# Masker ## Docs - [POST /agents — provision a new Masker proxy agent](https://docs.masker.dev/api-reference/agents/create-agent.md): Provision a new agent with a name, upstream LLM, and tokenization scheme. Returns the proxy and webhook URLs you need for voice platform configuration. - [DELETE /agents/{id} — permanently remove an agent](https://docs.masker.dev/api-reference/agents/delete-agent.md): Permanently delete an agent and immediately disable its proxy URL. Past sessions are preserved for compliance audit. This action cannot be undone. - [GET /agents/{id} — retrieve a single agent's config](https://docs.masker.dev/api-reference/agents/get-agent.md): Fetch the full configuration, active masking policy, proxy URL, and 24-hour and 7-day usage statistics for a single agent by its ULID. - [GET /agents/{id}/sessions — list sessions by agent](https://docs.masker.dev/api-reference/agents/list-agent-sessions.md): List call sessions scoped to a single agent, with filters for time range, status, and minimum redaction count. Supports cursor pagination. - [GET /agents — list all Masker agents in your account](https://docs.masker.dev/api-reference/agents/list-agents.md): Retrieve a cursor-paginated list of every agent in your account, including proxy URLs, webhook URLs, tokenization scheme, and 24-hour session counts. - [Authenticate with the Masker API using OAuth cookies](https://docs.masker.dev/api-reference/authentication.md): How Masker uses GitHub OAuth and HTTP-only session cookies, with guidance for browser sessions, CLI scripting, and webhook signature verification. - [Masker REST API: conventions, errors, and rate limits](https://docs.masker.dev/api-reference/introduction.md): Complete reference for the Masker API: base URL, request conventions, pagination, error codes, rate limits, and versioning guarantees. - [POST /proxy/{id}/v1/chat/completions — Masker LLM proxy](https://docs.masker.dev/api-reference/proxy/chat-completions.md): OpenAI-compatible proxy that redacts PHI from incoming messages, forwards to the upstream LLM, and rehydrates tokens in the response. Supports streaming. - [POST /vapi/webhook/{id} — Vapi assistant-request event](https://docs.masker.dev/api-reference/proxy/vapi-webhook.md): Handles Vapi assistant-request events to return dynamic per-call LLM configuration, with the custom LLM URL rewritten to point at the Masker proxy. - [GET /sessions/{id} — full session detail and events](https://docs.masker.dev/api-reference/sessions/get-session.md): Retrieve full detail for a single session: redaction events, per-category detection counts, stage latencies, and Merkle root for audit verification. - [GET /sessions/{id}/report — download compliance report](https://docs.masker.dev/api-reference/sessions/get-session-report.md): Download a per-session HIPAA compliance report as auditor-ready JSON (Masker Audit Schema v1) or PDF, with Merkle root and Safe Harbor breakdown. - [GET /sessions — list call sessions across all agents](https://docs.masker.dev/api-reference/sessions/list-sessions.md): List call sessions across every agent in your account. Filter by agent, status, time range, or minimum redaction count. Supports cursor pagination. - [Request access to the Masker May 2026 production beta](https://docs.masker.dev/beta-access.md): Private beta is open now for evaluation. Production beta with signed BAA, SLAs, and VPC deployment launches May 30, 2026 — here's how to get in. - [Session compliance reports: contents and chain verification](https://docs.masker.dev/compliance/audit-reports.md): What a Masker session compliance report contains, how to download JSON and PDF formats, and how to verify the HMAC-SHA256 audit chain integrity offline. - [Data residency: where PHI lives and how to control it](https://docs.masker.dev/compliance/data-residency.md): Where Masker stores data across deployment models, how PHI lives only in process memory, who holds key material, and options for strict residency needs. - [HIPAA Safe Harbor: coverage matrix for all 18 categories](https://docs.masker.dev/compliance/hipaa-safe-harbor.md): Current status for all 18 HIPAA Safe Harbor categories, what full versus partial coverage means, and how the matrix stamps your session compliance reports. - [Masker compliance posture: HIPAA, BAA, and audit chain](https://docs.masker.dev/compliance/overview.md): Masker's HIPAA Safe Harbor coverage, BAA availability, fail-closed audit behavior, and the compliance artifacts generated per session for auditors. - [Using the Masker CLI: masker and masker-voice tools](https://docs.masker.dev/configuration/cli.md): Install and authenticate the masker and masker-voice binaries for detection testing, policy management, report generation, and audio replay. - [Choosing how to deploy Masker in your infrastructure](https://docs.masker.dev/configuration/deployment.md): Compare hosted SaaS, self-hosted VPC, and air-gapped on-premises options — and understand what each means for data residency and BAA coverage. - [Customer environment variables for self-hosted Masker](https://docs.masker.dev/configuration/environment-variables.md): The customer-facing environment variables you configure when running Masker in your own VPC — covering encryption keys, key rotation, and CLI auth. - [Configuring Masker's mask_policy.yaml detection rules](https://docs.masker.dev/configuration/mask-policy.md): Learn how mask_policy.yaml controls which PHI entities are detected, how each span is tokenized or redacted, and which key ring applies. - [How Masker's compliance firewall and proxy pipeline work](https://docs.masker.dev/how-it-works.md): Trace every conversation turn from your voice vendor through detection, tokenization, LLM forwarding, rehydration, and audit chain generation. - [Connect Masker to Bolna as a Custom LLM Base URL](https://docs.masker.dev/integrations/bolna.md): Configure Bolna's Custom OpenAI-compatible LLM provider to use Masker as a base URL, keeping PHI out of your model provider's logs entirely. - [Integrate Masker with any OpenAI-compatible platform](https://docs.masker.dev/integrations/custom.md): Any voice platform that accepts a Custom LLM base URL or OpenAI-compatible endpoint can route through Masker with a single URL change and no SDK required. - [Connect Masker to ElevenLabs Conversational AI Agents](https://docs.masker.dev/integrations/elevenlabs.md): Point your ElevenLabs agent's Custom LLM at Masker to intercept every conversation turn and strip PHI before it leaves your regulated boundary. - [Connect Masker to Vapi as a Custom LLM Firewall](https://docs.masker.dev/integrations/vapi.md): Route every Vapi conversation through Masker so PHI is tokenized before it reaches your LLM and rehydrated before it reaches the caller. - [Masker: HIPAA-grade compliance firewall for voice AI](https://docs.masker.dev/introduction.md): Masker intercepts every voice AI conversation, tokenizes PHI before it reaches your LLM, and rehydrates it on the way back — no PHI in your model logs. - [PHI and PII identifiers Masker detects in your calls](https://docs.masker.dev/masking/detection.md): Full coverage matrix of HIPAA Safe Harbor identifiers, how each detector works, and which categories are fully covered versus on the roadmap. - [Generate synthetic data for testing without real PHI](https://docs.masker.dev/masking/synthetic-data.md): Replace detected PHI with realistic but fictional surrogates for local development, CI pipelines, and demos — without touching real patient data. - [PHI token format, vault and AEAD tokenization schemes](https://docs.masker.dev/masking/tokenization.md): How Masker encodes detected PHI into typed, opaque tokens — and how it recovers the original value on the response leg without exposing PHI to your LLM. - [How Masker intercepts and masks a live voice call](https://docs.masker.dev/masking/voice-pipeline.md): Step-by-step walkthrough of the STT → detect → mask → LLM → rehydrate → TTS flow, latency budget, streaming behavior, and audit artifacts. - [Get started with Masker: place your first masked call](https://docs.masker.dev/quickstart.md): Sign in, connect a Vapi agent, place a test call, and verify in OpenAI's logs that no PHI crossed the compliance boundary — in under five minutes.