# Quick Start This guide gets you from zero to a working Highflame integration in under ten minutes. By the end you will have routed a request through Highflame, seen a decision in Observatory, and chosen the integration path that fits your stack. *** ## Before you start You will need: * A Highflame account — sign up at [studio.highflame.ai](https://studio.highflame.ai/) * Python 3.10+ or Node.js 18+ if you plan to use the SDK path * An API key from your LLM provider (OpenAI, Anthropic, etc.) if you plan to use the Highflame Agent Gateway *** ## Step 1 — Get your Highflame API key 1. Sign in to [Highflame Studio](https://studio.highflame.ai/) 2. Navigate to **Account → Developer Settings** 3. Create an API key and export it: ```bash export HIGHFLAME_API_KEY="hf_sk_..." ``` *** ## Step 2 — Make your first protected request Choose the path that matches how your application works. Both paths use the same detection pipeline, Cedar policies, and Observatory backend — they differ only in where integration happens. *** ### Path A — Agent Gateway (no code changes) If your application already calls an LLM using an OpenAI-compatible client, point it at Highflame instead. Add one header and change the base URL. No other changes to your application code are required. ```bash export OPENAI_API_KEY="sk-..." export HIGHFLAME_BASE_URL="https://api.highflame.ai" ``` {% tabs %} {% tab title="Python" %} ```python import os from openai import OpenAI client = OpenAI( api_key=os.environ["OPENAI_API_KEY"], base_url=f"{os.environ['HIGHFLAME_BASE_URL']}/v1", default_headers={ "x-highflame-api-key": os.environ["HIGHFLAME_API_KEY"], }, ) response = client.chat.completions.create( model="openai/gpt-4o-mini", messages=[{"role": "user", "content": "Summarize the quarterly roadmap."}], ) print(response.choices[0].message.content) ``` {% endtab %} {% tab title="TypeScript" %} ```typescript import OpenAI from "openai"; const client = new OpenAI({ apiKey: process.env.OPENAI_API_KEY, baseURL: `${process.env.HIGHFLAME_BASE_URL}/v1`, defaultHeaders: { "x-highflame-api-key": process.env.HIGHFLAME_API_KEY!, }, }); const response = await client.chat.completions.create({ model: "openai/gpt-4o-mini", messages: [{ role: "user", content: "Summarize the quarterly roadmap." }], }); console.log(response.choices[0]?.message?.content); ``` {% endtab %} {% tab title="curl" %} ```bash curl "${HIGHFLAME_BASE_URL}/v1/chat/completions" \ -H "Content-Type: application/json" \ -H "Authorization: Bearer ${OPENAI_API_KEY}" \ -H "x-highflame-api-key: ${HIGHFLAME_API_KEY}" \ -d '{ "model": "openai/gpt-4o-mini", "messages": [{"role": "user", "content": "Summarize the quarterly roadmap."}] }' ``` {% endtab %} {% endtabs %} What changed: * `base_url` points to Highflame instead of the upstream provider * `model` uses the `provider/model` format so Highflame knows which provider to route to * `x-highflame-api-key` identifies your project and active policies Highflame supports multiple providers in this format: `openai/gpt-4o`, `anthropic/claude-sonnet-4-6`, `azure/my-deployment`, `gemini/gemini-2.0-flash`, and more. See [Integration Examples](/getting-started/securing-agents/custom-agents/gateway-integration-examples.md) for the full list. *** ### Path B — Highflame SDK (inline guardrails) If you want explicit, per-step enforcement inside an agent workflow — guarding prompts, tool calls, and responses directly in code — use the SDK. **Install:** {% tabs %} {% tab title="Python" %} ```bash pip install highflame ``` {% endtab %} {% tab title="TypeScript" %} ```bash npm install @highflame/sdk ``` {% endtab %} {% endtabs %} **Make your first guarded request:** {% tabs %} {% tab title="Python" %} ```python import os from highflame import Highflame client = Highflame(api_key=os.environ["HIGHFLAME_API_KEY"]) response = client.guard.evaluate_prompt( "Summarize the quarterly roadmap for the engineering team." ) print(response.decision) # "allow" or "deny" print(response.latency_ms) ``` {% endtab %} {% tab title="TypeScript" %} ```typescript import { Highflame } from "@highflame/sdk"; const client = new Highflame({ apiKey: process.env.HIGHFLAME_API_KEY! }); const response = await client.guard.evaluatePrompt( "Summarize the quarterly roadmap for the engineering team." ); console.log(response.decision); // "allow" or "deny" console.log(response.latencyMs); ``` {% endtab %} {% endtabs %} * Safe traffic returns `allow`. * Risky traffic returns `deny` with the policy reason that triggered it. *** ## Step 3 — Verify in Observatory After making a request, open [Highflame Studio](https://console.highflame.ai/) and go to **Observatory → Traces**. You should see the request with: * **Decision** — allow, deny, redact, or monitor * **Detector scores** — which signals fired (injection score, PII flags, etc.) * **Latency** — time spent in Highflame vs. the upstream provider * **Token usage** — input and output token counts If a policy blocked the request, it also appears in **Observatory → Threats** with the determining policy IDs and rejection reason. *** ## Next steps Where you go from here depends on what you are securing: | Goal | Start here | | -------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------ | | Understand the three integration patterns and when to use each | [Securing Agents](/getting-started/securing-agents.md) | | See more Gateway and SDK code examples | [Integration Examples](/getting-started/securing-agents/custom-agents/gateway-integration-examples.md) | | Secure AI coding assistants (Cursor, Claude Code) | [Code Agents Quick Start](/code-agents/quick-start.md) | | Test an existing agent system for vulnerabilities | [Agent Red Teaming](/red-teaming/agent-red-teaming.md) | | Validate model artifacts before deployment | [Model Supply Chain Scan](/red-teaming/model-supply-chain-scan.md) | | Write tests for your Shield integration | [Testing Guide](/getting-started/testing-guide.md) | --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.highflame.ai/getting-started/quick-start.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.