Manage API Reference
This page is aligned with current backend code and focuses on public Manage interfaces.
Base Information
- Base URL:
https://api.xairouter.com - Auth:
Authorization: Bearer sk-Xvs...
export BASE_URL="https://api.xairouter.com"Endpoint Overview
| Module | Method | Endpoint | Description |
|---|---|---|---|
| Subaccounts | POST | /x-users | Create subaccount |
| Subaccounts | GET | /x-users, /x-users/{identifier} | List direct children |
| Subaccounts | GET | /x-dna, /x-dna/{identifier} | List descendants |
| Subaccounts | PUT/POST | /x-users/{identifier} | Update subaccount |
| Subaccounts | DELETE | /x-users/{identifier} | Delete subaccount |
| Descendant billing | GET | /x-bill | Aggregated descendant billing |
| Self-service | POST | /x-self | Rotate current API key |
| Dashboard | GET | /dashboard/status | Account status |
| Dashboard | GET | /dashboard/info | Account detail |
| Dashboard | GET | /dashboard/live | Detail + real-time usage |
| Dashboard | GET | /dashboard/bill | Current account bill |
| Dashboard | GET | /dashboard/logs | Operation logs |
| Dashboard | GET | /dashboard/news | Notifications |
| Models | GET | /dashboard/models, /v1/models, /models | Visible models |
1) Subaccount Management (/x-users / /x-dna)
1.1 Create subaccount
POST /x-users
Minimal payload:
{
"Name": "dev-account",
"Email": "[email protected]",
"CreditGranted": 100
}Common optional fields:
Alias,BillingEmailRatesRPM/RPH/RPD,TPM/TPH/TPDAllowIPs,AllowModels,AllowLevelsResourcesModelLimits
Rate-limit field semantics
RPM/RPHandTPM/TPH: short-window throttles.RPD/TPD: natural-day quotas based on the server-side business date, not rolling 24-hour windows.- Hitting a short-window limit enters an independent
cooldown; repeated retries can refresh that cooldown. - After
RPD/TPDis exhausted, cooldown only lasts until the end of the current day; retries do not push recovery past the next day boundary. TPDis accrued from successful token usage. If one successful request pushes the day over the cap,429 TPDusually starts on the next request.ModelLimitsuse the same semantics as user-level limits, but accounting is merged into the effective model so aliases or upstream snapshot names do not split counters.
ModelLimits example:
{
"gpt-5": {
"RPM": 60,
"RPH": 1000,
"RPD": 5000,
"TPM": 200000,
"TPH": 2000000,
"TPD": 10000000
}
}1.2 Query children and descendants
GET /x-users: direct childrenGET /x-dna: all descendantsGET /x-users/{identifier},GET /x-dna/{identifier}: path filtering
Query params:
id,name,email,level,dnapage,sizeorder
Path identifier supports:
- numeric ID
- username
- DNA path (
.prefix) - prefix filters:
L{n},G{n},R{n},T{n},F{n}
1.3 Update subaccount
PUT /x-users/{identifier} or POST /x-users/{identifier}
Public fields commonly used:
- profile:
Name,Email,Alias,BillingEmail,QRCode - state:
Status,Suspended - credits:
CreditGranted,Days,Rates - limits:
DailyLimit,HardLimit,SoftLimit,UserLimit,AutoQuota - rate limits:
RPM/RPH/RPD,TPM/TPH/TPD - ACL:
Resources,AllowIPs,AllowModels,AllowLevels - mapping/limits:
ModelMapper,ModelLimits
Owner extras: Level, Role, Factor, LevelMapper.
1.4 Delete subaccount
DELETE /x-users/{identifier}
2) Descendant Billing (/x-bill)
GET /x-bill
Query params:
- date:
date/d - range:
start/s,end/e - days:
days - user filter:
user/u
3) Self Key Rotation (/x-self)
POST /x-self
{
"confirm": "YYYY-MM-DD-ROTATE-SELF",
"key": "sk-Xvs..."
}confirmmust match the current date phrasekeyis optional; backend can auto-generate
4) Dashboard (/dashboard/*)
GET /dashboard/status: permissions and statusGET /dashboard/info: account detailGET /dashboard/live: real-time usageGET /dashboard/bill: current account billingGET /dashboard/logs: operation logsGET /dashboard/news: notificationsGET /dashboard/models: model list
Only business-facing fields are documented. Internal billing-correction fields and maintenance interfaces are excluded.