How to Redact PII from Anthropic Claude API Calls
Stop sending names, emails, and secrets to Anthropic Claude. Learn how to redact PII from every Claude API call using a proxy-level security layer — no code changes required.
The problem: PII leaking through Anthropic Claude API calls
Every messages.create call sends your prompt to Anthropic's servers. If that prompt assembles user data — customer records, medical notes, HR documents, support conversations — it likely contains personally identifiable information that shouldn't leave your infrastructure.
const response = await anthropic.messages.create({
model: "claude-sonnet-4-5-20250929",
max_tokens: 1024,
messages: [
{
role: "user",
content: `Review this employee record:
Name: Michael Torres
Email: m.torres@globalcorp.io
SSN: 287-65-4419
DOB: 1988-03-14
Address: 891 Oak Boulevard, Austin, TX 78701
Salary: $142,000
Manager API token: xoxb-secret-token-here`,
},
],
});
That single call sent a name, email, SSN, date of birth, home address, salary, and a Slack token to an external service. Under GDPR, CCPA, and most enterprise data policies, that's a problem.
What PII looks like in Claude payloads
Anthropic's Messages API accepts freeform text in the messages array — identical to the risk surface of any LLM provider. Common PII vectors include:
- Names, emails, and phone numbers from CRM or support data
- SSNs and tax IDs in financial or HR contexts
- Medical record numbers in healthcare applications
- Home addresses and dates of birth from user profiles
- API keys and tokens accidentally included in context
- Source code with hardcoded credentials
Anthropic authenticates via the x-api-key header rather than Authorization: Bearer. That header is safe — the problem is the PII inside the request body.
The solution: proxy-level redaction with Grepture
Grepture is an open-source security proxy that sits between your application and Anthropic. Every request is scanned for PII, secrets, and sensitive patterns before it leaves your network. Sensitive values are masked with reversible tokens — and restored in the response so your application works normally.
Your code doesn't change. Your prompts stay useful. Claude never sees real PII.
Setup in 3 minutes
1. Install the SDK
npm install @grepture/sdk
2. Get your API key
Sign up at grepture.com/en/pricing — the free plan includes 1,000 requests/month. Copy your API key from the dashboard.
3. Wrap your Anthropic client
import Anthropic from "@anthropic-ai/sdk";
import { Grepture } from "@grepture/sdk";
const grepture = new Grepture({
apiKey: process.env.GREPTURE_API_KEY!,
proxyUrl: "https://proxy.grepture.com",
});
const anthropic = new Anthropic({
...grepture.clientOptions({
apiKey: process.env.ANTHROPIC_API_KEY!,
baseURL: "https://api.anthropic.com",
}),
});
// Every request is now scanned and protected
const response = await anthropic.messages.create({
model: "claude-sonnet-4-5-20250929",
max_tokens: 1024,
messages: [{ role: "user", content: userInput }],
});
That's it. clientOptions() reroutes traffic through the Grepture proxy. Under the hood, the wrapped fetch moves Anthropic's x-api-key header to X-Grepture-Auth-Forward so the proxy can authenticate both sides — your Anthropic key is forwarded securely and Claude authenticates your requests normally.
What gets detected
Grepture ships with 50+ detection patterns on the free tier and 80+ on Pro:
| Category | Examples | Tier |
|---|---|---|
| Personal identifiers | Names, emails, phone numbers, SSNs, dates of birth | Free (regex), Pro (AI) |
| Financial data | Credit card numbers, IBANs, routing numbers | Free |
| Credentials | API keys, bearer tokens, passwords, connection strings | Free |
| Network identifiers | IP addresses, MAC addresses | Free |
| Freeform PII | Names, organizations, and addresses in unstructured text | Pro (local AI models) |
| Adversarial inputs | Prompt injection attempts | Business |
All detection runs on Grepture infrastructure — no data is forwarded to additional third parties.
Mask and restore: reversible redaction
Grepture doesn't just strip PII — it replaces sensitive values with tokens, sends the sanitized prompt to Claude, and restores the original values in the response.
What Claude sees:
Review this employee record:
Name: [PERSON_1]
Email: [EMAIL_1]
SSN: [SSN_1]
DOB: [DATE_1]
Address: [ADDRESS_1]
...
What your app gets back:
The employee Michael Torres (m.torres@globalcorp.io)
is based in Austin, TX. Their compensation is $142,000
annually. No anomalies detected in the record.
Claude processes clean data. Your application receives the full, personalized response. No PII ever reaches Anthropic.
Streaming support
Grepture handles Anthropic's streaming natively. When you use stream: true, the proxy detokenizes chunks in real time — no buffering, no latency hit.
const stream = anthropic.messages.stream({
model: "claude-sonnet-4-5-20250929",
max_tokens: 1024,
messages: [{ role: "user", content: userInput }],
});
for await (const event of stream) {
if (
event.type === "content_block_delta" &&
event.delta.type === "text_delta"
) {
// Tokens are restored in real time
process.stdout.write(event.delta.text);
}
}
Next steps
- View pricing — free for up to 1,000 requests/month
- Read the docs — SDK reference, configuration, and dashboard guide
- See how it works — architecture, detection rules, and zero-data mode