lolcreds

Public credential defaults and exposure patterns for authorized security testing.

xAI

xAIAI API1 credential

Credentials1 documented
01

API Key

xai / api-key

xAI API keys authenticate requests to api.x.ai. xAI's docs show Authorization: Bearer headers for REST requests and SDK examples that read the key from XAI_API_KEY.

user definedsecretAPI key

Location

environment
XAI_API_KEY
http header
Authorization

Bearer token used by xAI API calls

source code

apps, OpenAI-compatible clients, notebooks, committed .env files

config file

.env, deployment manifests, server config, shell profiles

secret store

CI/CD variables, cloud secret managers, hosted app settings

logs

HTTP client debug logs and gateway request logs

Notes

xAI keys are opaque bearer credentials with no reliable public prefix in the referenced docs. xAI exposes OpenAI-compatible usage patterns, so leaked keys may appear in generic OpenAI SDK configuration with a custom base URL as well as in provider-specific XAI_API_KEY variables.

Scope

Authorized use

LOLCreds helps map the credential surface of real products: known defaults, generated values, credential locations, and exposure patterns.