Every request theDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/phpaisdk/xai/llms.txt
Use this file to discover all available pages before exploring further.
aisdk/xai package sends to the xAI API must include an
API key. The key is transmitted as an HTTP Authorization: Bearer header,
assembled by XAIOptions::authHeaders() and merged into every request at
send time. You can supply the key through an environment variable (the
recommended approach) or pass it directly when constructing the provider.
Obtaining an API key
Sign in to the xAI developer console at https://console.x.ai and generate a new API key from the API Keys section of your account. Copy the key immediately — it is only shown once.xAI API keys begin with
xai-. If your key does not start with this
prefix, double-check that you copied it in full from the console.Setting via environment variable (recommended)
Export the key in your shell or set it in your deployment environment before starting the application:XAI::create() or XAI::default()
without mentioning the key anywhere in PHP source code. XAIOptions::fromArray()
reads XAI_API_KEY automatically:
Setting programmatically
Pass the key in the configuration array when you need to manage credentials at runtime — for example, when multi-tenant applications use different keys per request:How the key is sent
XAIOptions::authHeaders() prepends the Authorization header to any
extra headers you configured, and the result is attached to every outgoing
HTTP request:
Security best practices
Additional recommendations:- Rotate keys regularly. Treat API keys like passwords and replace them on a schedule, or immediately if you suspect a leak.
- Use the minimum required scope. If the xAI console allows scoped keys, grant only the permissions your application actually needs.
- Audit key usage. Monitor the xAI console for unexpected request volumes or unusual usage patterns that could indicate a compromised key.