𝐗𝐀𝐈 𝐗𝐀𝐏𝐈

Frequently Asked Questions

What is BYOK (Bring Your Own Key)? BYOK means "Bring Your Own Key". In XAI Router, this means you use your own API Keys obtained from official platforms like OpenAI, Anthropic, DeepSeek, rather than purchasing keys from XAI.

Core Advantages:
  • Full Control: Key ownership belongs to you; replace, delete, or migrate anytime
  • Zero Markup: API call charges deducted directly from your official account with no markup
  • Cost Transparency: View original billing directly on official platforms (e.g., OpenAI Dashboard)
  • Data Sovereignty: End-to-end encryption; system admins cannot access your keys
See "BYOK: Your Keys, Your Control" for details.

What's the difference between XAI Router BYOK and OpenRouter?
FeatureXAI RouterOpenRouter
Must Use BYOK✅ 100% BYOK, no other option❌ Optional BYOK or platform paid pool
BYOK Fee✅ Completely free❌ 5% service charge
Free Tier✅ Unlimited (use your own keys)⚠️ 1M requests/month then paid
Self-Hosted✅ Supported❌ Cloud-only
Cost Comparison Example: If you call 100M tokens of GPT-4 per month, using XAI Router vs OpenRouter saves approximately $1,500/month.

Are my Provider Keys safe? Will XAI misuse them? Absolutely not. XAI Router employs cryptocurrency-grade security measures:

Technical Safeguards:
  • 🔒 User-Level Encryption: Each user's Provider Keys are encrypted with a unique Encryption Key (ChaCha20-Poly1305 algorithm)
  • 🔒 No Super-Admin: System admins and database admins cannot decrypt your keys
  • 🔒 Audit Logs: All key usage is fully logged and traceable to specific requests
  • 🔒 Even if Database Leaks: Attackers cannot recover your Provider Keys
Compliance Certification:
  • SOC 2 Type II certification (planned)
  • Core encryption module code open-sourced for community auditing
See "BYOK Security Architecture" for details.

If I want to stop using XAI Router, how do I migrate my data? The biggest advantage of BYOK is zero vendor lock-in:

Migration Steps:
  1. Export Configuration: Export your Level Mapper, Model Mapper, etc. via API or Admin Console
  2. Copy Keys: Your original Provider Keys are always on official platforms (e.g., OpenAI Dashboard), just copy directly
  3. Switch base_url: Change API endpoint in your application or new platform
  4. Complete Migration: No approval needed, takes effect immediately
Traditional Platform Pain Points:
  • ❌ Cannot export keys (you never owned them)
  • ❌ Need to reapply for all official API Keys
  • ❌ Historical usage data cannot be migrated

In BYOK mode, why does XAI Router still need my XAI API Key? This is a two-layer key design:

  1. Provider Key (Upstream Key): The original key you obtained from official platforms like OpenAI, Anthropic, which you add to XAI Router and store encrypted
  2. XAI API Key (Virtual Key): The proxy key assigned by XAI Router (format: sk-Xvs...), used for:
    • Authenticating your identity
    • Routing requests to the correct Provider Key pool
    • Applying your custom configuration (Level Mapper, Model Mapper, etc.)
    • Recording usage and billing (to cross-check with official bills)
Workflow:
Your App → Call with XAI API Key → XAI Router verifies and routes → Calls official API with your Provider Key → Charges deducted from your official account

Technical Issues

Why do some API calls return a 404 Not Found error? This is usually because your `base_url` is configured incorrectly. Many libraries (like LangChain) require the `base_url` to include the `/v1` suffix, not just the domain name.

Please check your configuration and ensure it is set to `https://api.xaixapi.com/v1` (for OpenAI-compatible interfaces).

Why am I getting a "401: Incorrect API key provided..." error? This error indicates that your request was sent to OpenAI's official servers instead of our proxy server. This typically happens when you have only configured the API Key but have not changed the API request address (`base_url`) to `https://api.xaixapi.com`.

What should I do if the open-source project I'm using doesn't support configuring a `base_url`? In this situation, you will need to find the project's source code and hardcode the API request address from `api.openai.com` to `api.xaixapi.com`.

Why do I get a 401 Unauthorized error when calling user management APIs (e.g., /x-users)? To prevent abuse, calling core management APIs (such as creating/managing child users) has a minimum balance requirement for the calling account. Typically, your account balance needs to be greater than `\$100` to gain the necessary permissions. Please ensure your account has sufficient funds.

What are the requirements for creating a child user? Creating a child user requires meeting two main conditions: 1. Your parent account balance must be greater than `\$100`. 2. The initial top-up amount for the newly created child user cannot be less than `\$2`.

In the XAI XAPI system, every account is independent. As long as a child user's balance also meets the above conditions, it can also create its own child users.

Why does my account report "Insufficient balance" even though I still have credit? To prevent overdrafts and asset loss, the system prohibits new API calls when the account balance falls below `\$1`. Please top up your account in a timely manner.

← Using XAI Control to Integrate GitHub Marketplace's Free Models into Any Application