Add PII masking to OpenAI
Add deterministic PII masking in front of an existing OpenAI integration by changing the base URL of the OpenAI SDK to Privian.
Migration shape
- Store your OpenAI key once as a BYOK credential in Privian. Remove it from your application environment.
- Create a Privian gateway key. Set it as
PRIVIAN_GATEWAY_API_KEY. - Change the OpenAI SDK
base_url/baseURLtohttps://api.privian.io/v1. - Use a Privian-supported, provider-namespaced model id (e.g.
openai/gpt-4o-mini).
Python
python
from openai import OpenAI
client = OpenAI(
api_key="YOUR_PRIVIAN_GATEWAY_API_KEY",
base_url="https://api.privian.io/v1",
)
response = client.chat.completions.create(
model="openai/gpt-4o-mini",
messages=[
{"role": "user", "content": "Hello, my name is Michael"},
],
)
print(response.choices[0].message.content)Node / TypeScript
ts
import OpenAI from "openai";
const client = new OpenAI({
apiKey: process.env.PRIVIAN_GATEWAY_API_KEY,
baseURL: "https://api.privian.io/v1",
});
const response = await client.chat.completions.create({
model: "openai/gpt-4o-mini",
messages: [
{ role: "user", content: "Hello, my name is Michael" },
],
});
console.log(response.choices[0].message.content);What changes vs. calling OpenAI directly
- The OpenAI Chat Completions request and response shapes are unchanged.
- Sensitive values in every message are masked before any provider call.
- Model ids are provider-namespaced (
openai/<id>,anthropic/<id>, …) and must be enabled in Privian's model catalog. - Streaming, tool/function calling, JSON mode, and multimodal content parts are not yet supported and return a fail-closed error.
