For developers

Null API

One OpenAI-compatible endpoint. Every frontier model. EU-hosted. With the privacy layer running inline, tokenize, route, reveal.

Get an API keyRead the docs
POST api.null.tl/v1/chat/completions
12345678910111213141516
curl --request POST \
  --url https://api.null.tl/v1/chat/completions \
  --header 'Authorization: Bearer <NULL_API_KEY>' \
  --header 'Content-Type: application/json' \
  --header 'Null-Region: eu-fra' \
  --data '{
    "model": "openai/gpt-5.1",
    "privacy": { "tokenize": true, "reveal": "client" },
    "messages": [
      { "role": "system",
        "content": "You are a claims-triage assistant for Hanseatic Versicherung." },
      { "role": "user",
        "content": "Summarize claim from Hermann Höfer (policy HV-2020-33891)." }
    ],
    "stream": true
  }'
200 OK · 14 entities tokenized · 0 revealed server-side132 ms · eu-fra-1
01 · Drop-in

OpenAI-compatible, always.

Point your existing SDK at api.null.tl. Model names, streaming, tools, structured outputs, same shape. Zero refactor.

02 · Private inline

Privacy runs in the request path.

Every request is inspected, tokenized, and logged before a single token reaches the upstream model. Reveal happens on your side.

03 · EU egress

Fra, Paris, Amsterdam. Pick a region.

Requests never cross the Atlantic. Region-locked routing, region-locked logs, region-locked key material, end to end.

Routing

One endpoint. Every model.

Pick the model per-request. Null routes it to the right provider, in the right region, under the right contract, with the privacy layer applied uniformly, regardless of the upstream.

50+ models, curated
OpenAI, Anthropic, Mistral, Google, Meta, xAI, DeepSeek, all exposed under one model catalog with consistent names.
Auto-fallback
Upstream outage? Null fails over to your declared backup model in under 200 ms. Your app never notices.
Per-key allowlists
Constrain an API key to a single model, or a region, or a throughput ceiling. Enforced at the edge.
Live traffic · last 60sRouting
openai/gpt-5.1
Azure OpenAI · no-train addendum
EU-FRA
412 r/s
anthropic/claude-4.5-sonnet
Direct · zero-retention
EU-PAR
188 r/s
mistral/large-3
Mistral EU · sovereign
EU-PAR
141 r/s
self/llama-3.3-70b
Your Frankfurt cluster
ON-PREM
62 r/s
Streaming

Token-by-token, still private.

Server-sent events work exactly like OpenAI's. The twist: Null swaps tokens as they stream, not after. Your app receives a response that is coherent, addressable, and re-identifiable, all inside the browser.

< 40 ms tokenization overhead
The privacy layer is a sidecar, not a pipeline gate. End users don't feel it.
Structured outputs, preserved
JSON mode, tool calls, function arguments, sensitive data in any of these is tokenized with the shape intact.
Reveal scope control
Declare per-request which fields to reveal, to whom, and for how long. The default is none.
POST /v1/chat/completions · stream=trueStreaming
// event stream, model sees tokens, never names
event: message.delta
data: {"content": "The claim from "}

event: message.delta
data: {"content": "PERSON_A·S7FT9CD against "}

event: message.delta
data: {"content": "ORG_A·44LT3R shows a dispute of "}

event: message.delta
data: {"content": "AMOUNT_A·18420 on line 14."}

event: message.complete
data: {"vault_id": "vlt_8f2b4", "tokens_used": 342, "entities": 3}
Endpoints

Everything you'd expect. Plus a vault.

Chat, embeddings, images, audio, files, and the endpoints that make Null, Null.

POST
/v1/chat/completions
Chat with any model. OpenAI-compatible body. Streaming, tools, JSON mode.
All regions
POST
/v1/embeddings
Vector embeddings from OpenAI, Cohere, Mistral. Tokenized inputs, tokenized metadata.
All regions
POST
/v1/vault/tokenize
Run a string through the sensitive data engine and get the tokenized version back.
All regions
POST
/v1/vault/reveal
Re-identify tokens for a declared scope. Logged, audited, rate-limited.
Customer device
POST
/v1/files
Upload a document. Receive OCR, chunking, entity detection, vault-scoped references.
All regions
GET
/v1/models
Your workspace's active model catalog. Includes region, retention, and no-train status per model.
All regions
GET
/v1/audit/events
Query the immutable audit log: prompts, reveals, routing decisions, key activity.
Region-locked
SDKs

Install. Swap base URL. Ship.

Use our thin SDK or any OpenAI SDK pointed at our base URL, both work. Thin SDKs add native support for the vault endpoints.

@null/sdk-node
npm i @null/sdk
null-py
pip install null-py
github.com/null/sdk-go
go get github.com/null/sdk-go
com.null:sdk-jvm
implementation 'com.null:sdk-jvm:0.8.0'
Built for the auditor

An API your Data Protection Officer will sign off on.

DPAs pre-signed with every upstream provider. Article 32 “state of the art” pseudonymization. EU data residency enforced at the edge. ROPA entries generated for you.

Egress
EU-only routing
Frankfurt · Paris · Amsterdam
Retention
Upstream · default
Zero
Training
Opt-out enforced
100%
Certifications
Attestations on request
ISO 27001 · 42001 · SOC 2

Put Null in front of your models.

Five minutes to swap your base URL. Thirty days to measure the delta. Your DPO will thank you.

Get an API keyRead the docs