Skip to content

Choose your integration

Five ways to build on CloakAPI. Every one reaches the same gateway at api.cloakapi.io with a cloak_ key, and every one can run Level-1 (client-side tokenisation before egress — see Build on CloakAPI for the assurance model).

The gateway lock (and why it’s a feature)

The client-side build-surfaces — the drop-in proxy, the SDKs, the hosted MCP — are gateway-locked: their base URL must be a CloakAPI gateway host. There is no “point it at any provider” setting.

Frame this positively to your users: your calls always go through the metered gateway. That’s exactly what makes the privacy relay, the signed receipt on every call, and the billing all guaranteed rather than optional. A build that could quietly bypass the gateway could quietly bypass the receipt.

Pick one

IntegrationBest when you…Level
Drop-in proxyalready have OpenAI/Anthropic code and want client-side PII with a one-line base_url changeLevel-1
SDK (8 langs)want native calls + client-side tokeniser embedded in your languageLevel-1
Hosted MCPbuild agents / connect Claude Desktop, Cursor, or any MCP hostLevel-1
Starter-kitwant a whole private-AI chat app to fork, reskin, and shipLevel-1
RESTbuild in a language without an SDK, or want raw HTTP controlLevel-1 or labelled Level-2

Drop-in proxy — cloak-proxy

Run the localhost proxy; point any OpenAI/Anthropic client at it. It tokenises on your machine, then forwards only tokens through the gateway. Gateway-locked by design (no provider-URL setting), so every call gets a signed receipt.

from openai import OpenAI
client = OpenAI(
base_url="http://localhost:8799/v1",
api_key="unused", # the proxy holds your CloakAPI key; provider keys live in your account
)
resp = client.chat.completions.create(
model="gpt-4o",
messages=[{"role": "user", "content": "Summarise the email from Alice."}],
)
print(resp.choices[0].message.content)

Full setup, coverage, and honest limits: Local proxy.


SDK — 8 languages

The canonical SDKs (TypeScript, Python, Go, Java, Rust, PHP, Ruby, .NET) embed the client-side tokeniser (Level-1) and reach the full REST capability set. All are gateway-locked.

# pip install cloakapi
from cloakapi import CloakAPI
client = CloakAPI(api_key="cloak_…") # base URL is a CloakAPI gateway host
resp = client.chat.completions.create(
model="gpt-4o",
messages=[{"role": "user", "content": "Summarise the email from Alice."}],
)
print(resp.choices[0].message.content)

Hosted MCP — @cloakapi/mcp-server

A distributable Model Context Protocol server exposing CloakAPI as ~22 tools (tokenise, detokenise, detect_pii, tokenise_file, tokenise_image, private_completion, private_messages, list_models, count_tokens, verify_receipt, get_receipt, countersign_receipt, list_receipts, receipt_chain_export, chain_verify, transparency_inclusion, get_balance, usage_summary, key_scopes, meter, reconstruct, engine_info). Tokenisation runs inside the MCP component the user runs, so raw PII never egresses (Level-1).

Wire it into any MCP host — e.g. claude_desktop_config.json:

{
"mcpServers": {
"cloakapi": {
"command": "npx",
"args": ["-y", "@cloakapi/mcp-server"],
"env": {
"CLOAKAPI_API_KEY": "cloak_live_…",
"CLOAKAPI_PRETOKENISED_KEY": ""
}
}
}
}

Or run it as a streamable-HTTP endpoint (--http, default 127.0.0.1:9473, JSON-RPC at POST /mcp) for an HTTP-capable MCP client.


Starter-kit — fork, reskin, ship

An open, Apache-2.0 reference private-AI chat app. The hard 80% is pre-wired: client-side tokenisation before egress (WASM structured engine + on-device NER for names), fail-closed composer, gateway relay with your key kept server-side, client-side detokenisation across streaming, signed receipts + a “verify this answer” widget, and engine-provenance headers for the gateway version-gate. One-file reskin (src/lib/brand.config.ts — name, logo, colours, tagline, default model + tier). Ships with a neutral placeholder brand so the white-label seams are obvious.

Terminal window
git clone <starter-kit> my-private-ai && cd my-private-ai
pnpm install
cp .env.example .env # set your CloakAPI key (server-side) + brand
pnpm dev

REST — raw HTTP

If your language has no SDK, call the gateway directly. Endpoints include /v1/chat/completions, /v1/messages, /v1/embeddings, /v1/detect, /v1/tokenize, /v1/detokenize, /v1/engine/*, /v1/reconstruct, and the receipts endpoints (/v1/receipts/verify, /v1/receipts/countersign, …).

Terminal window
curl https://api.cloakapi.io/api/v1/chat/completions \
-H "Authorization: Bearer cloak_…" \
-H "Content-Type: application/json" \
-d '{"model":"gpt-4o","messages":[{"role":"user","content":"Hello"}]}'

Level note. To stay on Level-1 over raw REST, tokenise on the end-user’s device first (embed a client-side tokeniser, e.g. the WASM engine or an SDK) and relay only tokens. The server-side tokenise endpoints (/v1/tokenize) are the labelled Level-2 convenience mode — raw text reaches a server before it is tokenised, so do not describe that path with “no raw PII reaches CloakAPI”. See the assurance model.

Full request/response contracts: the API reference and the Reference section.