Everything you need to build on Ciralgo.
Ciralgo is OpenAI- and Anthropic-wire-compatible. Change one line, keep your SDK, and get EU-hosted routing, cost attribution, and audit-ready logging for free.
Quickstart
The whole integration is: keep your SDK, change one line. Pick the tab that matches your stack.
1const openai = new OpenAI({ baseURL: 'https://api.ciralgo.com/v1' });
1anthropic = Anthropic(base_url="https://api.ciralgo.com/anthropic/v1")
1from ciralgo import Ciralgo; client = Ciralgo(api_key="...")
1curl https://api.ciralgo.com/v1/chat/completions -H "Authorization: Bearer $KEY"
Verify it worked: every Ciralgo response includes an
x-ciralgo-trace-id header. If you see that header in your response,
your traffic is going through us. If you'd rather not check by hand, we keep a
one-file test script on
GitHub
that runs a single call and prints the trace ID for you.
A drop-in proxy, not a rewrite.
Ciralgo sits between your applications and every LLM provider you use. Requests come in on the OpenAI or Anthropic wire, get routed, logged, cost-tracked, and returned unchanged. The only change in your codebase is the base URL.
Your SDK sends a call
OpenAI, Anthropic, LangChain, or the Ciralgo Python SDK, same request format, new base URL.
Ciralgo routes & records
Picks the right provider, handles retries and rate limits, caches identical calls, and writes a full audit record.
You get the same response
Wire-identical to what OpenAI or Anthropic would return, with an added trace header for verification.
Every call, tagged. Every euro, accounted for.
Add an X-Ciralgo-Tags header to any request and Ciralgo attributes
cost, latency, and usage to that dimension automatically. No new endpoint. No
schema change.
X-Ciralgo-Tags: project=checkout, env=prod, feature=summary, run_id=abc123
What you can slice by
- Team, project, environment, feature
- Model & provider (OpenAI GPT-4o vs Claude Sonnet vs local Ollama)
- Individual user or workflow run ID
- Any custom key/value pair your app cares about
What Ciralgo does with it
- Writes a full attribution record per call, tagged for later query
- Rolls up dashboards by tag automatically
- Powers budget caps and cost policies per tag
- Exports to your BI stack via the management API
Sensitive prompt? It never leaves the EU.
Mark a call as private and Ciralgo will route it to an EU-hosted, self-contained model. No US cloud, no data leaving the jurisdiction, no exceptions.
How it works
Mark a call as private in the request. Ciralgo bypasses cloud providers entirely and routes it to an EU-hosted, self-contained model. The response comes back on the same wire with a route confirmation header so you can verify.
Enforce it org-wide
Admins can set a jurisdiction policy so all calls from a given team, tag, or user are treated as private, with no code change in the calling app. The proxy enforces the rule at the edge.
Built for the EU AI Act, from day one.
The Act comes into force in stages. Some milestones are already behind us, the biggest one is only months away, and the last one closes out the rollout in 2027.
- 2 Aug 2024
- 2 Feb 2025
- 2 Aug 2025
- 2 Aug 2026
- 2 Aug 2027
The AI Act enters into force
The EU officially passed the AI Act. Every deadline below is counted from this day.
Unacceptable-risk AI is banned
Social scoring, live biometric ID in public spaces, and workplace or classroom emotion recognition all become illegal.
General purpose AI rules apply
Providers of general purpose AI (like GPT-4 or Claude) must publish training data summaries and follow EU codes of practice.
Main obligations apply. The big one.
High-risk AI must meet Articles 12 (logging), 13 (transparency), 14 (oversight), 15 (accuracy). Fines up to €15M or 3% of revenue.
AI inside products becomes high-risk
AI that controls safety-critical parts of medical devices, machinery, vehicles and toys must meet the same core rules.
How Ciralgo maps to the articles
| Article | Requirement | How Ciralgo answers it |
|---|---|---|
| Article 12 | Automatic logging of high-risk AI system events | Every request and every admin action is logged with a tamper-evident audit trail. Exports available in standard formats for your compliance stack. |
| Article 13 | Transparency & provision of information | Every response includes attribution metadata so your app (and end users, where relevant) can see which model and jurisdiction handled the call. |
| Article 14 | Human oversight | Model policies, jurisdiction rules, and cost caps are configurable by role. Every operator action is logged with the identity behind it. |
| Article 15 | Accuracy, robustness & cybersecurity | Signed authentication tokens, MFA-enforced admin access, strict tenant isolation, and a penetration-test-ready posture. Full whitepaper available under NDA. |
| Article 17 | Quality management system | Documented Secure SDLC, LLM risk register, OWASP LLM Top 10 review, SBOM policy, and sub-processor list. Available under NDA. |
Preparing an internal audit or a procurement questionnaire? Ask about our EU AI Act evaluation pack , article-by-article documentation, signed by our DPO.
Security at a glance.
The one-page summary for Risk Officers and CISOs. Every claim below traces to a control in the full security whitepaper.
Authentication
Signed authentication tokens with MFA-enforced admin access and short-lived access tokens with automatic rotation.
Tenant isolation
Strict per-organization data isolation enforced at every layer, with regular audits and automated policy checks.
Data residency
All prompts, responses, logs, and metadata stored on EU infrastructure. Private-intent calls never leave the EU at all.
Audit logging
Every call and every admin action logged, tamper-evident, and exportable in standard formats for your BI or compliance stack.
Encryption
Encrypted at rest and in transit using industry-standard controls. Customer-managed keys available on the top tier.
Vulnerability management
Documented policy, SBOM available under NDA, penetration-test-ready posture, and a maintained sub-processor list.
Ciralgo vs the alternatives.
An honest read on where Ciralgo is different. All of these are legitimate tools; the right choice depends on whether EU data residency and AI Act mapping matter to you.
| Capability | Ciralgo | Portkey | LiteLLM | Helicone | Azure OpenAI |
|---|---|---|---|---|---|
| Wire compatible with OpenAI + Anthropic | Partial | ||||
| EU data residency guaranteed | Partial | ||||
| Private-intent routing to local models | Partial | ||||
| EU AI Act Article 12/17 mapping | |||||
| Built-in idempotency cache | |||||
| Cost attribution via request headers | Partial | ||||
| Open-source option |
Assessments as of July 2026 based on public documentation and vendor product pages. If we're wrong about something, tell us and we'll correct it.
Technical questions, answered.
The questions our sales engineers get every week.
Does streaming work?
Yes. Server-sent events pass through Ciralgo unchanged. Your SDK's streaming handler works the same as if you were talking to OpenAI or Anthropic directly, with no added latency measurable in practice.
What happens when a provider rate-limits me?
The proxy retries transient errors server-side with exponential backoff and honours provider retry hints. If the provider keeps failing, Ciralgo returns the last response and marks the call as degraded in the audit log for follow-up.
Can I use my own OpenAI or Anthropic API key?
Yes. Bring-your-own-key is supported on Team plans. Ciralgo can either use its own provider account (billed to us, invoiced to you) or route through your keys, you decide per-provider.
Is Ciralgo multi-tenant safe?
Strict per-organization data isolation is enforced at every layer, with regular audits, automated policy checks, and an active bug bounty. The full security whitepaper details our controls and audit history under NDA.
How does the idempotency cache work?
Provide an idempotency key. Identical requests inside the cache window return the original response with an idempotency confirmation header, and are not billed a second time.
What SLAs do you offer?
99.9% monthly uptime on Team Growth, 99.95% with a signed SLA on Team Scale. Historical uptime is published monthly.
Do you support self-hosted / on-prem?
Team Scale and Enterprise plans support customer-hosted Ollama for private-intent calls, with Ciralgo's SaaS control plane orchestrating routing. Fully on-prem control plane is on the enterprise roadmap.
How do I move from vanilla OpenAI to Ciralgo?
Change baseURL in your SDK config, keep everything else. If you want cost attribution too, add an X-Ciralgo-Tags header. Total change: usually one or two lines.
Ready for the full picture?
These are the internal docs your engineering, security, and compliance teams will actually cite. Available inside the Ciralgo webapp after signup, or by request.
Full integration guide
60-second quickstart, Python/Node/Go/LangChain examples, common-mistakes table.
Read the guide →Security whitepaper
Our approach to authentication, tenant isolation, and encryption. Detailed controls documented under NDA.
Get the whitepaper →AI audit logging
EU AI Act Article 12/17 mapping, UsageRecord schema, GovernanceEvent taxonomy.
Read the mapping →Provider routing governance
How Ciralgo picks providers, jurisdiction policies, private-intent enforcement.
Read the policy →Timeouts & circuit breakers
Client-side snippets for Python httpx and Node fetch. Stops day-one production issues.
Read the guide →Book a technical demo
A Ciralgo engineer will walk you through your specific integration path in 30 minutes.
Book a demo →