> ## Documentation Index
> Fetch the complete documentation index at: https://docs.responsibleailabs.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Capabilities

> GET /railscore/v1/capabilities - Discover what your API key's plan can access.

<Info>
  **Concept:** [Applications](/concepts/applications) | **SDK:** [Python Configuration](/sdk/python/configuration)
</Info>

Returns the features available to your API key's plan: evaluation modes, compliance frameworks, agent and DPDP capabilities, and request limits. Use it to discover the surface area you can build against without hard-coding plan assumptions.

## Request

<CodeGroup>
  ```bash curl theme={null}
  curl https://api.responsibleailabs.ai/railscore/v1/capabilities \
    -H "Authorization: Bearer YOUR_RAIL_API_KEY"
  ```

  ```python Python SDK theme={null}
  from rail_score_sdk import RailScoreClient

  client = RailScoreClient(api_key="YOUR_RAIL_API_KEY")
  caps = client.get_capabilities()  # added in SDK 2.6.0; no credits

  print(caps.plan, caps.limits.get("requests_per_day"))
  ```
</CodeGroup>

## Response

```json theme={null}
{
  "plan": "pro",
  "evaluation": { "modes": ["basic", "deep"] },
  "compliance": {
    "frameworks": ["GDPR", "CCPA", "HIPAA", "EU AI Act", "India DPDP", "India AI Governance"],
    "continuous_monitoring": false
  },
  "agent": { "tool_call": true, "tool_result": true, "prompt_injection": true },
  "dpdp": { "scan": true, "evaluate": true, "evidence": true, "base_path": "/railscore/v1/compliance/dpdp" },
  "limits": { "requests_per_day": 1000, "max_concurrent": 20, "max_active_keys": 5 }
}
```

<ResponseField name="evaluation.modes" type="string[]">
  Evaluation depths listed here: `basic`, `deep`. Note this list doesn't currently include
  `"auto"`, even though [`/eval`](/api-reference/evaluation) accepts `mode: "auto"` — don't
  gate `auto` on this field.
</ResponseField>

<ResponseField name="compliance" type="object">
  `frameworks` lists the compliance frameworks you can evaluate against. `continuous_monitoring` indicates whether ongoing monitoring pipelines are available on your plan.
</ResponseField>

<ResponseField name="agent" type="object">
  Agent governance features: pre-call `tool_call` checks, post-call `tool_result` scanning, and standalone `prompt_injection` detection.
</ResponseField>

<ResponseField name="dpdp" type="object">
  India DPDP features available on your plan: `scan`, `evaluate` (generally available), and
  `evidence` (Pro tier and above — audit-grade evidence packets). `base_path` is the DPDP
  endpoint prefix.
</ResponseField>

<ResponseField name="limits" type="object">
  Request limits for the key: `requests_per_day` (`null` means unlimited), `max_concurrent`, and `max_active_keys`.
</ResponseField>
