Proxy Routing

The Ephos proxy allows you to execute requests against third-party services securely, without exposing your raw Phantom Keys. All requests are routed through our secure gateway and encrypted enclave.

Basic Request

To use the proxy, construct a POST request to https://auth.phantom-projects.com/api/vault/execute with the following JSON payload:

{
  "service": "OpenAI",
  "targetUrl": "https://api.openai.com/v1/chat/completions",
  "method": "POST",
  "body": {
    "model": "gpt-4",
    "messages": [
      { "role": "user", "content": "Hello, world!" }
    ]
  }
}
      

Headers

The proxy request must be authenticated. You should use your Ephos Token (`et_xxx`):

Authorization: Bearer et_live_1234567890abcdef
Content-Type: application/json
      

Domain Whitelisting

Every request is strictly validated against the domain whitelist configured when the token was minted. If the `targetUrl` does not match an allowed domain, the proxy will immediately reject the request with a `403 Access Denied` error.

Supported Providers

The proxy dynamically injects the decrypted credentials into the headers for the outgoing request depending on the service field:

Bearer Auth: Default behavior (e.g., OpenAI, Anthropic, Stripe). Injects `Authorization: Bearer [KEY]`.
GitHub: Injects `Authorization: token [KEY]`.
Google/Gemini: Injects `x-goog-api-key: [KEY]`.