Welcome to Tinfoil SDKs — Drop-in replacements for OpenAI clients with built-in security verification. Choose your language below and start building with confidential AI in minutes.

Quick Start

1. Install Your Preferred SDK

pip install tinfoil

2. Get Your API Key

Visit the Tinfoil Dashboard to generate your API key.

Available SDKs

LanguagePackageInstallationStatusDocumentation
Pythontinfoilpip install tinfoil✅ StablePython SDK
Node.jstinfoilnpm install tinfoil✅ StableNode.js SDK
SwiftTinfoilAISwift Package Manager🚧 BetaSwift SDK
Gotinfoil-gogo get github.com/tinfoilsh/tinfoil-go✅ StableGo SDK
CLItinfoil-cliVarious install methods🚧 BetaCLI Tool
Don’t see an SDK for your language? Contact us at [email protected] and we’ll prioritize adding support for your preferred programming language.

What Are Tinfoil SDKs?

Tinfoil provides SDKs that make it easy to integrate confidential AI inference into your applications. Each SDK is designed to be a drop-in replacement for OpenAI clients while adding verifiable security guarantees.

Key Benefits

Tinfoil SDKs provide automatic security verification - every request verifies you’re connecting to a genuine secure enclave and ensures your connection is secured. They also offer drop-in compatibility with the same API standard you already know, requiring only a different client setup.

How It Works

Getting started with Tinfoil is straightforward: install any Tinfoil SDK using your language’s package manager, then update your client setup to use Tinfoil (the API remains the same afterward). You can use the same API you already know, and you’ll get automatic security as attestation verification happens transparently behind the scenes.

Code Examples

Here’s how the two approaches compare in practice: 
import tinfoil

client = tinfoil.OpenAI(api_key="your-api-key")

# Same API as OpenAI - automatic security
response = client.chat.completions.create(
  model: '<MODEL_NAME>',
    messages=[{"role": "user", "content": "Hello world"}]
)

print(response.choices[0].message.content)

Direct API Access

import requests

# Manual POST request - no automatic security
response = requests.post(
    "https://inference.tinfoil.sh/v1/chat/completions",
    headers={
        "Authorization": "Bearer your-api-key",
        "Content-Type": "application/json"
    },
    json={
        "model": "<MODEL_NAME>",
        "messages": [{"role": "user", "content": "Hello world"}]
    }
)

print(response.json()['choices'][0]['message']['content'])
Security Note: Direct API access requires manual attestation verification to ensure security. Without verification, you have no cryptographic proof that your data is processed in a secure enclave.

Why Use Tinfoil SDKs?

TL;DR: Tinfoil clients provide the strongest security guarantees through certificate pinning and in-band verification. For security, it is best to always use our SDKs unless you know what you’re doing.
You have two options for connecting to Tinfoil’s confidential AI inference:
  1. Tinfoil Client SDKs (Recommended) - Our SDKs with built-in in-band security verification
  2. Direct API Access - Standard POST requests to our endpoints without in-band secure verification
While both approaches work, they offer different security guarantees and user experiences.

In-Band vs Out-of-Band Verification

In-Band Verification

What Tinfoil Clients DoTinfoil clients verify attestation during connection setup and pin TLS certificates to prevent certificate swapping. This ensures the same verified enclave handles all requests and provides real-time security guarantees.

Out-of-Band Verification

What Direct API Access ProvidesDirect API access requires you to verify attestation separately from API calls, with manual certificate verification required. This provides post-hoc auditability security but weaker real-time security guarantees.
For a detailed comparison of verification approaches, see Connection-time vs Audit-time Verification.

Why Certificate Pinning Matters

When you use a Tinfoil client, here’s what happens behind the scenes:

1. Initial Attestation Verification

The client performs cryptographic verification that the AI inference server is running in a genuine secure enclave, that the enclave is running the expected code published on GitHub and Sigstore, and that the TLS certificate for every request corresponds to this verified enclave.

2. Certificate Pinning Protection

Once verified, the client “pins” the TLS certificate, which prevents certificate swapping so Tinfoil cannot issue a new certificate and redirect your traffic. This maintains connection integrity by ensuring all subsequent requests use the same verified connection and provides real-time security where every request benefits from the initial attestation verification.

3. What Could Go Wrong Without Pinning

With direct API access, a malicious actor (even Tinfoil itself) could theoretically issue a new TLS certificate, route your traffic to a different (non-enclave) inference server, and process your data without confidentiality guarantees.
Auditability Through Certificate Transparency - Even without certificate pinning, you can still detect if Tinfoil has issued a new certificate for an endpoint by monitoring Certificate Transparency (CT) logs. All TLS certificates must be logged in public CT logs, making it possible to audit certificate issuance and detect potential certificate rotation that might indicate an attack. All production Tinfoil enclaves publish their attestation to CT for auditability. Learn more about audit-time verification in our verification comparison guide.

When to Use Each Approach

Use Tinfoil Clients When:

Tinfoil clients are recommended when you want maximum security (especially for production use), need to migrate from an existing OpenAI SDK with minimal code changes, require real-time security guarantees, or want to focus on your application logic rather than security implementation.

⚠️ Consider Direct API Access When:

Direct API access may be suitable when you have existing HTTP client infrastructure that’s deeply integrated, need custom request/response handling that our SDKs don’t support, are building a proxy or gateway that needs low-level control, or want to implement your own verification logic for specific compliance requirements.
Important: If you choose direct API access, you must implement your own attestation verification to get any security benefits. Without verification, you have no security guarantees and have to trust Tinfoil to have set up the enclave correctly. However, we take steps to ensure auditability through CT logs as explained in our verification comparison guide.

Next Steps

To get started, browse available models in our Model Catalog and browse examples for your preferred SDK.