Skip to content

CloakAPI documentation

Drop-in AI gateway — tokenise PII on your own device, relay through a blind gateway that signs every response, and prove it later.

Ways to use CloakAPI

The foundation is the API — but you don’t have to write code to get client-side tokenisation. There are three ways to use CloakAPI, plus a desktop power-up:

API / SDK / proxy (the foundation)

Point your existing OpenAI or Anthropic SDK at the gateway, or run the localhost local proxy to tokenise PII on your own machine with a single base_url change. Every call is metered and returns a signed receipt. → Quickstart (5 min)

Chat (private front door)

A browser chat window that tokenises your prompts on-device before relaying to Claude, GPT, Gemini, Grok or DeepSeek — no code, no install. → Get started with Chat

Browser extension

Adds the same privacy layer directly on chatgpt.com, claude.ai, gemini.google.com and grok.com. Sideload from the downloads page while the store listings are in review. → Install the extension

Desktop app (power-up)

A Windows power-up for Chat — the fullest on-device PII coverage, local receipt signing and complete-local models. macOS and Linux coming soon. → Get the desktop app

All four are paid, key-backed and fail-closed — if a message can’t be tokenised, the send is blocked rather than leaked. Pricing is usage-based, USD only. See pricing.

Why teams pick CloakAPI

Token-level privacy

On the client-side ways — browser chat, desktop app, browser extension, and the local proxy — payloads are tokenised on your device, so personal data never leaves your machine and the gateway relays only opaque tokens. The gateway itself is a blind token relay: it never inspects, detects, or tokenises content on our servers. A bare SDK pointed straight at api.cloakapi.io is blind-relayed as-is (not tokenised by us) — run the local proxy to tokenise with a plain SDK. Routes to Anthropic, OpenAI, Google Gemini, xAI Grok, DeepSeek, or self-hosted local (Ollama / LocalAI).

Signed receipts

Every response is sealed with a chain-linked OpenReceipt envelope. Auditors can independently verify months later — no trust in CloakAPI required.

Bring your own keys

Connect your own provider accounts — you pay your provider directly and CloakAPI adds a flat 5% gateway markup for routing, blind relay, and signed receipts. See pricing.

OIDC SSO out of the box

/.well-known/openid-configuration, JWKS, userinfo. Plug into Authentik, Keycloak, Entra, Okta, Workspace.

Where to go next

Last updated: