CloakAPI documentation

Drop-in AI gateway that never sees your customer data in the clear, signs every response, and lets you prove it later.

5-minute quickstart Read the privacy model

Why teams pick CloakAPI

Token-level privacy

Customer payloads are tokenised in the browser/SDK. The gateway routes structure, never plaintext PII, to OpenAI / Anthropic / Bedrock / Vertex / Azure.

Signed receipts

Every response is sealed with a chain-linked OpenReceipt v1 envelope. Auditors can independently verify months later — no trust in CloakAPI required.

Bring your own keys

Connect your own provider accounts with no markup. CloakAPI is paid for by gateway fees, not by reselling tokens.

OIDC SSO out of the box

/.well-known/openid-configuration, JWKS, userinfo. Plug into Authentik, Keycloak, Entra, Okta, Workspace.

Where to go next

Build something → Quickstart (5 min)
Verify a receipt → Receipts protocol
Wire SSO → Gateway authentication
Read the API → OpenAPI reference (Redoc)