Add PII masking to OpenAI

Add deterministic PII masking in front of an existing OpenAI integration by changing the base URL of the OpenAI SDK to Privian.

Migration shape

  1. Store your OpenAI key once as a BYOK credential in Privian. Remove it from your application environment.
  2. Create a Privian gateway key. Set it as PRIVIAN_GATEWAY_API_KEY.
  3. Change the OpenAI SDK base_url / baseURL to https://api.privian.io/v1.
  4. Use a Privian-supported, provider-namespaced model id (e.g. openai/gpt-4o-mini).

Python

python
from openai import OpenAI

client = OpenAI(
    api_key="YOUR_PRIVIAN_GATEWAY_API_KEY",
    base_url="https://api.privian.io/v1",
)

response = client.chat.completions.create(
    model="openai/gpt-4o-mini",
    messages=[
        {"role": "user", "content": "Hello, my name is Michael"},
    ],
)

print(response.choices[0].message.content)

Node / TypeScript

ts
import OpenAI from "openai";

const client = new OpenAI({
  apiKey: process.env.PRIVIAN_GATEWAY_API_KEY,
  baseURL: "https://api.privian.io/v1",
});

const response = await client.chat.completions.create({
  model: "openai/gpt-4o-mini",
  messages: [
    { role: "user", content: "Hello, my name is Michael" },
  ],
});

console.log(response.choices[0].message.content);

What changes vs. calling OpenAI directly

  • The OpenAI Chat Completions request and response shapes are unchanged.
  • Sensitive values in every message are masked before any provider call.
  • Model ids are provider-namespaced (openai/<id>, anthropic/<id>, …) and must be enabled in Privian's model catalog.
  • Streaming, tool/function calling, JSON mode, and multimodal content parts are not yet supported and return a fail-closed error.

Related