Multi-provider routing
OpenAI, Anthropic and other providers behind one endpoint.
Product
Provider-agnostic. BYOK by default. Sensitive data masked before any provider call.
One endpoint in front of OpenAI, Anthropic and other providers — with PII masking and rehydration applied at the edge so the model never sees personal or secret values.
Definition
A privacy-first gateway changes both where requests are routed and what content crosses the provider boundary.
Privian runs masking and rehydration before any provider call. See the glossary entry for a longer definition, or the AI Security Layer category page for how it fits into the broader stack.
Why it matters
A pure routing gateway changes nothing about what the provider sees. Customer emails, internal documents, support transcripts and developer scratch prompts all reach the model verbatim. A privacy-first gateway shrinks that exposure surface at the edge.
How it works
Step 1
Your app POSTs prompt + model to a single Privian endpoint with a gateway API key.
Step 2
Inbound prompt is scanned for personal and sensitive entities.
Step 3
Detected values are replaced with deterministic placeholders (PERSON_1, EMAIL_2, ...) for the request.
Step 4
Masked prompt is forwarded to the configured provider using your decrypted BYOK credentials.
Step 5
The provider response is scanned and placeholders are restored from the in-memory mapping.
Step 6
Your app receives a normal, rehydrated response. The mapping is discarded.
Framework
Authenticate
Validate the gateway key and request shape.
Protect
Detect and mask supported sensitive values.
Route
Select the provider from the namespaced model id.
Restore
Rehydrate the provider response in memory.
Technical
Models are addressed as provider/id, e.g. openai/gpt-4o-mini or anthropic/claude-sonnet-4-5. The full list lives in the models catalog.
Provider keys are stored AES-GCM encrypted at rest. They are decrypted in-process only while routing a request.
Drop-in OpenAI Chat Completions endpoint. Use the OpenAI SDK by setting baseURL to https://api.privian.io/v1.
Raw prompts and responses are never persisted. Only structural counters are kept for observability.
Example
Privian is OpenAI Chat Completions-compatible — point the OpenAI SDK (or any HTTP client) at https://api.privian.io/v1/chat/completions.
curl -sS -X POST "https://api.privian.io/v1/chat/completions" \
-H "Authorization: Bearer $PRIVIAN_GATEWAY_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"model": "openai/gpt-4o-mini",
"messages": [
{ "role": "user", "content": "Email me at michael@example.com about ticket #4821." }
]
}'Provider-namespaced model ids from the Privian catalog. The legacy /v1/gateway endpoint with the { prompt, model } shape also remains supported. See the API reference for the full request and response shape.
Application to gateway
Application sends: "Email michael@example.com about ticket #4821."Gateway to provider
Provider receives: "Email EMAIL_1 about ticket #4821."Capabilities
OpenAI, Anthropic and other providers behind one endpoint.
Personal and secret entities replaced before the provider call.
Placeholders restored in the response so your app sees real values.
Your provider credentials, encrypted at rest, used at request time.
Scoped Privian keys (sk-gw_live_… / sk-gw_test_…) for your apps.
Counters and metadata without storing raw prompts.
Transparency
stream: true is rejected)FAQ
Enterprise review
Related
Scope
Enterprise review
Trust assets procurement and security teams routinely request.
Plans & pricing
Pricing is published transparently. BYOK, zero retention, provider-agnostic. Beta plans may change.