lolcreds

Public credential defaults and exposure patterns for authorized security testing.

Zhipu AI / BigModel

Zhipu AIAI API1 credential

Credentials1 documented
01

API Key

zhipu / api-key

Zhipu AI BigModel API keys authenticate calls to GLM and other Zhipu platform APIs. Zhipu's documentation exposes API Key management in the developer console and supports OpenAI-compatible client usage.

user definedsecretAPI key

Looks like

example
example

JWT-like BigModel API key form commonly seen in older Zhipu integrations

XXXXXXXXXXXXXXXX.XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Location

environment
ZHIPUAI_API_KEY
http header
Authorization

bearer token used by Zhipu / BigModel API calls

source code

GLM examples, OpenAI-compatible clients, notebooks, committed .env files

config file

.env, deployment manifests, local app config, gateway config

secret store

CI/CD variables, hosted app settings, cloud secret managers

logs

HTTP client logs and LLM gateway logs containing Authorization headers

Notes

Zhipu keys appear in both native SDK and OpenAI-compatible client configurations. Treat bearer headers, ZHIPUAI_API_KEY variables, and JWT-like key strings as equivalent API credential material.

Scope

Authorized use

LOLCreds helps map the credential surface of real products: known defaults, generated values, credential locations, and exposure patterns.