BYOK: Your Keys, Your Control
What is BYOK?
BYOK (Bring Your Own Key) means "bring your own keys" - a service model that returns complete data control to users.
In the AI API service domain, BYOK means:
- You use your own API Keys obtained from official platforms like OpenAI, Anthropic, DeepSeek
- The service provider does not hold, sell, or control your upstream keys
- All API call charges are deducted directly from your official account, not through intermediaries
- You can view, replace, delete, or migrate your keys at any time
XAI Router's BYOK Design Philosophy
XAI Router adopts a 100% pure BYOK architecture - this is our core value proposition:
π Data Sovereignty Belongs to You
Traditional AI Aggregation Platforms:
User β Buy platform credits β Use platform key pool β Platform pays official APIs
β You don't know whose keys are being used
β You can't control data flow
β Service interrupts if platform shuts down
XAI Router BYOK Model:
User β Add your own official keys β XAI Router smart routing β Direct official API calls
β
You fully control the keys
β
Transparent costs (official billing)
β
Can migrate to other platforms anytime
π° Transparent Costs, Zero Markup
| Platform | Pricing Model | GPT-4 Call Cost Example |
|---|---|---|
| XAI Router | Zero Markup | $0.03/1K tokens (official price) |
| OpenRouter | 5% service fee + official price | $0.03 Γ 1.05 = $0.0315/1K tokens |
| Traditional Aggregators | 10%-50% markup | $0.03 Γ 1.3 = $0.039/1K tokens |
Example Calculation: If you call 100M tokens per month, using XAI Router vs OpenRouter saves $1,500/month.
π‘οΈ End-to-End Encryption, Zero-Trust Architecture
XAI Router employs cryptocurrency-grade security:
Your Provider Keys Encryption Flow:
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β 1. You add OpenAI API Key: sk-proj-abc123... β
β β
β 2. System generates your unique Encryption Key (32 bytes)β
β β
β 3. Encrypts your Provider Key with ChaCha20-Poly1305 β
β ββ Algorithm: XChaCha20-Poly1305 (AEAD) β
β ββ Nonce: 24-byte random value β
β ββ Ciphertext stored in PostgreSQL β
β β
β 4. Your Encryption Key itself is encrypted by system key β
β β
β 5. Decryption requires your account credentials β
β System admins cannot access β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Key Security Features:
- β User-Level Isolated Encryption: Each user has a unique Encryption Key
- β No Super-Admin: Database admins cannot decrypt any user's keys
- β Memory Hot Cache: Decryption results cached in memory for only 120 minutes
- β Even if Database Leaks: Attackers cannot recover your Provider Keys
BYOK vs Traditional API Aggregation Platforms
| Comparison | XAI Router (BYOK) | OpenRouter (Hybrid) | Traditional Aggregators |
|---|---|---|---|
| Key Source | 100% user-owned | BYOK or platform pool | Platform pool |
| Pricing | Zero markup | BYOK charged 5% fee | 10%-50% markup |
| Data Control | Fully user-owned | Partially user-owned | Platform-controlled |
| Billing Transparency | Official bills directly viewable | Additional billing required | Black-box billing |
| Vendor Lock-in | None, migrate anytime | No lock-in for BYOK | Strong lock-in |
| Free Tier | Completely free (use your own keys) | 1M requests/month free | None |
| Security Level | End-to-end encryption | Standard encryption | Standard encryption |
| Service Interruption Risk | Low (official API stability) | Medium | High (platform-dependent) |
Three Core Advantages of BYOK
1. π― Cost Control, No Black Box
Traditional Platform Pain Points:
- Unclear which model version is actually called
- Cannot verify if token counts are accurate
- Platform suddenly raises prices, users forced to accept
XAI Router BYOK Solution:
# You can directly verify every call on official platforms
# 1. Login to OpenAI Dashboard: https://platform.openai.com/usage
# 2. View real-time usage: model, token count, cost
# 3. Compare with XAI Router logs to ensure consistency
2. π Data Sovereignty, Compliance Assured
For strictly regulated industries like finance, healthcare, government:
| Compliance Requirement | Traditional Platforms | XAI Router BYOK |
|---|---|---|
| Data Stays In-Region | β Data goes through platform servers | β Direct official API connection |
| Key Auditing | β Cannot audit platform keys | β All keys traceable |
| SOC 2 Compliance | β Depends on platform certification | β User-controlled |
| GDPR Conformance | β Platform is data processor | β User is controller |
3. π Flexible Migration, Avoid Lock-in
Scenario Example:
Your team uses XAI Router for 6 months, then decides to migrate to self-hosted:
Day 1: Export XAI Router configuration
ββ Level Mapper: claude*=2, gpt*=1
ββ Model Mapper: gpt-4=gpt-4-turbo
ββ Provider Keys: Your own official keys
Day 2: Import config to self-hosted system, change base_url
Day 3: Seamless migration complete β
What if using traditional platforms?
β Cannot export keys (you never owned them)
β Need to reapply for all official API Keys
β Historical usage data cannot be migrated
How to Practice BYOK with XAI Router?
Step 1: Prepare Your Official API Keys
Visit these platforms to obtain keys:
- OpenAI Platform β Get
sk-proj-... - Anthropic Console β Get
sk-ant-... - DeepSeek Platform β Get
sk-... - Google AI Studio β Get
AIzaSy...
Step 2: Add to XAI Router
# Via Admin Console
https://a.xaicontrol.com β Providers β Add Provider Key
# Or via API
curl -X POST https://api.xaicontrol.com/x-keys \
-H "Authorization: Bearer YOUR_XAI_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"SecretKey": "sk-proj-your-openai-key",
"Name": "OpenAI Production",
"Level": 1,
"Provider": "https://api.openai.com",
"Status": true
}'
Step 3: Configure Smart Routing
# Set Level Mapper (model routing rules)
curl -X POST https://api.xaicontrol.com/x-conf \
-H "Authorization: Bearer YOUR_XAI_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"LevelMapper": "claude*=2,gpt-4*=1,gpt-3.5*=1,deepseek*=3"
}'
Step 4: Start Calling
from openai import OpenAI
client = OpenAI(
base_url="https://api.xaicontrol.com/v1",
api_key="YOUR_XAI_API_KEY" # Note: This is the virtual key from XAI
)
response = client.chat.completions.create(
model="gpt-4o",
messages=[{"role": "user", "content": "Hello"}]
)
# XAI Router automatically:
# 1. Routes gpt-4o to Level 1 based on LevelMapper
# 2. Selects an available OpenAI Key from Level 1 pool
# 3. Calls OpenAI official API with that key
# 4. Charges deducted directly from your OpenAI account
Frequently Asked Questions
Q1: How does XAI Router profit with BYOK?
A: XAI Router offers two business models:
- XAI Control [2] (Cloud Service): Basic routing service is completely free; monetization through enterprise-grade premium features (advanced monitoring, SLA guarantees, dedicated support)
- XAI Router [1] (Self-Hosted): One-time license fee + optional technical support services
We believe that only by truly solving user pain points can we build long-term value. Free BYOK is not a marketing gimmick, but our core philosophy.
Q2: Will my keys be misused by XAI Router?
A: Absolutely not. We employ multiple safeguards:
- Technical Isolation: Each user's keys are encrypted with a unique Encryption Key; system admins cannot decrypt
- Audit Logs: All key usage is fully logged and traceable to specific requests
- Open Source Plan: Core AI API Router code (to be open-sourced in 2026)
Q3: What's the difference between XAI Router BYOK and OpenRouter BYOK?
| Feature | XAI Router | OpenRouter |
|---|---|---|
| Must Use BYOK | β 100% BYOK, no other option | β Optional BYOK or platform pool |
| BYOK Fee | β Completely free | β 5% service charge |
| Free Tier | β Unlimited (use your own keys) | β οΈ 1M requests/month then paid |
| Self-Hosted | β Supported | β Cloud-only |
Q4: How do I export my configuration if I want to switch platforms?
A: Very simple:
# 1. Export all configuration
curl https://api.xaicontrol.com/x-conf \
-H "Authorization: Bearer YOUR_XAI_API_KEY" \
> my-config.json
# 2. Export Provider Keys list (shows names and Levels only, not keys themselves)
curl https://api.xaicontrol.com/x-keys \
-H "Authorization: Bearer YOUR_XAI_API_KEY" \
> my-keys.json
# 3. Your original keys are always on official platforms (e.g., OpenAI Dashboard), just copy directly
Further Reading
- "Terminology" to understand BYOK-related terms
- "Access Control" to learn how to protect your keys
- "Quick Start" to start using BYOK