Compliant Multi-Tenant AI Integration Gateway — Technical Access

Zero-Leakage AI.
Test It Yourself.

Get a sandbox key and call the Compliance Engine in under 60 seconds. Validate PII scrubbing, tenant isolation, and seat metering before any procurement conversation. No credit card. No approval.

500Free requests
60sTo first call
$0No card needed

Three Core Systems

What You're Testing.
In the Sandbox.

Full access to all three production systems. Validate PII scrubbing, provision isolated tenant workspaces, and inspect the metering ledger — live infrastructure, real API keys.

5Regulated Industries
100%PII Redacted
0Raw Data to LLM
1API Key
System 01
Compliance Engine
  • POST /api/v1/process
  • Real-time PII/PHI interception
  • Numbered token replacement
  • Immutable redaction event log
  • 5 regulated industry modes
System 02
Tenant Isolation
  • POST /api/v1/clients/:ref
  • Data-layer isolation per tenant
  • Scoped JWT per workspace
  • OIDC / SAML seat auth
  • Cross-tenant access blocked at data layer
System 03
Seat Metering Ledger
  • GET /api/v1/usage
  • Non-blocking async ledger writes
  • Per-seat active user tracking
  • GET /api/v1/billing/summary
  • VAR margin and cost reporting

What CISO Teams Validate First.

Before enterprise procurement, security teams need to verify three things in production: PII never leaves the gateway unredacted, tenant boundaries are enforced at the data layer, and every compliance event is permanently auditable. The sandbox lets you verify all three.

01

"We need proof that PII never reaches the LLM — not a contractual assurance."

Security teams require verifiable behavior under real payloads. PHI, financial identifiers, and legal PII must be stripped in-flight before any AI model sees the request. Promises in an MSA are not a substitute for observed output.

TEST → POST a payload containing PHI to /api/v1/process. Inspect the forwarded_payload field in the response — every sensitive token replaced with {{REDACTED_PHI_N}}. The LLM receives only the scrubbed version.
02

"Strict data-layer isolation is required. Application-layer controls aren't sufficient."

In regulated multi-tenant deployments, one tenant's data must be inaccessible to another through any code path — a misconfigured query, shared cache, or lateral API call. Application-layer filtering is not an acceptable control for HIPAA or SOC 2.

TEST → Provision two tenants via POST /api/v1/clients. Attempt to read Tenant A's records using Tenant B's scoped JWT. The gateway returns 403 — enforced at the data layer, not the application layer.
03

"Audit logs must be immutable. Mutable logs fail HIPAA and SOC 2 audit requirements."

Compliance frameworks require that redaction event logs cannot be modified, deleted, or backdated after the fact. A log system that permits updates is a liability in any breach investigation or regulatory audit.

TEST → After a /process call, query the compliance_redaction_events log. Each entry records the redacted entity type, replacement token, timestamp, and tenant ref — written non-blockingly and never deleted.
04

"Enterprise SSO is non-negotiable. We don't operate separate credential systems."

Enterprise procurement requires integration with the organization's identity provider — Okta, Azure AD, ADFS, or Google Workspace — via OIDC or SAML 2.0. Parallel authentication systems create audit gaps and access control risk.

TEST → Configure a tenant with seat_auth_mode: oidc or saml and supply your IdP issuer metadata. RGX validates RS256/ES256 tokens offline — no RGX network call per seat authorization. ADFS and Ping Identity supported via SAML 2.0.

Get Your Free API Key.

Enter your company name and email. We'll send you a real, working API key instantly. You get 500 free requests to build and test your integration before committing to a production node.

Claim Your Free API Key

Enter your company name and work email. Your API key arrives by email in seconds — use it to test the full platform before you pay anything.

By submitting you agree to our Terms of Service and Privacy Policy. One sandbox per email. No spam.

Your node is live.

Check your email for your API key — sent to . Store it securely; it won't be shown again.

Base URL

https://rgxsystems.com/api/v1

Add your key as a header: X-Api-Key: rgx_live_...

1
Make your first requestSee the code examples below — copy, paste, run.
2
Open the VAR Portalrgxsystems.com/app/var/login — manage clients, keys, and AI configs.
3
Read the docsrgxsystems.com/docs — full API reference and integration examples.
4
Ready to go live?Sign up as a VAR now →

All Three Systems. 500 Free Requests.

The sandbox is the real production stack — same infrastructure, same enforcement. No watered-down trial mode. The only limit is 500 requests.

Live Compliance Engine

POST /api/v1/process with real payloads. Observe PII/PHI interception in-flight, inspect forwarded_payload, and verify the redaction event log. Industry modes: healthcare, legal, finance, real_estate, professional_services.

Tenant Isolation Testing

Provision multiple isolated tenant workspaces and attempt cross-tenant data access. Verify that data-layer enforcement blocks all lateral access regardless of API key scope.

Seat Metering Ledger

Drive activity across test tenants and query /api/v1/usage and /api/v1/billing/summary. Verify the non-blocking async ledger records per-seat events without adding latency to inference calls.

OIDC / SAML Auth Testing

Configure enterprise SSO against your test IdP. Validate RS256/ES256 token verification offline and confirm that RGX makes no outbound calls to your identity provider per seat authorization.

Real API Key — Production Infrastructure

Your sandbox key hits live infrastructure. No mock endpoints, no read-only preview. All behavior is identical to a production node; only the request quota differs.

Immutable Audit Log Inspection

Query the compliance_redaction_events table after /process calls. Confirm permanent retention, immutability, and the event schema required for HIPAA, SOC 2, and financial audit compliance.

First Compliance Call in 60 Seconds

Replace YOUR_API_KEY with the key from your email. These calls run against live sandbox infrastructure — real PII scrubbing, real isolation enforcement.

# 1. Provision an isolated tenant workspace
curl -X POST https://rgxsystems.com/api/v1/clients \
  -H "X-Api-Key: YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"ref":"tenant-acme","name":"Acme Health Group","industry":"healthcare"}'

# 2. Run a compliance-scrubbed inference
curl -X POST https://rgxsystems.com/api/v1/process \
  -H "X-Api-Key: YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "tenant_ref": "tenant-acme",
    "user_id": "dr.smith@acme.org",
    "message": "Summarize Jane Doe, DOB 1982-04-11, MRN 00482991 recent labs.",
    "model": "claude-sonnet-4-6"
  }'

# Response: PHI stripped — LLM never sees raw identifiers
# forwarded_payload: "Summarize {{REDACTED_PHI_1}}, DOB {{REDACTED_PHI_2}}, MRN {{REDACTED_PHI_3}} recent labs."
# redactions: 3 | compliance_event_id: "ce_01j..."

# 3. Verify the seat metering ledger
curl https://rgxsystems.com/api/v1/usage?tenant_ref=tenant-acme \
  -H "X-Api-Key: YOUR_API_KEY"
const BASE = 'https://rgxsystems.com/api/v1';
const KEY  = 'YOUR_API_KEY';
const hdrs = { 'X-Api-Key': KEY, 'Content-Type': 'application/json' };

// 1. Provision an isolated tenant workspace
await fetch(`${BASE}/clients`, {
  method: 'POST', headers: hdrs,
  body: JSON.stringify({ ref: 'tenant-acme', name: 'Acme Health Group', industry: 'healthcare' })
});

// 2. Run a compliance-scrubbed inference
const result = await fetch(`${BASE}/process`, {
  method: 'POST', headers: hdrs,
  body: JSON.stringify({
    tenant_ref: 'tenant-acme',
    user_id: 'dr.smith@acme.org',
    message: 'Summarize Jane Doe, DOB 1982-04-11, MRN 00482991 recent labs.',
    model: 'claude-sonnet-4-6'
  })
}).then(r => r.json());

// PHI stripped before LLM call
console.log(result.forwarded_payload); // {{REDACTED_PHI_1}}, {{REDACTED_PHI_2}}...
console.log(result.redactions);        // 3
console.log(result.compliance_event_id);

// 3. Verify the metering ledger
const usage = await fetch(`${BASE}/usage?tenant_ref=tenant-acme`, { headers: hdrs })
  .then(r => r.json());
console.log(usage.active_seats);
import requests

BASE = 'https://rgxsystems.com/api/v1'
H = { 'X-Api-Key': 'YOUR_API_KEY', 'Content-Type': 'application/json' }

# 1. Provision an isolated tenant workspace
requests.post(f'{BASE}/clients', headers=H, json={
    'ref': 'tenant-acme', 'name': 'Acme Health Group', 'industry': 'healthcare'
})

# 2. Run a compliance-scrubbed inference
result = requests.post(f'{BASE}/process', headers=H, json={
    'tenant_ref': 'tenant-acme',
    'user_id': 'dr.smith@acme.org',
    'message': 'Summarize Jane Doe, DOB 1982-04-11, MRN 00482991 recent labs.',
    'model': 'claude-sonnet-4-6'
}).json()

# PHI stripped before the LLM call
print(result['forwarded_payload'])   # {{REDACTED_PHI_1}}, {{REDACTED_PHI_2}}...
print(result['redactions'])           # 3

# 3. Verify the metering ledger
usage = requests.get(f'{BASE}/usage', headers=H, params={'tenant_ref': 'tenant-acme'}).json()
print(usage['active_seats'])

Launch Your Production Node.

Your production node provisions instantly — dedicated API key delivered by email, all three systems live. First invoice on the 1st of next month. $2,000/mo flat node fee plus $20/active seat.

$2Kper node / mo
$20per active seat