Quick Start
Detect and obfuscate PII in a browser application in under 5 minutes.
This guide walks you through the three core operations of @secured-ai/core: detecting PII, obfuscating it, and restoring the originals.
1. Create an SDK access token
Browser initialization requires an SDK access token from the Secured platform. Token creation is available to Pro users.
- Open Settings > SDK Access Tokens.
- Create a token.
- Add your browser origin, for example
https://app.example.comorhttp://localhost:5173. - Copy the token once it is shown.
See SDK Access Tokens for allowed-origin and wildcard rules.
2. Create a client
Import PrivacyClient and create an instance. By default, the regex and NLP engines are enabled. The ML engine is opt-in — see the ML Engine guide when you're ready for it.
import { PrivacyClient } from '@secured-ai/core'
const client = new PrivacyClient({
baseUrl: 'https://dev-api.securedai.com',
sdkAccessToken: import.meta.env.VITE_SECURED_SDK_ACCESS_TOKEN,
})You can pass a PrivacyClientConfig object to customise the engines and confidence threshold:
import { PrivacyClient } from '@secured-ai/core'
const client = new PrivacyClient({
baseUrl: 'https://dev-api.securedai.com',
sdkAccessToken: import.meta.env.VITE_SECURED_SDK_ACCESS_TOKEN,
engines: {
regex: true,
nlp: true,
ml: false, // ML is off by default
gliner: false,
custom: true,
},
confidenceThreshold: 0.8, // only accept detections above 80% confidence
})3. Initialise the client
Call initialize() before running any detection. This loads the enabled engines asynchronously. The method is idempotent — calling it multiple times is safe.
await client.initialize()
console.log(client.isReady) // trueinitialize() is called automatically the first time you call detect() or obfuscate(), but calling it explicitly on app startup gives you more control over the loading lifecycle.
4. Detect PII
Pass any string to detect(). It returns a PrivacyScanResult describing every entity found.
const result = await client.detect(
'Contact John Smith at john@example.com or call 555-867-5309.'
)
console.log(result.isClean) // false
console.log(result.sensitiveEntities)
// [
// { text: 'John Smith', type: 'PERSON', confidence: 0.92, ... },
// { text: 'john@example.com', type: 'EMAIL', confidence: 0.98, ... },
// { text: '555-867-5309', type: 'PHONE', confidence: 0.95, ... },
// ]5. Obfuscate text
obfuscate() detects PII and replaces each entity with realistic fake data. It returns the processed text and a sessionId you can use to restore the originals later.
const result = await client.obfuscate(
'Contact John Smith at john@example.com or call 555-867-5309.'
)
console.log(result.processed)
// 'Contact Emily Johnson at sarah.m@mailbox.net or call 800-555-0142.'
console.log(result.sessionId) // 'f47ac10b-58cc-4372-a567-0e02b2c3d479'
console.log(result.hasSensitiveData) // trueThe same entity appearing multiple times in the same text is always replaced with the same fake value, keeping the output coherent.
6. Restore the original text
Pass the obfuscated text and the sessionId to restore() to get the original content back.
const restored = await client.restore(result.processed, result.sessionId)
console.log(restored.restored)
// 'Contact John Smith at john@example.com or call 555-867-5309.'
console.log(restored.success) // true
console.log(restored.mappingsApplied) // 3Putting it all together
import { PrivacyClient } from '@secured-ai/core'
const client = new PrivacyClient({
baseUrl: 'https://dev-api.securedai.com',
sdkAccessToken: import.meta.env.VITE_SECURED_SDK_ACCESS_TOKEN,
})
await client.initialize()
const text = 'Invoice #INV-2024-001 for Jane Doe, SSN 123-45-6789.'
// Obfuscate before sending to an external API
const { processed, sessionId } = await client.obfuscate(text)
console.log(processed)
// 'Invoice #INV-2024-001 for Emily Carter, SSN 987-65-4320.'
// Restore when you get the response back
const { restored } = await client.restore(processed, sessionId)
console.log(restored)
// 'Invoice #INV-2024-001 for Jane Doe, SSN 123-45-6789.'