Skip to main content

What is Oximy Gateway?

Oximy Gateway is a secure proxy that sits between your application and AI providers (OpenAI, Anthropic, Google, etc.). It applies guardrails to every request and response in real-time, protecting against data leakage, prompt injection, jailbreaks, and other AI-specific threats. Gateway is a drop-in replacement for direct AI provider APIs. Change your base URL, add two headers, and you’re protected.

How It Works

Your App → Gateway → Guardrails → AI Provider (OpenAI/Anthropic/Google)
  1. Your application sends a request to Gateway instead of directly to the AI provider
  2. Gateway loads the project’s assigned policy
  3. Guardrails analyze the request for threats
  4. Clean, sanitized request is forwarded to the AI provider
  5. Response is checked by guardrails before returning
  6. Your application receives the protected response
All of this happens in milliseconds with minimal latency overhead.

Key Features

OpenAI SDK Compatible

Works with any OpenAI-compatible SDK. No code changes required beyond configuration: 
const openai = new OpenAI({
  baseURL: 'https://gateway.oximy.com/v1',  // Only change needed
  apiKey: 'your-openai-key',
  defaultHeaders: {
    'x-oximy-api-key': 'oxi-live-YOUR_KEY',
    'x-oximy-project-id': 'your-project'
  }
});

Multi-Provider Support

Use any AI provider through a single API:
  • OpenAI (GPT-4, GPT-3.5)
  • Anthropic (Claude 3.5)
  • Google (Gemini 1.5)
  • Azure OpenAI
  • Together AI
  • Cohere
  • Groq
  • 15+ more
Switch providers by changing a header, no code changes needed.

Real-Time Guardrails

Every request and response is protected:
  • Prompt injection defense: Block instruction manipulation
  • Data leakage prevention: Redact PII, credentials, sensitive data
  • Jailbreak prevention: Stop safety bypass attempts
  • Content moderation: Filter harmful content
  • OWASP Top 10 coverage: Protection against all LLM vulnerabilities

Project-Based Policies

Different security rules for different use cases:
  • Production API: Strict enforcement, BLOCK violations
  • Internal tools: Moderate enforcement, WARN violations
  • Development: Permissive enforcement, WARN with detailed logging
Each project loads its own policy automatically.

Use Cases

Customer-Facing Applications

Protect public APIs and customer portals:
  • Block prompt injection attempts
  • Prevent data leakage in responses
  • Filter inappropriate content
  • Maintain brand safety
  • Meet compliance requirements

Internal Tools

Secure employee-facing AI applications:
  • Prevent accidental credential leaks
  • Monitor for policy violations
  • Track AI usage patterns
  • Enforce acceptable use policies
  • Audit all interactions

Development and Testing

Safe AI experimentation:
  • Log violations without blocking
  • Test guardrails configurations
  • Monitor false positive rates
  • Validate policies before production
  • Debug AI interactions

Getting Started

1

Get API Credentials

Visit the Oximy Dashboard to get your API key and project ID.
2

Configure Your SDK

Update your OpenAI SDK configuration to use Gateway as the base URL.
3

Add Headers

Include x-oximy-api-key and x-oximy-project-id in your requests.
4

Make Requests

Use your AI application normally. Gateway handles protection automatically.

Quick Start Guide

Complete integration guide with code examples

Architecture

Gateway is built for performance and reliability:
  • Sub-100ms latency: Minimal overhead over direct API calls
  • Streaming support: Real-time response streaming with guardrails
  • High availability: 99.9% uptime SLA
  • Horizontal scaling: Handles thousands of requests per second
  • Global deployment: Low-latency access worldwide

Standalone Validation

In addition to proxy functionality, Gateway offers standalone validation endpoints for cases where you need guardrail protection without proxying through Gateway: Validate Text Endpoint (/v1/validate-text):
  • Validates text against guardrails without sending to AI providers
  • Useful for pre-validation, output validation, batch processing
  • Same guardrails, different workflow

Validate Text API

Use guardrails independently without the Gateway proxy
 This gives you flexibility to use Oximy’s protection in any workflow—whether you route through Gateway or validate independently.

Security and Privacy

  • No data storage: Requests are not stored or used for training
  • Encrypted transit: All traffic uses TLS 1.3
  • Audit logging: Complete request/response history for compliance
  • SOC 2 compliant: Enterprise-grade security controls
  • GDPR compliant: EU data protection standards