I want to connect xAI's Grok Build CLI (the `grok` command) to the API endpoint below. Please complete the setup and verify it works.
My gateway:
- API endpoint: https://api.x.ai/v1
- API key: <PASTE-YOUR-API-KEY-HERE>
> Note: the API key above is a placeholder. Remind me to replace it with the real one first; if I already have, just carry on. Never invent a key.
Follow every step below in order. Each one exists because it is a real failure mode. Do not skip any step, especially step 3 and the verification in step 7.
## Step 1 — Confirm the CLI is installed
Run `grok --version`. If it is not installed, tell me first; do not install it yourself.
## Step 2 — Log out of the official account first (critical)
A Grok Build login session takes precedence over an API key. If a valid session still exists locally, the API key config will silently not take effect, and the error message will be misleading.
Run `grok logout`, then confirm `~/.grok/auth.json` is gone (an `auth.json.lock` left behind is fine).
## Step 3 — Fetch the model list with my key to get the real model IDs
This step is the foundation of everything else. **Do not assume from memory that the model is called grok-4, grok-4.5, or anything else.** What this endpoint actually serves, and under what ID, is determined solely by what the API returns.
Run:
```bash
curl -s https://api.x.ai/v1/models -H "Authorization: Bearer <PASTE-YOUR-API-KEY-HERE>"
```
Read the model IDs from `data[].id` in the JSON response. Those are the only names that are valid in the config.
Troubleshooting:
- 401 → the key is invalid or mistyped
- 404 → wrong endpoint path; try adding or removing the trailing `/v1`
- 503 → the upstream is temporarily down; wait and retry rather than changing the config
## Step 4 — Pick one model and confirm it actually generates tokens
A model listing is not proof that inference works. Substitute one model ID from step 3 and test it:
```bash
curl -s https://api.x.ai/v1/chat/completions \
-H "Authorization: Bearer <PASTE-YOUR-API-KEY-HERE>" \
-H "Content-Type: application/json" \
-d '{"model":"<MODEL_ID_FROM_STEP_3>","messages":[{"role":"user","content":"hi"}],"max_tokens":20}'
```
Confirm a 200 response with actual content in `choices[0].message.content` before continuing.
## Step 5 — Write ~/.grok/config.toml
Back up first: `cp ~/.grok/config.toml ~/.grok/config.toml.bak` (skip if the file does not exist).
Then write the following, replacing every `<MODEL_ID>` with a real model ID from step 3:
```toml
[endpoints]
models_base_url = "https://api.x.ai/v1"
[model."<MODEL_ID>"]
api_key = "<PASTE-YOUR-API-KEY-HERE>"
[models]
default = "<MODEL_ID>"
```
### ⚠️ A TOML trap you must avoid
If the model ID contains a dot (e.g. `grok-4.5`), the table name **must** be quoted:
```toml
[model."grok-4.5"] # ✅ correct
[model.grok-4.5] # ❌ wrong
```
Without quotes, TOML treats the dot as a key separator and parses it as "key `5` inside table `grok-4`" — the config effectively does not exist. The symptom is `grok models` reporting `You are not authenticated` and falling back to listing built-in defaults like `grok-4`. This failure is easy to miss, so check it explicitly.
### What these settings do
- Once `[endpoints] models_base_url` is set, Grok switches from session auth to `Authorization: Bearer` API key auth, so `grok login` is no longer required
- Every `[model.*]` inherits that base_url, so you do not need to repeat `base_url` per model
- Credential resolution order is `api_key` → `env_key` → the global `XAI_API_KEY` env var
- Grok fetches the model list automatically from `{models_base_url}/models`
## Step 6 — Tighten file permissions
The config holds the key in plaintext:
```bash
chmod 600 ~/.grok/config.toml
```
## Step 7 — Verify (do not skip)
List the models:
```bash
grok models
```
You should see `Model '<MODEL_ID>' is using its own API key.` along with the models from step 3.
If you see `You are not authenticated`, or the listing shows built-in models you never configured, the config did not take effect. Check in this order: the quotes around the model name (step 5) → whether the logout actually happened (step 2) → whether the base_url needs the `/v1` suffix.
Then run real inference:
```bash
grok -p "Introduce yourself in one sentence"
```
## Step 8 — Clean up stale references to old model names
Check `~/.grok/config.toml` for any other field pointing at a model that does not exist on this endpoint, such as `[ui] fork_secondary_model` or `[models] web_search`. Repoint them at a real model ID from step 3, otherwise those features will fail at use time.
## When you're done, report back
1. The model IDs you actually got in step 3
2. The final `config.toml` (mask the key as `sk-***`)
3. The output of `grok models` and `grok -p`
If any step fails, paste the raw error rather than guessing or skipping ahead.
Once copied, replace the key placeholder with your own key — the AI needs it to run the verification steps