queries / prepared statements — prefer bound parameters to prevent SQL injection.",
                "example
…(truncated, see openapi.json for full schema)
```

### Meta

#### `GET /v1/meta` — Spec

**Example:**
```bash
curl -H "x-oanor-key: $KEY" \
  "https://api.oanor.com/escape-api/v1/meta"
```

**Response:**
```json
{
    "data": {
        "name": "Escape API",
        "notes": "The sql context produces a quoted literal but is not a substitute for parameterised queries — use bound parameters for untrusted input. For base64/hex/URL/HTML-entity encoding use an encoding API. Nothing is stored.",
        "version": "v1",
        "endpoints": [
            {
                "path": "/v1/escape",
                "params": {
                    "text": "the string (required)",
                    "context": "regex|shell|json|csv|sql (required)"
                },
                "returns": "the escaped string"
            },
            {
                "path": "/v1/contexts",
                "params": [],
                "returns": "the supported contexts with examples"
            },
            {
                "path": "/v1/meta",
                "params": [],
                "returns": "this document"
            }
        ],
        "description": "Escape a string so it is safe to embed in a given context — a regular expression (literal match), a shell command (POSIX), a JSON string, a CSV field (RFC 4180) or a SQL string literal. Pure local, no key."
    },
    "meta": {
        "timestamp": "2026-06-03T01:09:42.700Z",
        "request_id": "86bc7224-a1db-4a29-8c71-8384a44793ba"
    },
    "status": "ok",
    "message": "Meta",
    "success": true
}
```


---
Marketplace page: https://www.oanor.com/api/escape-api
OpenAPI spec: https://www.oanor.com/api/escape-api/openapi.json