The Tresor API is an inference API with one unusual property: we cannot read what flows through it, and you can verify that cryptographically.
Every request runs inside a hardware-isolated confidential compute environment. The CPU encrypts the enclave's memory; the infrastructure operator, our staff, and anyone with physical server access see only ciphertext. On every response you get a signed receipt proving which exact binary handled your request inside which exact enclave. With our tresor-attest SDK your client refuses to send a single byte if the endpoint is not running a binary in Tresor's audited allowlist.
We're OpenAI-API compatible, so you can drop us into any tool that takes a base URL and an API key — curl, the official OpenAI SDKs, LangChain, OpenCode, Cursor, OpenWork, Continue, and so on.
There is no "default" choice — pick the one that fits where you're integrating.
Direct API
OpenAI-compatible HTTP endpoint. Works with curl, the OpenAI SDKs, and any tool that accepts a base URL.
Pick this when you're integrating into a coding harness, agent framework, or other tool that doesn't let you swap the HTTP layer.
tresor-attest SDK
Drop-in fetch / httpx / Go wrapper that verifies the enclave attestation on every request before any payload leaves your process.
Pick this when you need a hard cryptographic guarantee that the endpoint is the audited binary — defence against a compromised CA, TLS-terminating middlebox, or operator.
Both paths talk to the same endpoint. The SDK is a strict superset: it does everything the direct API does, plus pinning. You can switch later without changing your application code.
Quickstart
First request in 60 seconds — curl, Python, and TypeScript, with and without attestation pinning.
Guides
Task-oriented walkthroughs: OpenAI SDK, attestation verification, receipt verification, routing failover, retries.