Skip to content

Authentication

All API requests must be authenticated. CiYuanX uses Bearer Token authentication to keep your API calls secure and reliable.

Getting an API key

Head to Console → API Tokens to create and manage your API keys.

Steps

  1. Sign in to your CiYuanX account
  2. Open the console
  3. Click "API Tokens" in the left-hand menu
  4. Click "New Token"
  5. Set the token name and permissions
  6. Copy the generated API key

Code examples

Pass the key in the request header as Authorization: Bearer YOUR_API_KEY:

bash
curl https://ciyuanx.io/v1/chat/completions \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -d '{
    "model": "gpt-4.1",
    "messages": [
      {"role": "user", "content": "Hello!"}
    ]
  }'
python
import os
import requests

response = requests.post(
    "https://ciyuanx.io/v1/chat/completions",
    headers={
        "Authorization": f"Bearer {os.environ['AI_GATEWAY_API_KEY']}",
        "Content-Type": "application/json",
    },
    json={
        "model": "gpt-4.1",
        "messages": [
            {"role": "user", "content": "Hello!"}
        ],
    },
)

print(response.json())
typescript
const response = await fetch("https://ciyuanx.io/v1/chat/completions", {
  method: "POST",
  headers: {
    "Authorization": `Bearer ${process.env.AI_GATEWAY_API_KEY}`,
    "Content-Type": "application/json",
  },
  body: JSON.stringify({
    model: "gpt-4.1",
    messages: [{ role: "user", content: "Hello!" }],
  }),
});

console.log(await response.json());

Security notes

WARNING

  • Keep your API key secret — never expose it in client-side code.
  • Rotate keys regularly to improve account security.
  • If a key is leaked, delete it in the console immediately and generate a new one.
  • Store keys in environment variables rather than hardcoding them.

Common errors

401 Unauthorized

The API key is invalid or has expired.

Fix: Verify the API key is correct, or regenerate a new one.

403 Forbidden

Insufficient permissions, or the account is restricted.

Fix: Check your account status and contact an administrator for the appropriate permissions.