Welcome, mobile teams

Secure AI access without shipping secrets

Gate/AI lets your app call AI providers without hiding API keys in your binary. Instead of giving every build a copy of a secret, we verify the device, mint a short-lived token, and watch every request for you.

Choose your platform Talk to our team

Why Gate/AI exists

Shipping API keys is risky

When a key lives in your app bundle, anyone can extract it with basic tools. Gate/AI keeps provider keys on the server and gives each device a temporary substitute instead.

You need guardrails

We attach analytics, budgets, and revocation controls to every device. If something looks off—a leaked build, a sudden cost spike—you can shut it down instantly.

What Gate/AI gives you

1. A lock-and-key for each device

The SDK creates a hardware-backed key in the Secure Enclave (iOS) or Keystore (Android). Only that device can use it, so stolen tokens are useless elsewhere.

Under the hood

We use P-256 keypairs and store the thumbprint (cnf.jkt) to bind tokens to the device.

2. Proof that the app is real

Before we issue a token, the SDK proves it’s running inside your signed app on an untampered device. No emulator, no repackage.

Under the hood

iOS uses App Attest; Android uses Play Integrity. Both are bound to a short-lived challenge from Gate/AI.

3. Automatic request protection

Every call to the Gate/AI proxy is signed on-device. If someone tries to replay a request or reuse a token elsewhere, it fails.

Under the hood

We use DPoP (Demonstration of Proof-of-Possession) JWTs with per-request nonces for replay defense.

What it feels like in your app

  1. App launch: the SDK makes sure a device key exists and asks Gate/AI for a fresh challenge.
  2. Token request: the device proves it’s legit, Gate/AI replies with a 10-minute access token tied to that device.
  3. Provider call: you call the Gate/AI proxy instead of the provider directly; the SDK decorates the request with the token and a one-time proof.
  4. Renew & monitor: the SDK refreshes before expiry, and you can view usage, costs, and revocations from the Gate/AI console.

Pick your platform guide

iOS · Swift Package

Step-by-step setup for Secure Enclave, App Attest, and DPoP with the GateAI Swift package.

Open iOS guide

Android · Kotlin

Learn about the upcoming Kotlin SDK and see the manual Play Integrity flow available today.

Open Android guide

Working in development & CI

  • Use a Gate/AI development token when you run in the simulator or emulator; production rejects it automatically.
  • Development tokens expire quickly (≤24h) and still honor rate limits, budgets, and denylist rules.
  • API responses include `mode: "dev"` so you can disable features or log extra warnings during QA.

Next steps & resources

Create a Gate/AI account Visit the Gate/AI console View GitHub repositories