Skip to main content
Welcome to Tinfoil SDKs — Drop-in replacements for OpenAI clients with built-in security verification. Choose your language below and start building with confidential AI in minutes.

Quick Start

1. Install Your Preferred SDK

pip install tinfoil

2. Get Your API Key

Visit the Tinfoil Dashboard to generate your API key. You can also read the guide on generating an API key [TODO: link to how-to-get-api key]

Available SDKs

LanguagePackageInstallationDocumentation
Pythontinfoilpip install tinfoilPython SDK
Node.jstinfoilnpm install tinfoilNode.js SDK
SwiftTinfoilAISwift Package ManagerSwift SDK
Gotinfoil-gogo get github.com/tinfoilsh/tinfoil-goGo SDK
CLItinfoil-cliVarious install methodsCLI Tool
Don’t see an SDK for your language? Contact us at [email protected] and we’ll prioritize adding support for your preferred programming language.

What Are Tinfoil SDKs?

Tinfoil provides SDKs that make it easy to integrate confidential AI inference into your applications. Each SDK is designed to be a drop-in replacement for OpenAI clients while adding verifiable security guarantees.

Key Benefits

Tinfoil SDKs provide automatic security verification - every request verifies you’re connecting to a genuine Tinfoil secure enclave and ensures your connection is end-to-end encrypted. They also offer drop-in compatibility with the same OpenAI API format, requiring only a different client setup.
TL;DR: Tinfoil clients provide the strongest security guarantees through certificate pinning and in-band verification. For security, it is best to always use our SDKs unless you know what you’re doing.

How It Works

Getting started with Tinfoil is straightforward: install any Tinfoil SDK using your language’s package manager, then update your client setup to use Tinfoil (the API remains the same afterward). Currently using an OpenAI SDK? You can use the same API syntax, and you’ll get automatic security as attestation verification happens transparently behind the scenes. 
import tinfoil

client = tinfoil.OpenAI(api_key="your-api-key")

# Same API as OpenAI - automatic security
response = client.chat.completions.create(
  model: '<MODEL_NAME>',
    messages=[{"role": "user", "content": "Hello world"}]
)

print(response.choices[0].message.content)
Security Note: Direct API access requires manual attestation verification to ensure security. Without verification, you have no cryptographic proof that your data is processed in a secure enclave. However, we still maintain auditability through attestation transparency.
You can also access the Tinfoil inference endpoint directly. However, this approach is not recommended in production for two reasons:
  1. Our SDKs perform automatic security verification that prevents man-in-the-middle attacks. When you access our API directly (without our SDKs), there is no guarantee of privacy.
  2. Our SDKs automatically choose the best secure router / enclave and perform load balancing. Performance can degrade if you do direct API access to our inference endpoints.
import requests

# Manual POST request - no automatic security
response = requests.post(
    "https://inference.tinfoil.sh/v1/chat/completions",
    headers={
        "Authorization": "Bearer your-api-key",
        "Content-Type": "application/json"
    },
    json={
        "model": "<MODEL_NAME>",
        "messages": [{"role": "user", "content": "Hello world"}]
    }
)

print(response.json()['choices'][0]['message']['content'])

The security checks performed by our SDKs

When you use a Tinfoil client, here’s what happens behind the scenes:

1. Initial Attestation Verification

The client performs cryptographic verification that the AI inference server is running in a genuine secure enclave, that the enclave is running the expected code published on GitHub and Sigstore, and that the TLS certificate for every request corresponds to this verified enclave.

2. Certificate Pinning Protection

Once verified, the client “pins” the TLS certificate, which prevents certificate swapping so Tinfoil cannot issue a new certificate and redirect your traffic. This maintains connection integrity by ensuring all subsequent requests use the same verified connection and provides real-time security where every request benefits from the initial attestation verification. What Could Go Wrong Without Pinning With direct API access, a malicious actor (even Tinfoil itself) could theoretically issue a new TLS certificate, route your traffic to a different (non-enclave) inference server, and process your data without confidentiality guarantees.
Auditability Through Certificate Transparency - Even without certificate pinning, you can still detect if Tinfoil has issued a new certificate for an endpoint by monitoring Certificate Transparency (CT) logs. All TLS certificates must be logged in public CT logs, making it possible to audit certificate issuance and detect potential certificate rotation that might indicate an attack. All production Tinfoil enclaves publish their attestation to CT for auditability. Learn more about audit-time verification in our verification comparison guide.
For a detailed comparison of verification approaches, see Connection-time vs Audit-time Verification. We strongly recommend using our SDKs for production use cases.

Next Steps

To get started, browse available models in our Model Catalog and browse examples for your preferred SDK.