Skip to main content
A response is confidential when the gateway served it from a verified upstream TEE provider: the gateway verifies the provider and binds the channel before forwarding your prompt, fail-closed. A routed response goes to a third-party provider that is not attested. The difference is explained in How it works. Confidentiality is a property of the upstream provider that serves a request, not of the model id. The same model may be offered under more than one id, so the id alone does not tell you whether a response was confidential.

Confirm a confidential response

The receipt is the source of truth. After a call, read the x-receipt-id header and inspect the upstream.verified event: 
curl -s "https://api.redpill.ai/v1/aci/receipts/$RECEIPT_ID" \
  -H "Authorization: Bearer $API_KEY" \
  | jq '.event_log[] | select(.type=="upstream.verified") | {provider, result, required, session_id}'
ConfidentialRouted
upstream.verified.resultverifiedfailed
upstream.verified.requiredtrue (fail-closed)false
session_idpresent (as_…)absent
For the full check, see Verify a response.

Which providers serve confidential models

Confidential models run on the verified providers RedPill supports: Tinfoil, NEAR AI, Chutes, and Phala. The receipt’s upstream.verified.provider records which one served a given request. See Providers for what each attests.

Find confidential models in the catalog

Each model in GET /v1/models has an is_tee boolean. is_tee: true means the model can be served confidentially, on a verified TEE provider. List them: 
curl -s https://api.redpill.ai/v1/models \
  -H "Authorization: Bearer $API_KEY" \
  | jq -r '.data[] | select(.is_tee == true) | .id'
is_tee tells you a model can be served confidentially. The receipt remains the per-response proof that a specific response was.

Providers

What each confidential provider attests.

Verify a response

Prove a response was served from an attested enclave.