Skip to main content
This quickstart gives you one working Averta-protected OpenAI request. Use the JavaScript or Python snippet that matches your app.

1. Create a Policy and API Keys

Create a policy in the Averta Dashboard, then create an Averta API key with that policy attached. You also need a normal OpenAI API key.
A key without an attached policy is not a guarded setup. Store the Averta secret when you create it; the dashboard does not show it again later.

2. Install Packages

npm install openai @averta-security/sdk-openai
Python support is source-install only until averta-openai is published to PyPI. Run the Python install command from the SDK repository.

3. Set Environment Variables

export OPENAI_API_KEY="your-openai-key"
export AVERTA_API_KEY="your-averta-key"
The Averta wrapper reads AVERTA_API_KEY from the environment. Pass a key in code only when you need to override the environment for a specific client.

4. Create a Quickstart File

import OpenAI from "openai";
import { wrapOpenAI } from "@averta-security/sdk-openai";

function readEnv(name) {
  const value = process.env[name];

  if (!value) {
    throw new Error(`Missing required environment variable: ${name}`);
  }

  return value;
}

const client = wrapOpenAI(
  new OpenAI({
    apiKey: readEnv("OPENAI_API_KEY"),
  })
);

const response = await client.responses.create({
  model: process.env.OPENAI_MODEL ?? "gpt-5.4-mini",
  input: "Write one sentence explaining what a password reset link is.",
});

console.log("\nModel output:");
console.log(response.output_text);

5. Run It

node quickstart.mjs
With a policy that allows the request, you should see model output: 
Model output:
A password reset link lets a verified user choose a new password for their account.
The exact model text will vary. The important part is that Averta runs checkpoint decisions before your application returns the result.

What Happened

  • The wrapper sent a request checkpoint to Averta before calling OpenAI.
  • Averta used the policy attached to your API key to decide what should happen.
  • If policy returned block, the SDK would throw before the OpenAI request.
  • OpenAI generated a non-streaming final answer.
  • The wrapper sent an output checkpoint to Averta before returning the response.
  • The SDK generated requestId and traceId automatically so decisions can be found in dashboard events.

Add Tools Next

When your agent passes tools, Averta can also restrict tool exposure before the provider sees the tool list and screen tool results before they return to the model. 
const tools = [
  {
    type: "function",
    name: "search_docs",
    description: "Search internal support documentation.",
    strict: true,
    parameters: {
      type: "object",
      properties: {
        query: { type: "string" },
      },
      required: ["query"],
      additionalProperties: false,
    },
  },
];

const responseWithTools = await client.responses.create({
  model: process.env.OPENAI_MODEL ?? "gpt-5.4-mini",
  input: "Search the docs for password reset guidance.",
  tools,
});
Use OpenAI quickstart for the complete tool-loop pattern.

Next Steps

OpenAI quickstart

Add tools, request context, and decision logging to an OpenAI agent loop.

Anthropic quickstart

Use the same checkpoint model with Anthropic Messages.

Checkpoints

Understand each Averta decision point.

Policies

Create the policy that makes runtime enforcement active.

Events

Find the request and output decisions in the dashboard.