Choose your integration
Five ways to build on CloakAPI. Every one reaches the same gateway at
api.cloakapi.io with a cloak_ key, and every one can run Level-1
(client-side tokenisation before egress — see
Build on CloakAPI for the assurance model).
The gateway lock (and why it’s a feature)
The client-side build-surfaces — the drop-in proxy, the SDKs, the hosted MCP — are gateway-locked: their base URL must be a CloakAPI gateway host. There is no “point it at any provider” setting.
Frame this positively to your users: your calls always go through the metered gateway. That’s exactly what makes the privacy relay, the signed receipt on every call, and the billing all guaranteed rather than optional. A build that could quietly bypass the gateway could quietly bypass the receipt.
Pick one
| Integration | Best when you… | Level |
|---|---|---|
| Drop-in proxy | already have OpenAI/Anthropic code and want client-side PII with a one-line base_url change | Level-1 |
| SDK (8 langs) | want native calls + client-side tokeniser embedded in your language | Level-1 |
| Hosted MCP | build agents / connect Claude Desktop, Cursor, or any MCP host | Level-1 |
| Starter-kit | want a whole private-AI chat app to fork, reskin, and ship | Level-1 |
| REST | build in a language without an SDK, or want raw HTTP control | Level-1 or labelled Level-2 |
Drop-in proxy — cloak-proxy
Run the localhost proxy; point any OpenAI/Anthropic client at it. It tokenises on your machine, then forwards only tokens through the gateway. Gateway-locked by design (no provider-URL setting), so every call gets a signed receipt.
from openai import OpenAI
client = OpenAI( base_url="http://localhost:8799/v1", api_key="unused", # the proxy holds your CloakAPI key; provider keys live in your account)
resp = client.chat.completions.create( model="gpt-4o", messages=[{"role": "user", "content": "Summarise the email from Alice."}],)print(resp.choices[0].message.content)Full setup, coverage, and honest limits: Local proxy.
SDK — 8 languages
The canonical SDKs (TypeScript, Python, Go, Java, Rust, PHP, Ruby, .NET) embed the client-side tokeniser (Level-1) and reach the full REST capability set. All are gateway-locked.
# pip install cloakapifrom cloakapi import CloakAPI
client = CloakAPI(api_key="cloak_…") # base URL is a CloakAPI gateway hostresp = client.chat.completions.create( model="gpt-4o", messages=[{"role": "user", "content": "Summarise the email from Alice."}],)print(resp.choices[0].message.content)Hosted MCP — @cloakapi/mcp-server
A distributable Model Context Protocol server exposing CloakAPI as ~22 tools
(tokenise, detokenise, detect_pii, tokenise_file, tokenise_image,
private_completion, private_messages, list_models, count_tokens,
verify_receipt, get_receipt, countersign_receipt, list_receipts,
receipt_chain_export, chain_verify, transparency_inclusion, get_balance,
usage_summary, key_scopes, meter, reconstruct, engine_info).
Tokenisation runs inside the MCP component the user runs, so raw PII never
egresses (Level-1).
Wire it into any MCP host — e.g. claude_desktop_config.json:
{ "mcpServers": { "cloakapi": { "command": "npx", "args": ["-y", "@cloakapi/mcp-server"], "env": { "CLOAKAPI_API_KEY": "cloak_live_…", "CLOAKAPI_PRETOKENISED_KEY": "…" } } }}Or run it as a streamable-HTTP endpoint (--http, default 127.0.0.1:9473,
JSON-RPC at POST /mcp) for an HTTP-capable MCP client.
Starter-kit — fork, reskin, ship
An open, Apache-2.0 reference private-AI chat app. The hard 80% is pre-wired:
client-side tokenisation before egress (WASM structured engine + on-device NER
for names), fail-closed composer, gateway relay with your key kept server-side,
client-side detokenisation across streaming, signed receipts + a “verify this
answer” widget, and engine-provenance headers for the gateway version-gate.
One-file reskin (src/lib/brand.config.ts — name, logo, colours, tagline,
default model + tier). Ships with a neutral placeholder brand so the white-label
seams are obvious.
git clone <starter-kit> my-private-ai && cd my-private-aipnpm installcp .env.example .env # set your CloakAPI key (server-side) + brandpnpm devREST — raw HTTP
If your language has no SDK, call the gateway directly. Endpoints include
/v1/chat/completions, /v1/messages, /v1/embeddings, /v1/detect,
/v1/tokenize, /v1/detokenize, /v1/engine/*, /v1/reconstruct, and the
receipts endpoints (/v1/receipts/verify, /v1/receipts/countersign, …).
curl https://api.cloakapi.io/api/v1/chat/completions \ -H "Authorization: Bearer cloak_…" \ -H "Content-Type: application/json" \ -d '{"model":"gpt-4o","messages":[{"role":"user","content":"Hello"}]}'Level note. To stay on Level-1 over raw REST, tokenise on the end-user’s device first (embed a client-side tokeniser, e.g. the WASM engine or an SDK) and relay only tokens. The server-side tokenise endpoints (
/v1/tokenize) are the labelled Level-2 convenience mode — raw text reaches a server before it is tokenised, so do not describe that path with “no raw PII reaches CloakAPI”. See the assurance model.
Full request/response contracts: the API reference and the Reference section.