Docs

Everything you need to build on Ciralgo.

Ciralgo is OpenAI- and Anthropic-wire-compatible. Change one line, keep your SDK, and get EU-hosted routing, cost attribution, and audit-ready logging for free.

Step 1

Quickstart

The whole integration is: keep your SDK, change one line. Pick the tab that matches your stack.

1const openai = new OpenAI({ baseURL: 'https://api.ciralgo.com/v1' });
1anthropic = Anthropic(base_url="https://api.ciralgo.com/anthropic/v1")
1from ciralgo import Ciralgo; client = Ciralgo(api_key="...")
1curl https://api.ciralgo.com/v1/chat/completions -H "Authorization: Bearer $KEY"

Verify it worked: every Ciralgo response includes an x-ciralgo-trace-id header. If you see that header in your response, your traffic is going through us. If you'd rather not check by hand, we keep a one-file test script on GitHub that runs a single call and prints the trace ID for you.

How it works

A drop-in proxy, not a rewrite.

Ciralgo sits between your applications and every LLM provider you use. Requests come in on the OpenAI or Anthropic wire, get routed, logged, cost-tracked, and returned unchanged. The only change in your codebase is the base URL.

Anything that works with the OpenAI or Anthropic SDK works with Ciralgo by changing just the base URL. No rewrite, no wrappers, no new APIs to learn.
1

Your SDK sends a call

OpenAI, Anthropic, LangChain, or the Ciralgo Python SDK, same request format, new base URL.

2

Ciralgo routes & records

Picks the right provider, handles retries and rate limits, caches identical calls, and writes a full audit record.

3

You get the same response

Wire-identical to what OpenAI or Anthropic would return, with an added trace header for verification.

Deterministic caching, built in. Identical requests return a cached response with an idempotency confirmation. No upstream call, no double billing.
Cost attribution

Every call, tagged. Every euro, accounted for.

Add an X-Ciralgo-Tags header to any request and Ciralgo attributes cost, latency, and usage to that dimension automatically. No new endpoint. No schema change.

HTTP header
X-Ciralgo-Tags: project=checkout, env=prod, feature=summary, run_id=abc123

What you can slice by

  • Team, project, environment, feature
  • Model & provider (OpenAI GPT-4o vs Claude Sonnet vs local Ollama)
  • Individual user or workflow run ID
  • Any custom key/value pair your app cares about

What Ciralgo does with it

  • Writes a full attribution record per call, tagged for later query
  • Rolls up dashboards by tag automatically
  • Powers budget caps and cost policies per tag
  • Exports to your BI stack via the management API
EU routing

Sensitive prompt? It never leaves the EU.

Mark a call as private and Ciralgo will route it to an EU-hosted, self-contained model. No US cloud, no data leaving the jurisdiction, no exceptions.

Private intent routes to a self-hosted, EU-based model. Your data never leaves the jurisdiction and never touches a US cloud provider.

How it works

Mark a call as private in the request. Ciralgo bypasses cloud providers entirely and routes it to an EU-hosted, self-contained model. The response comes back on the same wire with a route confirmation header so you can verify.

Enforce it org-wide

Admins can set a jurisdiction policy so all calls from a given team, tag, or user are treated as private, with no code change in the calling app. The proxy enforces the rule at the edge.

Why this matters: Under the EU AI Act, transferring personal data to US providers requires either an adequacy decision or Standard Contractual Clauses. Private intent removes the transfer entirely , the question doesn't come up.
Compliance

Built for the EU AI Act, from day one.

The Act comes into force in stages. Some milestones are already behind us, the biggest one is only months away, and the last one closes out the rollout in 2027.

In effect Imminent Ahead
Today · 9 Jul 2026
  1. 2 Aug 2024
  2. 2 Feb 2025
  3. 2 Aug 2025
  4. 2 Aug 2026
  5. 2 Aug 2027
23 months ago 2 August 2024

The AI Act enters into force

The EU officially passed the AI Act. Every deadline below is counted from this day.

17 months ago 2 February 2025

Unacceptable-risk AI is banned

Social scoring, live biometric ID in public spaces, and workplace or classroom emotion recognition all become illegal.

11 months ago 2 August 2025

General purpose AI rules apply

Providers of general purpose AI (like GPT-4 or Claude) must publish training data summaries and follow EU codes of practice.

1 month away 2 August 2026

Main obligations apply. The big one.

High-risk AI must meet Articles 12 (logging), 13 (transparency), 14 (oversight), 15 (accuracy). Fines up to €15M or 3% of revenue.

13 months away 2 August 2027

AI inside products becomes high-risk

AI that controls safety-critical parts of medical devices, machinery, vehicles and toys must meet the same core rules.

How Ciralgo maps to the articles

"Logs of automated decision-making throughout the AI system lifecycle" , Article 12 compliance via a complete, tamper-evident audit trail across every request and admin action.
Article Requirement How Ciralgo answers it
Article 12 Automatic logging of high-risk AI system events Every request and every admin action is logged with a tamper-evident audit trail. Exports available in standard formats for your compliance stack.
Article 13 Transparency & provision of information Every response includes attribution metadata so your app (and end users, where relevant) can see which model and jurisdiction handled the call.
Article 14 Human oversight Model policies, jurisdiction rules, and cost caps are configurable by role. Every operator action is logged with the identity behind it.
Article 15 Accuracy, robustness & cybersecurity Signed authentication tokens, MFA-enforced admin access, strict tenant isolation, and a penetration-test-ready posture. Full whitepaper available under NDA.
Article 17 Quality management system Documented Secure SDLC, LLM risk register, OWASP LLM Top 10 review, SBOM policy, and sub-processor list. Available under NDA.

Preparing an internal audit or a procurement questionnaire? Ask about our EU AI Act evaluation pack , article-by-article documentation, signed by our DPO.

Security

Security at a glance.

The one-page summary for Risk Officers and CISOs. Every claim below traces to a control in the full security whitepaper.

Authentication

Signed authentication tokens with MFA-enforced admin access and short-lived access tokens with automatic rotation.

Tenant isolation

Strict per-organization data isolation enforced at every layer, with regular audits and automated policy checks.

Data residency

All prompts, responses, logs, and metadata stored on EU infrastructure. Private-intent calls never leave the EU at all.

Audit logging

Every call and every admin action logged, tamper-evident, and exportable in standard formats for your BI or compliance stack.

Encryption

Encrypted at rest and in transit using industry-standard controls. Customer-managed keys available on the top tier.

Vulnerability management

Documented policy, SBOM available under NDA, penetration-test-ready posture, and a maintained sub-processor list.

Comparison

Ciralgo vs the alternatives.

An honest read on where Ciralgo is different. All of these are legitimate tools; the right choice depends on whether EU data residency and AI Act mapping matter to you.

Capability Ciralgo Portkey LiteLLM Helicone Azure OpenAI
Wire compatible with OpenAI + Anthropic Partial
EU data residency guaranteed Partial
Private-intent routing to local models Partial
EU AI Act Article 12/17 mapping
Built-in idempotency cache
Cost attribution via request headers Partial
Open-source option

Assessments as of July 2026 based on public documentation and vendor product pages. If we're wrong about something, tell us and we'll correct it.

FAQ

Technical questions, answered.

The questions our sales engineers get every week.

Does streaming work?

Yes. Server-sent events pass through Ciralgo unchanged. Your SDK's streaming handler works the same as if you were talking to OpenAI or Anthropic directly, with no added latency measurable in practice.

What happens when a provider rate-limits me?

The proxy retries transient errors server-side with exponential backoff and honours provider retry hints. If the provider keeps failing, Ciralgo returns the last response and marks the call as degraded in the audit log for follow-up.

Can I use my own OpenAI or Anthropic API key?

Yes. Bring-your-own-key is supported on Team plans. Ciralgo can either use its own provider account (billed to us, invoiced to you) or route through your keys, you decide per-provider.

Is Ciralgo multi-tenant safe?

Strict per-organization data isolation is enforced at every layer, with regular audits, automated policy checks, and an active bug bounty. The full security whitepaper details our controls and audit history under NDA.

How does the idempotency cache work?

Provide an idempotency key. Identical requests inside the cache window return the original response with an idempotency confirmation header, and are not billed a second time.

What SLAs do you offer?

99.9% monthly uptime on Team Growth, 99.95% with a signed SLA on Team Scale. Historical uptime is published monthly.

Do you support self-hosted / on-prem?

Team Scale and Enterprise plans support customer-hosted Ollama for private-intent calls, with Ciralgo's SaaS control plane orchestrating routing. Fully on-prem control plane is on the enterprise roadmap.

How do I move from vanilla OpenAI to Ciralgo?

Change baseURL in your SDK config, keep everything else. If you want cost attribution too, add an X-Ciralgo-Tags header. Total change: usually one or two lines.