XinoAPI Documentation
One unified OpenAI-compatible API for DeepSeek, Qwen, GLM, Kimi, and MiniMax. Self-service onboarding is available in supported regions, with additional verification possible for abuse prevention, payment risk, or enterprise limits.
Quick start
The XinoAPI endpoint is a drop-in replacement for the OpenAI SDK. Change two lines and route requests to Chinese frontier LLMs.
1. Get your API key
Sign up at api.xinoapi.com/register. New accounts can claim $2.00 in free credits and create API keys from the dashboard. Keys start with xino-.
2. Install the OpenAI SDK
pip install openai
npm install openai
go get github.com/sashabaranov/go-openai
3. Send your first request
from openai import OpenAI client = OpenAI( api_key="xino-your-key-here", base_url="https://api.xinoapi.com/v1", ) response = client.chat.completions.create( model="deepseek-v4-flash", messages=[ {"role": "user", "content": "Hello!"} ], ) print(response.choices[0].message.content)
import OpenAI from "openai"; const client = new OpenAI({ apiKey: "xino-your-key-here", baseURL: "https://api.xinoapi.com/v1", }); const response = await client.chat.completions.create({ model: "deepseek-v4-flash", messages: [{ role: "user", content: "Hello!" }], }); console.log(response.choices[0].message.content);
package main import ( "context" "fmt" openai "github.com/sashabaranov/go-openai" ) func main() { config := openai.DefaultConfig("xino-your-key-here") config.BaseURL = "https://api.xinoapi.com/v1" client := openai.NewClientWithConfig(config) resp, _ := client.CreateChatCompletion( context.Background(), openai.ChatCompletionRequest{ Model: "deepseek-v4-flash", Messages: []openai.ChatCompletionMessage{ {Role: "user", Content: "Hello!"}, }, }, ) fmt.Println(resp.Choices[0].Message.Content) }
curl https://api.xinoapi.com/v1/chat/completions \ -H "Content-Type: application/json" \ -H "Authorization: Bearer xino-your-key-here" \ -d '{ "model": "deepseek-v4-flash", "messages": [{"role": "user", "content": "Hello!"}] }'
Your first response should use the same OpenAI-compatible shape as your existing SDK calls. If you see an authentication error, double-check your API key in the dashboard.
Authentication
All requests require a bearer token in the Authorization header:
Authorization: Bearer xino-your-key-here
You can create and revoke keys at any time from api.xinoapi.com/token. Each key has its own usage quota and can be restricted to specific models.
Never commit API keys to git. Use environment variables: os.environ["XINOAPI_KEY"] in Python, process.env.XINOAPI_KEY in Node.js.
Available models
Pass the model ID as the model parameter. Full pricing at /pricing.
DeepSeek
Alibaba Qwen
Zhipu GLM
Moonshot Kimi
MiniMax
Chat completions
Standard OpenAI-compatible chat completion endpoint. All OpenAI SDK features work — system prompts, multi-turn conversations, temperature/top_p, max_tokens, stop sequences, JSON mode, function calling.
response = client.chat.completions.create( model="deepseek-v4-flash", messages=[ {"role": "system", "content": "You are a helpful assistant."}, {"role": "user", "content": "Explain quantum entanglement in 3 sentences."}, ], temperature=0.7, max_tokens=500, )
Streaming
Set stream=True to receive Server-Sent Events. The response streams token-by-token in the standard OpenAI format.
stream = client.chat.completions.create( model="deepseek-v4-flash", messages=[{"role": "user", "content": "Write a haiku about code."}], stream=True, ) for chunk in stream: if chunk.choices[0].delta.content: print(chunk.choices[0].delta.content, end="", flush=True)
const stream = await client.chat.completions.create({ model: "deepseek-v4-flash", messages: [{ role: "user", content: "Write a haiku." }], stream: true, }); for await (const chunk of stream) { process.stdout.write(chunk.choices[0]?.delta?.content || ""); }
Function calling
Most XinoAPI models support OpenAI-style function calling (tools parameter). DeepSeek, Qwen, and GLM have native support. Kimi and MiniMax have partial support — test your specific use case.
tools = [{
"type": "function",
"function": {
"name": "get_weather",
"description": "Get current weather for a city",
"parameters": {
"type": "object",
"properties": {
"city": {"type": "string"},
},
"required": ["city"],
},
},
}]
response = client.chat.completions.create(
model="deepseek-v4-flash",
messages=[{"role": "user", "content": "What's the weather in Tokyo?"}],
tools=tools,
)
tool_calls = response.choices[0].message.tool_calls
If you're building an agent that executes tool calls, use the Privacy SDK's response scanner to detect malicious tool calls injected by compromised intermediaries. See arXiv:2604.08407 for the threat model.
Agent integrations
XinoAPI works with developer agents that support OpenAI-compatible chat completions. Use the same API key and base URL, then choose a model based on the workflow: fast coding edits, long-context review, or enterprise-style instruction following.
XINOAPI_BASE_URL=https://api.xinoapi.com/v1 XINOAPI_API_KEY=xino-your-key-here XINOAPI_MODEL=deepseek-v4-flash
CC Switch setup
CC Switch is a multi-tool manager for AI coding CLIs. Add XinoAPI as a custom OpenAI-compatible provider, then reuse it across supported tools that can call an OpenAI-style endpoint.
# CC Switch custom provider values Provider: OpenAI compatible Base URL: https://api.xinoapi.com/v1 API Key: xino-your-key-here Model: deepseek-v4-flash
For agents that can execute commands or edit files, avoid sending secrets in prompts, enable local redaction where possible, and review tool calls before execution.
Privacy SDK
The XinoAPI Privacy SDK is a drop-in replacement for the OpenAI client that adds three defense layers: PII redaction, response threat scanning, and hash-chained audit logs. Free and open source (MIT).
pip install xinoapi-privacy
from xinoapi_privacy import PrivateClient client = PrivateClient( api_key="xino-your-key", base_url="https://api.xinoapi.com/v1", ) # PII is redacted before sending, restored in the response. # Response is scanned for threats. Audit log maintains hash chain. response = client.chat.completions.create( model="deepseek-v4-flash", messages=[{ "role": "user", "content": "Email john@acme.com about Q3." }], )
Verifying response signatures
Every response from XinoAPI includes an X-SB-Signature header — an HMAC-SHA256 signature of the response body. Verify this to detect tampering between the gateway and your client.
Get your signing secret from /v1/security/signing-secret:
curl https://api.xinoapi.com/v1/security/signing-secret \
-H "Authorization: Bearer xino-your-key"
Then verify in your code:
from xinoapi_privacy.verifier import SignatureVerifier verifier = SignatureVerifier(signing_secret="your-secret") result = verifier.verify( body=response_bytes, timestamp=response.headers["X-SB-Timestamp"], signature=response.headers["X-SB-Signature"], ) if not result.valid: raise SecurityError(f"Tampered: {result.reason}")
Provider Data Policies
XinoAPI is a gateway to third-party model providers. We do not train on your prompts or responses, but upstream providers operate under their own terms, data policies, and regional obligations. Do not send sensitive data unless your organization has reviewed the selected provider's policy and applied client-side redaction where appropriate.
Error handling
XinoAPI returns standard HTTP status codes and OpenAI-compatible error bodies.
Rate limits
Default limits per API key:
- 60 requests/minute across all models
- 1 million tokens/minute across all models
- 10 concurrent streaming connections per key
Rate limit info is returned in response headers: X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset. For higher limits, email support@xinoapi.com.
Migration from other providers
From OpenAI
# Before - direct provider account and regional verification may be required client = OpenAI( api_key="sk-...", base_url="https://api.deepseek.com", ) # After - one XinoAPI key, plus 4 other provider families available client = OpenAI( api_key="xino-...", base_url="https://api.xinoapi.com/v1", ) # Use explicit model IDs: deepseek-v4-flash or deepseek-v4-pro
Frequently asked questions
How do I access DeepSeek from outside China?
Use XinoAPI as an OpenAI-compatible gateway in supported regions. Register at api.xinoapi.com/register, then set base_url="https://api.xinoapi.com/v1" in the OpenAI SDK.
Is the XinoAPI endpoint OpenAI SDK compatible?
Yes. The /v1/chat/completions endpoint accepts the exact same request format as OpenAI and returns the same response shape. Function calling, streaming (SSE), JSON mode, and logit_bias all work identically.
What model name should I use for DeepSeek V4?
deepseek-v4-flash for the general-purpose V4 model (replaces V3.2 at the same price). deepseek-v4-pro for the flagship 1.6T-parameter model with Claude Opus-level performance. Use explicit V4 model IDs in new projects; do not rely on legacy DeepSeek aliases.
Which models support function calling?
DeepSeek (all), Qwen (plus/turbo/max), GLM-4 (plus/flash), Kimi K2.5. MiniMax M2.7 has partial support. All use the standard OpenAI tools parameter format.
How do I stream responses?
Add stream=True (Python) or stream: true (Node.js) to your request. The response becomes an async iterator yielding OpenAI-format chunks. See the streaming section.
What's the maximum context window?
Varies by model: DeepSeek V4 offers 1M context, Qwen Plus offers long-context routing, Kimi K2.6 offers 256K context, and MiniMax M2.7 offers a large software-engineering context window. See available models for per-model limits.
Are there rate limits I should know about?
60 requests/minute and 1M tokens/minute per key by default. Higher limits available on request. Rate limit headers are returned with every response.
How do I handle errors?
XinoAPI uses standard HTTP status codes. For 402 (insufficient credits), prompt the user to top up. For 429 (rate limit), implement exponential backoff. For 502/504 (upstream errors), retry with a different model or wait. See the error reference.
Is my prompt data used to train models?
XinoAPI does not train models on customer prompts or responses. Upstream providers operate under their own policies, so use client-side redaction and provider review before sending sensitive data.
What uptime terms are available?
XinoAPI is built for high availability with failover across compatible upstream routes where possible. Public uptime targets, credits, and formal uptime commitments are handled through enterprise agreements.