Add PII masking to OpenAI
Add a PII masking step in front of an existing OpenAI integration without changing how your application reasons about the response.
Migration shape
- Store your OpenAI key once as a BYOK credential in Privian. Remove it from your application environment.
- Create a Privian gateway key. Set it as
PRIVIAN_API_KEY. - Change the endpoint to
https://api.privian.io/v1/gatewayand the model toopenai/<model-id>(e.g.openai/gpt-5.5). - Send
{ prompt, model }and readresponse.
Python
python
import os, requests
def ask(prompt: str) -> str:
r = requests.post(
"https://api.privian.io/v1/gateway",
headers={"Authorization": f"Bearer {os.environ['PRIVIAN_API_KEY']}"},
json={"prompt": prompt, "model": "openai/gpt-5.5"},
timeout=30,
)
r.raise_for_status()
return r.json()["response"]TypeScript
ts
export async function ask(prompt: string): Promise<string> {
const res = await fetch("https://api.privian.io/v1/gateway", {
method: "POST",
headers: {
Authorization: `Bearer ${process.env.PRIVIAN_API_KEY!}`,
"Content-Type": "application/json",
},
body: JSON.stringify({ prompt, model: "openai/gpt-5.5" }),
});
if (!res.ok) {
const { error } = await res.json();
throw new Error(`privian ${error.code}`);
}
const { response } = await res.json();
return response;
}Gotchas
- The gateway accepts a single
promptstring today, not the OpenAImessagesarray. Concatenate roles into a single prompt or keep system instructions out of user-controlled fields. - Streaming uses artificial chunking over the rehydrated response; it is not native token streaming.
- Function calling / tool calling / JSON-mode are not yet exposed via the gateway.