API Reference
API Overview

API Reference

The Xilos API is a REST API that provides programmatic access to all Xilos features. All endpoints are OpenAI-compatible and use Bearer token authentication.

Base URL

https://api.xilos.ai/api/v1

Authentication

All authenticated API requests must include a Bearer token in the Authorization header:

Authorization: Bearer YOUR_XILOS_API_KEY

You can generate API keys from the dashboard, or create Virtual Keys with budget limits and rate limits for per-user or per-team access.

Key API Capabilities

  • Chat Completions — OpenAI-compatible chat completions endpoint with streaming support. Drop-in replacement for the OpenAI API.
  • Query Endpoint — Send queries with full governance metadata, conversation threading, and quality scoring.
  • Routing Rules — CRUD endpoints for managing routing rules that determine which LLM handles each query.
  • Restriction Rules — CRUD endpoints for managing security policies that block, mask, or flag queries.
  • Workflows — Create and manage multi-model workflows.
  • Training Data — Export the query log as a filtered training dataset for fine-tuning.
  • Fine-Tune — Create and manage fine-tune jobs using Xilos orchestration data.
  • Suggestions — Get AI-powered suggestions for cost optimization and fine-tune targets.
  • Routines — Schedule recurring agent queries with cron expressions.
  • Webhooks — Event-driven notifications with HMAC-signed payloads.
  • SIEM Export — Export governance events to SIEM platforms (CEF, Syslog, JSON).
  • Virtual Keys — API keys with budget limits and rate limits.

OpenAI Compatibility

Xilos provides a drop-in replacement for the OpenAI API. Any library that supports the OpenAI API — including the official OpenAI SDK, LangChain, and more — works with Xilos by changing the base URL:

from openai import OpenAI
 
client = OpenAI(
    api_key="YOUR_XILOS_API_KEY",
    base_url="https://api.xilos.ai/api/v1"
)

All requests sent to the OpenAI-compatible endpoint are automatically processed through your Xilos routing rules and security restrictions, ensuring compliance and cost control without changing your application code.

Request and Response Format

  • Content-Type: application/json
  • Authentication: Bearer token in Authorization header
  • Responses: JSON with standard HTTP status codes

Support

For API questions or integration assistance: