Welcome to Tresor

A drop-in OpenAI-compatible API where the operator cannot read your data — and you can prove it.

The Tresor API is an inference API with one unusual property: we cannot read what flows through it, and you can verify that cryptographically.

Every request runs inside a hardware-isolated confidential compute environment. The CPU encrypts the enclave's memory; the infrastructure operator, our staff, and anyone with physical server access see only ciphertext. On every response you get a signed receipt proving which exact binary handled your request inside which exact enclave. With our tresor-attest SDK your client refuses to send a single byte if the endpoint is not running a binary in Tresor's audited allowlist.

We're OpenAI-API compatible, so you can drop us into any tool that takes a base URL and an API key — curl, the official OpenAI SDKs, LangChain, OpenCode, Cursor, OpenWork, Continue, and so on.

Two ways to use Tresor

There is no "default" choice — pick the one that fits where you're integrating.

Direct API

OpenAI-compatible HTTP endpoint. Works with curl, the OpenAI SDKs, and any tool that accepts a base URL.

Pick this when you're integrating into a coding harness, agent framework, or other tool that doesn't let you swap the HTTP layer.

tresor-attest SDK

Drop-in fetch / httpx / Go wrapper that verifies the enclave attestation on every request before any payload leaves your process.

Pick this when you need a hard cryptographic guarantee that the endpoint is the audited binary — defence against a compromised CA, TLS-terminating middlebox, or operator.

Both paths talk to the same endpoint. The SDK is a strict superset: it does everything the direct API does, plus pinning. You can switch later without changing your application code.

Where to go next

Quickstart

First request in 60 seconds — curl, Python, and TypeScript, with and without attestation pinning.

Concepts

Why nobody — including us — can read your data, and how to prove it.

Guides

Task-oriented walkthroughs: OpenAI SDK, attestation verification, receipt verification, routing failover, retries.

Third-party tools

Tool-specific integrations for Cursor, OpenCode, and other OpenAI-compatible clients.

API reference

Endpoint-by-endpoint reference with curl, Python, and TypeScript examples.