I just want to flag that certain malformed requests leak error messages that show more information about the API than they should. Nothing serious but I wanted to flag.
{
"model": "sonar-pro",
"messages": [
{
"role": "system",
"content": "Provide clear, structured responses with an explanation and practical examples."
},
{
"role": "user",
"content": [
{
"type": "text",
"text": "Could you tell me more about this image? "},
{
"type": "image_url",
"content" : "https://upload.wikimedia.org/wikipedia/commons/thumb/4/46/Vincent_Willem_van_Gogh_127.jpg/1920px-Vincent_Willem_van_Gogh_127.jpg"
}
]
}
],
"max_tokens": "125"
}
…leaks info on the Pydantic models for the types of accepted content and the expected fields.
{
"error": {
"message": "[\"At body -> messages -> 1 -> content -> str: Input should be a valid string\", \"At body -> messages -> 1 -> content -> list[union[ChatMessageContentTextChunk,ChatMessageContentImageChunk,ChatMessageContentPDFChunk]] -> 1 -> ChatMessageContentTextChunk -> type: Input should be 'text'\", \"At body -> messages -> 1 -> content -> list[union[ChatMessageContentTextChunk,ChatMessageContentImageChunk,ChatMessageContentPDFChunk]] -> 1 -> ChatMessageContentTextChunk -> text: Field required\", \"At body -> messages -> 1 -> content -> list[union[ChatMessageContentTextChunk,ChatMessageContentImageChunk,ChatMessageContentPDFChunk]] -> 1 -> ChatMessageContentImageChunk -> image_url: Field required\", \"At body -> messages -> 1 -> content -> list[union[ChatMessageContentTextChunk,ChatMessageContentImageChunk,ChatMessageContentPDFChunk]] -> 1 -> ChatMessageContentPDFChunk -> type: Input should be 'pdf_url'\", \"At body -> messages -> 1 -> content -> list[union[ChatMessageContentTextChunk,ChatMessageContentImageChunk,ChatMessageContentPDFChunk]] -> 1 -> ChatMessageContentPDFChunk -> pdf_url: Field required\"]",
"type": "bad_request",
"code": 400
}
}
This request uses the syntax that’s in the regex structure output section of the API docs. The example with an r string is invalid when the request is made directly.
Edit: It was non-authenticated; when authenticated, it returns a json decode error at r"
{
"model": "sonar-pro",
"messages": [
{
"role": "system",
"content": "Provide clear, structured responses with an explanation and practical examples."
},
{
"role": "user",
"content": [
{
"type": "text",
"text": "Could you tell me more about this image? "},
]
}
],
"max_tokens": "125",
"response_format": {
"type": "regex",
"regex": {"regex": r"(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)"},
},
}
and returns version info on the infrastructure (openresty, WAF).
<html>
<head>
<title>401 Authorization Required</title>
</head>
<body>
<center>
<h1>401 Authorization Required</h1>
</center>
<hr>
<center>openresty/1.25.3.1</center>
<script>
(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'90717be099c1426b',t:'MTczNzczNzAyMS4wMDAwMDA='};var a=document.createElement('script');a.nonce='';a.src='/cdn-cgi/challenge-platform/scripts/jsd/main.js';document.getElementsByTagName('head')[0].appendChild(a);";b.getElementsByTagName('head')[0].appendChild(d)}}if(document.body){var a=document.createElement('iframe');a.height=1;a.width=1;a.style.position='absolute';a.style.top=0;a.style.left=0;a.style.border='none';a.style.visibility='hidden';document.body.appendChild(a);if('loading'!==document.readyState)c();else if(window.addEventListener)document.addEventListener('DOMContentLoaded',c);else{var e=document.onreadystatechange||function(){};document.onreadystatechange=function(b){e(b);'loading'!==document.readyState&&(document.onreadystatechange=e,c())}}}})();
</script>
</body>
</html>