Provider Key API
Provider Key API
Use the Provider Key API to manage upstream credentials used for model access. Only the primary account administrator can call these endpoints.
export BASE_URL="https://api.xaicontrol.com"
export API_KEY="sk-Xvs..."Endpoints
| Method and path | Description |
|---|---|
GET /x-keys?fields=summary | List Provider Keys |
GET /x-keys/{id}?fields=summary | Get one Key |
POST /x-keys | Add a Key |
PUT /x-keys/{id} | Update a Key |
DELETE /x-keys/{id} | Delete a Key |
POST /x-keys/{id}/sleep | Pause a Key |
POST /x-keys/{id}/wake | Resume a Key |
Query Keys
Always prefer fields=summary; it omits the complete Provider Secret and sensitive configuration.
curl "$BASE_URL/x-keys?fields=summary&page=1&size=20" \
-H "Authorization: Bearer $API_KEY"Optional filters:
| Parameter | Description |
|---|---|
id | Key ID |
level | Key group |
provider | Provider URL |
page / size | Pagination |
Summary response:
[
{
"ID": 42,
"Name": "OpenAI Primary",
"Level": 1,
"Provider": "https://api.openai.com",
"PartialKey": "...last-20-characters",
"NoSleep": false,
"Status": true,
"Sleeping": false,
"CreatedAt": "2026-07-18T08:00:00Z"
}
]Pagination metadata is returned in X-Total-Count, X-Total-Pages, X-Page, and X-Per-Page response headers.
Add a Key
POST /x-keyscurl -X POST "$BASE_URL/x-keys" \
-H "Authorization: Bearer $API_KEY" \
-H "Content-Type: application/json" \
-d '{
"Name": "OpenAI Primary",
"Level": 1,
"Provider": "https://api.openai.com",
"SecretKey": "sk-provider-secret-xxxxxxxx",
"Status": true,
"NoSleep": false,
"config": {"provider_type": "standard"}
}'| Field | Required | Description |
|---|---|---|
Provider | Yes | Upstream HTTPS Base URL; it cannot point back to this Router |
SecretKey | Yes | Upstream credential, at least 20 characters |
Name | No | Human-readable label |
Level | Yes | Key group; use a positive integer |
Status | Yes | Whether the Key is enabled; set it to true for normal use |
NoSleep | No | Prevent automatic sleeping for this Key |
config | No | Provider type and cloud-specific options |
Standard OpenAI, Anthropic, and similar bearer/API-key services normally use provider_type: standard. Use the console form for Azure, AWS, Vertex, and other cloud-specific fields. Never log SecretKey or sensitive config values.
Update a Key
PUT /x-keys/{id}Send only fields that need to change:
curl -X PUT "$BASE_URL/x-keys/42" \
-H "Authorization: Bearer $API_KEY" \
-H "Content-Type: application/json" \
-d '{
"Name": "OpenAI Production",
"Status": true,
"NoSleep": true
}'Submit a new SecretKey to rotate the upstream credential. The Router refreshes the corresponding Key cache and scheduling state after a successful update.
Pause and resume
curl -X POST "$BASE_URL/x-keys/42/sleep" \
-H "Authorization: Bearer $API_KEY"
curl -X POST "$BASE_URL/x-keys/42/wake" \
-H "Authorization: Bearer $API_KEY"sleepremoves the Key from normal scheduling immediately.wakeclears the sleeping state and schedules recovery.- For a long-term disable, update the Key with
Status: false.
Delete a Key
curl -X DELETE "$BASE_URL/x-keys/42" \
-H "Authorization: Bearer $API_KEY"Deletion cannot be undone. Before deleting a Key, make sure another usable Key remains in the same Level.
Security guidance
- Use
fields=summaryfor list queries. - Use separate Provider Keys for separate environments.
- Rotate upstream credentials regularly and disable unused Keys promptly.
- Never place Provider Secrets in frontend code, URLs, logs, or support tickets.
- Apply least privilege and budget limits to cloud credentials.