Quick Start

This guide gets you from zero to a working Highflame integration in under ten minutes. By the end you will have routed a request through Highflame, seen a decision in Observatory, and chosen the integration path that fits your stack.

Before you start

You will need:

A Highflame account — sign up at studio.highflame.ai
Python 3.10+ or Node.js 18+ if you plan to use the SDK path
An API key from your LLM provider (OpenAI, Anthropic, etc.) if you plan to use the Highflame Agent Gateway

Step 1 — Get your Highflame API key

Sign in to Highflame Studio
Navigate to Account → Developer Settings
Create an API key and export it:

export HIGHFLAME_API_KEY="hf_sk_..."

Step 2 — Make your first protected request

Choose the path that matches how your application works. Both paths use the same detection pipeline, Cedar policies, and Observatory backend — they differ only in where integration happens.

Path A — Agent Gateway (no code changes)

If your application already calls an LLM using an OpenAI-compatible client, point it at Highflame instead. Add one header and change the base URL. No other changes to your application code are required.

export OPENAI_API_KEY="sk-..."
export HIGHFLAME_BASE_URL="https://api.highflame.ai"

import os
from openai import OpenAI

client = OpenAI(
    api_key=os.environ["OPENAI_API_KEY"],
    base_url=f"{os.environ['HIGHFLAME_BASE_URL']}/v1",
    default_headers={
        "x-highflame-api-key": os.environ["HIGHFLAME_API_KEY"],
    },
)

response = client.chat.completions.create(
    model="openai/gpt-4o-mini",
    messages=[{"role": "user", "content": "Summarize the quarterly roadmap."}],
)
print(response.choices[0].message.content)

import OpenAI from "openai";

const client = new OpenAI({
  apiKey: process.env.OPENAI_API_KEY,
  baseURL: `${process.env.HIGHFLAME_BASE_URL}/v1`,
  defaultHeaders: {
    "x-highflame-api-key": process.env.HIGHFLAME_API_KEY!,
  },
});

const response = await client.chat.completions.create({
  model: "openai/gpt-4o-mini",
  messages: [{ role: "user", content: "Summarize the quarterly roadmap." }],
});
console.log(response.choices[0]?.message?.content);

curl "${HIGHFLAME_BASE_URL}/v1/chat/completions" \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer ${OPENAI_API_KEY}" \
  -H "x-highflame-api-key: ${HIGHFLAME_API_KEY}" \
  -d '{
    "model": "openai/gpt-4o-mini",
    "messages": [{"role": "user", "content": "Summarize the quarterly roadmap."}]
  }'

What changed:

base_url points to Highflame instead of the upstream provider
model uses the provider/model format so Highflame knows which provider to route to
x-highflame-api-key identifies your project and active policies

Highflame supports multiple providers in this format: openai/gpt-4o, anthropic/claude-sonnet-4-6, azure/my-deployment, gemini/gemini-2.0-flash, and more. See Integration Examples for the full list.

Path B — Highflame SDK (inline guardrails)

If you want explicit, per-step enforcement inside an agent workflow — guarding prompts, tool calls, and responses directly in code — use the SDK.

Install:

pip install highflame

Make your first guarded request:

import os
from highflame import Highflame

client = Highflame(api_key=os.environ["HIGHFLAME_API_KEY"])

response = client.guard.evaluate_prompt(
    "Summarize the quarterly roadmap for the engineering team."
)

print(response.decision)   # "allow" or "deny"
print(response.latency_ms)

import { Highflame } from "@highflame/sdk";

const client = new Highflame({ apiKey: process.env.HIGHFLAME_API_KEY! });

const response = await client.guard.evaluatePrompt(
  "Summarize the quarterly roadmap for the engineering team."
);

console.log(response.decision);  // "allow" or "deny"
console.log(response.latencyMs);