DocsREST APIPricing

Management API

Accounts and Authorization

View as Markdown

Create an API key

/auth/teams/{teamId}/api-keys

API keys are used to access the xAI API (https://api.x.ai). They are included on requests as a HTTP Bearer token. API keys are bound to teams and are associated with the user who created them.

Path parameters

teamId

string

required

ID of the team this API key belongs to. The team ID can be copied here: https://console.x.ai/team/default/settings/team.

Request Body

name

string

required

Human-readable name for the API key. Should not be empty.

Response Body

redactedApiKey

string

A redacted API key. We don't expose the full key after it has been created.

apiKey

string

Only set when the API key is created.

userId

string

ID of the User who created this API key.

name

string

Human-readable name for the API key.

createTime

string

Timestamp when the API key was created.

modifyTime

string

Timestamp when the API key was modified.

teamId

string

ID of the team this API key belongs to.

apiKeyId

string

The ID of the API key.

disabled

boolean

If API is disabled (by the user) or not. Users can disable API keys to prevent them from making API calls.

expireTime

string

Expiration time for the API key. If set and in the past, the key is rejected.

qps

integer

If set, this API key can only perform the stated number of requests per second.

qpm

integer

If set, this API key can only perform the stated number of requests per minute.

tpm

string

If set, the API key is limited to producing/consuming the set number of tokens per minute. The limiter engages when the limit is strictly exceeded. In-flight requests that cause the limit to get exceeded will not be aborted.

aclStrings

array

The permissions the API key has. By default, API keys don't have any permissions, which means all requests fail if this field is empty. There are two kind of permissions users can grant: (1) endpoints and (2) models via the api-key:endpoint:[endpoint name] and api-key:model:[model name] ACLs.
If you want to grant access to specific endpoints and ACLs, you can use the corresponding /endpoints and /models endpoints to retrieve possible values for endpoint name and model name.
If you want to create an API key that has access to all endpoints and models, you can use the wildcard ACLs api-key:endpoint:* and api-key:model:*.

List API keys

/auth/teams/{teamId}/api-keys

Lists API keys belonging to a user within a team. If the caller user is an admin, returns all team API keys. If the caller user is a member, returns that user's API keys.

Path parameters

teamId

string

required

ID of the team whose API keys shall be listed.

Query parameters

pageSize

integer

Control page size for result. It None, result is returned as one page.

paginationToken

string

Pagination token received from a previous call when using pagination. Set to `undefined` to retrieve the first page.

aclFilters

array

Optional filter to only return API keys that match the given ACLs.

Response Body

apiKeys

array

API keys belonging to the team.

paginationToken

string

Include this token on a follow-up request to retrieve the next page. If undefined, this is the last page.

Update an API key

/auth/api-keys/{api_key_id}

Selectively updates a subset of fields on an API key.

Path parameters

api_key_id

string

required

The ID of the API key.

Request Body

Response Body

redactedApiKey

string

A redacted API key. We don't expose the full key after it has been created.

apiKey

string

Only set when the API key is created.

userId

string

ID of the User who created this API key.

name

string

Human-readable name for the API key.

createTime

string

Timestamp when the API key was created.

modifyTime

string

Timestamp when the API key was modified.

teamId

string

ID of the team this API key belongs to.

apiKeyId

string

The ID of the API key.

disabled

boolean

If API is disabled (by the user) or not. Users can disable API keys to prevent them from making API calls.

expireTime

string

Expiration time for the API key. If set and in the past, the key is rejected.

qps

integer

If set, this API key can only perform the stated number of requests per second.

qpm

integer

If set, this API key can only perform the stated number of requests per minute.

tpm

string

If set, the API key is limited to producing/consuming the set number of tokens per minute. The limiter engages when the limit is strictly exceeded. In-flight requests that cause the limit to get exceeded will not be aborted.

aclStrings

array

The permissions the API key has. By default, API keys don't have any permissions, which means all requests fail if this field is empty. There are two kind of permissions users can grant: (1) endpoints and (2) models via the api-key:endpoint:[endpoint name] and api-key:model:[model name] ACLs.
If you want to grant access to specific endpoints and ACLs, you can use the corresponding /endpoints and /models endpoints to retrieve possible values for endpoint name and model name.
If you want to create an API key that has access to all endpoints and models, you can use the wildcard ACLs api-key:endpoint:* and api-key:model:*.

Rotate an API key

/auth/api-keys/{apiKeyId}/rotate

!!CAUTION!! Rotates the secret of an existing API key, permanently invalidating the old one.

Path parameters

apiKeyId

string

required

ID of the API key whose secret should be rotated.

Response Body

redactedApiKey

string

A redacted API key. We don't expose the full key after it has been created.

apiKey

string

Only set when the API key is created.

userId

string

ID of the User who created this API key.

name

string

Human-readable name for the API key.

createTime

string

Timestamp when the API key was created.

modifyTime

string

Timestamp when the API key was modified.

teamId

string

ID of the team this API key belongs to.

apiKeyId

string

The ID of the API key.

disabled

boolean

If API is disabled (by the user) or not. Users can disable API keys to prevent them from making API calls.

expireTime

string

Expiration time for the API key. If set and in the past, the key is rejected.

qps

integer

If set, this API key can only perform the stated number of requests per second.

qpm

integer

If set, this API key can only perform the stated number of requests per minute.

tpm

string

If set, the API key is limited to producing/consuming the set number of tokens per minute. The limiter engages when the limit is strictly exceeded. In-flight requests that cause the limit to get exceeded will not be aborted.

aclStrings

array

The permissions the API key has. By default, API keys don't have any permissions, which means all requests fail if this field is empty. There are two kind of permissions users can grant: (1) endpoints and (2) models via the api-key:endpoint:[endpoint name] and api-key:model:[model name] ACLs.
If you want to grant access to specific endpoints and ACLs, you can use the corresponding /endpoints and /models endpoints to retrieve possible values for endpoint name and model name.
If you want to create an API key that has access to all endpoints and models, you can use the wildcard ACLs api-key:endpoint:* and api-key:model:*.

Delete an API key

/auth/api-keys/{apiKeyId}

!!CAUTION!! Permanently and irrevocably deletes an API key.

Path parameters

apiKeyId

string

required

ID of the API key to delete.

Check API key propagation

/auth/api-keys/{apiKeyId}/propagation

Checks if an API key has successfully been propagated.

Path parameters

apiKeyId

string

required

ID of the API whose propagation status shall be checked.

Response Body

icPropagation

object

Map from the Inference Cluster address to a flag indicating if the API key has propagated.

List models

/auth/teams/{teamId}/models

Lists all models that are accessible by a team.

Path parameters

teamId

string

required

ID of the team whose models shall be retrieved.

Response Body

clusterConfigs

array

Contains the models accessible via the individual inference clusters.

List possible endpoint ACL values

/auth/teams/{teamId}/endpoints

Lists all the endpoint ACLs that can be used on API keys.

Path parameters

teamId

string

required

ID of the team whose accessible endpoints shall be received.

Response Body

acls

array

List of ACLs that can be assigned to an API key.

Validate management key

/auth/management-keys/validation

Response Body

apiKeyId

string

ID of this key.

teamId

string

[DEPRECATED] Use scope and scope_id instead. ID of the team on whose behalf the key can act.

scope

"SCOPE_UNSPECIFIED" | "SCOPE_TEAM" | "SCOPE_ORGANIZATION"

default: SCOPE_UNSPECIFIED

Scope the key is associated with.

scopeId

string

ID of the scope the key is associated with.

ownerUserId

string

ID of the user who owns this key.

createTime

string

Time when the key was created.

modifyTime

string

Time when the key was last modified.

name

string

Name of this key (Just for humans).

acls

array

ACLs of this key (controls what APIs can be accessed using the key).

apiKey

string

Only set when the key is created.

redactedApiKey

string

A shorted version of the actual key.

ipRanges

object

Did you find this page helpful?