Authentication
All API requests must be authenticated. CiYuanX uses Bearer Token authentication to keep your API calls secure and reliable.
Getting an API key
Head to Console → API Tokens to create and manage your API keys.
Steps
- Sign in to your CiYuanX account
- Open the console
- Click "API Tokens" in the left-hand menu
- Click "New Token"
- Set the token name and permissions
- Copy the generated API key
Code examples
Pass the key in the request header as Authorization: Bearer YOUR_API_KEY:
bash
curl https://ciyuanx.io/v1/chat/completions \
-H "Content-Type: application/json" \
-H "Authorization: Bearer YOUR_API_KEY" \
-d '{
"model": "gpt-4.1",
"messages": [
{"role": "user", "content": "Hello!"}
]
}'python
import os
import requests
response = requests.post(
"https://ciyuanx.io/v1/chat/completions",
headers={
"Authorization": f"Bearer {os.environ['AI_GATEWAY_API_KEY']}",
"Content-Type": "application/json",
},
json={
"model": "gpt-4.1",
"messages": [
{"role": "user", "content": "Hello!"}
],
},
)
print(response.json())typescript
const response = await fetch("https://ciyuanx.io/v1/chat/completions", {
method: "POST",
headers: {
"Authorization": `Bearer ${process.env.AI_GATEWAY_API_KEY}`,
"Content-Type": "application/json",
},
body: JSON.stringify({
model: "gpt-4.1",
messages: [{ role: "user", content: "Hello!" }],
}),
});
console.log(await response.json());Security notes
WARNING
- Keep your API key secret — never expose it in client-side code.
- Rotate keys regularly to improve account security.
- If a key is leaked, delete it in the console immediately and generate a new one.
- Store keys in environment variables rather than hardcoding them.
Common errors
401 Unauthorized
The API key is invalid or has expired.
Fix: Verify the API key is correct, or regenerate a new one.
403 Forbidden
Insufficient permissions, or the account is restricted.
Fix: Check your account status and contact an administrator for the appropriate permissions.