βββββββ βββ ββββββ ββββββββββ ββββββ βββββββββββββββββββββββββββββββββββ ββββββ βββββββ βββ
βββββββββββ βββββββββββββββββββ βββββββ ββββββββββββββββββββββββββββββββββββ βββββββββββββββββββ
βββββββββββ βββββββββββ βββββββ βββ βββββββββββ βββ ββββββ βββ βββ βββββββββββββββββββ
βββββββββββ βββββββββββ βββββββ βββ βββββββββββ βββ ββββββ βββ βββ βββββββββββββββ βββ
βββββββββββββββββββ ββββββββββββββ ββββββββββββββββββββββ βββ ββββββββββββββββ βββ ββββββ βββ
βββββββ βββββββββββ βββ ββββββββββ ββββββββββββββββββββββ βββ βββββββββββββββ βββ ββββββ βββ
[ Blacklisted Binary Labs ] β We didn't get the memo saying we had to play nice.
"They said you couldn't use those AI models in your own apps. We said 'hold my root beer.'
β BlacklistedAPI: the proxy that laughs at rate limits."
BlacklistedAPI is an OpenAI-compatible reverse proxy gateway that jailbreaks the client-only restrictions on the world's most powerful AI models β Gemini CLI, Claude Kiro, Grok, Codex, Qwen Code, and more β and wraps them into a single, clean, standard API endpoint your apps can actually call.
In plain English: Big AI companies give you fancy AI tools but won't let you use them in your own software. BlacklistedAPI is the middleman that says "actually, you can." Point your favorite AI-powered IDE, chat app, or automation pipeline at BlacklistedAPI's local endpoint and suddenly every "client-only" model is fair game. Zero code changes on your end. Zero permission slips required.
Built on Node.js, hardened with Go TLS tricks, secured with OpenTelemetry observability, and battle-tested with Promptfoo red-team suites β this is not your grandma's proxy.
"We didn't build from scratch. We stood on the shoulders of legends and then immediately climbed higher."
BlacklistedAPI is forged from the fusion of two legendary open-source codebases. Without them, this doesn't exist.
| Ancestor | Language | What They Built | What We Took |
|---|---|---|---|
| π₯ router-for-me/CLIProxyAPI | Go | The original CLI proxy engine β OpenAI/Gemini/Claude/Codex compatible endpoints, multi-account round-robin, OAuth flows for every major provider, reusable Go SDK, and a whole ecosystem of downstream projects built on top of it. The blueprint that proved this was possible. | The core proxy architecture patterns, multi-account load balancing concepts, OAuth flow designs, and provider routing strategy |
| β‘ justlovemaki/AIClient-2-API | Node.js | The Node.js implementation that brought in the Web UI management console, TLS fingerprint bypass via Go uTLS sidecar, Antigravity/Kiro/Grok protocol support, account pool manager with async refresh queue, and the three-way OpenAIβClaudeβGemini protocol conversion engine. | The entire Node.js codebase β protocol engine, provider adapters, account pool manager, Web UI, TLS sidecar, and every OAuth integration |
Mad respect to @router-for-me for proving the concept and building the original Go engine that spawned an ecosystem.
Mad respect to @justlovemaki for taking that torch and rebuilding it in Node.js with a full UI, multi-protocol conversion, and enough features to make enterprise engineers nervous.
BlacklistedAPI is what happens when you take both of those, slam them together, add Blacklisted Binary Labs energy, and refuse to ask permission.
WITHOUT BlacklistedAPI: WITH BlacklistedAPI:
Your App Your App
β β
βΌ βΌ
β Can't call Gemini CLI directly β
BlacklistedAPI :3000
β Claude Kiro = client-only jail / | \
β Codex OAuth = proprietary hell Gemini Claude Grok
β Grok = Cloudflare wall Claude Codex Kimi
β Five different API formats Qwen Kiro More
β Rate limits everywhere β
β Your wallet, crying βΌ
OpenAI-compatible
Standard Response
(FREE models edition)
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β MODEL β NORMAL PRICE β BLACKLISTEDAPI PRICE β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β Claude Opus 4.5 β $$$$$ β π (via Kiro OAuth) β
β Gemini 3 Pro β $$$ β π (via Gemini CLI) β
β Grok 3/4 β $$ β π (via xAI SSO) β
β Codex β $$$ β π (via OpenAI OAuth) β
β Qwen3 Coder Plus β $$ β π (via Alibaba OAuth) β
β Kimi K2 β $$ β π (via Moonshot OAuth) β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
* Free within provider's own usage limits. We're a proxy, not magic.
(Well, we're a *little* magic.)
Technical: Implements OAuth 2.0 PKCE flows, token refresh cycles, and HTTP session simulation to access Gemini CLI, Claude Kiro, xAI Grok, OpenAI Codex, Alibaba Qwen, and Moonshot Kimi through their client-application authentication pathways. Normalizes all responses to OpenAI chat completions format.
Human Version: Imagine those AI models are in VIP clubs that only let in their official apps. BlacklistedAPI puts on a fake mustache, walks in through the staff entrance, and sends you everything from the inside. Your app just thinks it's talking to a normal OpenAI endpoint.
Technical: Three-way protocol bridge supporting OpenAI β Anthropic Claude β Google Gemini message format translation. Automatic protocol detection based on incoming request headers + path routing. Handles streaming (SSE), function calling, vision inputs, and system prompt injection.
Human Version: Different AI companies invented totally different ways for software to talk to them. It's like some people speak English, some speak Klingon, some speak interpretive dance. BlacklistedAPI is the universal translator. You send English, it figures out who speaks what and translates in real time, then sends you back English.
Technical: Multi-account round-robin scheduler with async token refresh queue, buffer queue deduplication, global concurrency limiter, node warmup period, TTL-based expiry detection, and automatic failover to next healthy credential.
Human Version: Got 5 free Gemini accounts? Throw them all in. BlacklistedAPI takes turns using each one so none of them hit the daily limit. If one account gets rate-limited or breaks, it automatically skips it and tries the next one β no downtime, no drama. It's like having 5 employees cover the same shift so nobody burns out.
Account Pool in Action:
Account 1 βββΊ [Rate Limited] βββΊ SKIP
Account 2 βββΊ [Healthy] ββββββββΊ USE βββ Request 1
Account 3 βββΊ [Healthy] ββββββββΊ USE βββ Request 2
Account 4 βββΊ [Token Expired] ββΊ REFRESH β USE βββ Request 3
Account 5 βββΊ [Healthy] ββββββββΊ USE βββ Request 4
Technical: Embedded Go microservice using uTLS library to simulate legitimate browser TLS handshake fingerprints (Chrome/Firefox JA3 signatures). Intercepts outbound requests to Cloudflare-protected endpoints (primarily Grok/xAI) and replaces the Node.js TLS fingerprint with a browser-matching one, defeating CF's bot detection heuristics.
Human Version: Cloudflare is a bouncer that checks not just your ID, but HOW you knocked on the door. Node.js knocks like a robot (obvious). Browsers knock a specific way. Our Go sidecar teaches BlacklistedAPI to knock like a browser. Cloudflare says "come on in." Problem solved with a tiny Go program running alongside the main server.
Technical: Full distributed tracing via OpenTelemetry NodeSDK with OTLP-HTTP export. Every request gets a unique trace ID surfaced in the X-Trace-Id response header. Child spans per provider hop (llm.<provider>), gateway routing span (gateway.proxy), and optional Langfuse generation recording for LLM-specific analytics. All zero-cost when OTEL_ENABLED is unset.
Human Version: Ever wonder exactly which AI model answered your request, how long it took, whether it went through the account pool, and why that one weird request failed on Tuesday at 3am? OTel gives you a detailed trail of everything. Connect it to a Langfuse dashboard and watch your AI calls in real time like a mission control operator. It's the NSA for your own data β but you're the good guy here.
Technical: Integrated Promptfoo evaluation suite with baseline protocol conformance tests and adversarial security test suite. CI-enforced passRateThreshold: 1.0 on the security suite. Tests cover prompt injection, jailbreak resistance, cross-provider protocol compliance, and response format validation.
Human Version: We hire a team of virtual hackers to try and break our own proxy before you use it. They throw the nastiest prompts imaginable at it β trying to trick it, confuse it, steal data through it β and if any of those tricks work, the build fails and we fix it. It's like a dress rehearsal for getting attacked.
Technical: Server-side Express.js with dynamically loaded frontend components. Real-time provider health monitoring via REST polling, CRUD API for account pool management, request/response log viewer with filtering, API key management, model alias routing config, and theme switching (dark/light).
Human Version: Instead of editing scary JSON files, you get a website dashboard running on your own computer. Click buttons to add accounts, see which models are working, watch live logs of what's happening, and test API calls β all without touching the command line after the first start. It's like a cockpit for your AI empire.
Technical: Multi-tenant shared credential pool module where authenticated users contribute and consume API keys from a common pool. Rate-limited distribution with per-user quotas, key validation on submission, and encrypted storage. Separate potluck key management interface.
Human Version: Community pot-luck dinner, but for AI API keys. You bring a dish (your spare API key), everyone else brings a dish, and we all eat together. Pool your resources with other users, everyone gets more access without anyone paying more. Very communist, very effective, very Blacklisted.
ββββββββββββββββββββββββββββββββββββββββββββ
β BlacklistedAPI Gateway β
β β
Your App ββββββββββΊ β ββββββββββββββββ βββββββββββββββββββ β
(OpenAI format) β β Auth Layer β β Protocol Conv. β β
β β API Keys β β OpenAIβClaude β β
β β JWT Tokens β β ClaudeβGemini β β
β ββββββββ¬ββββββββ ββββββββββ¬βββββββββ β
β β β β
β ββββββββΌββββββββββββββββββββββΌβββββββββ β
β β Hybrid Gateway Router β β
β β (Path routing + model dispatch) β β
β ββββββββ¬βββββββββββββββββββββββββββββββ β
β β β
β ββββββββΌβββββββββββββββββββββββββββββββ β
β β Provider Pool Manager β β
β β ββββββββ ββββββββ ββββββββ β β
β β β G1 β β G2 β β G3 β ... β β
β β βGem. β βKiro β βGrok β β β
β β ββββββββ ββββββββ ββββββββ β β
β ββββββββββββββββββββββββββββββββββββββββ β
β β
β ββββββββββββββββ βββββββββββββββββββ β
β β OTel Traces β β Go TLS Sidecar β β
β β Langfuse β β uTLS Browser β β
β β Logs β β Fingerprinting β β
β ββββββββββββββββ βββββββββββββββββββ β
ββββββββββββββββββββββββββββββββββββββββββββ
β
ββββββββββββββββββββββββββββΌβββββββββββββββββββββββββββ
βΌ βΌ βΌ
Gemini CLI Claude / Kiro xAI Grok
Antigravity OpenAI Codex Qwen Code
(Google) (Anthropic/OAI) (Alibaba/xAI)
docker run -d \
-p 3000:3000 \
-p 8085-8086:8085-8086 \
-p 1455:1455 \
-p 19876-19880:19876-19880 \
--restart=always \
-v "$(pwd)/configs:/app/configs" \
--name blacklistedapi \
crazyrob425/blacklisted-apiOpen http://localhost:3000 β Web UI dashboard appears β configure models β done.
cd docker
mkdir -p configs
docker compose up -dLinux/macOS:
chmod +x install-and-run.sh && ./install-and-run.shWindows:
install-and-run.batOnce running, point any OpenAI-compatible tool at http://localhost:3000:
| Tool | Setting | Value |
|---|---|---|
| Cherry-Studio | API Base URL | http://localhost:3000 |
| Continue.dev | API Base URL | http://localhost:3000 |
| Cline | API Base URL | http://localhost:3000 |
| OpenCode | Base URL | http://localhost:3000 |
| OpenClaw | Gateway URL | http://localhost:3000 |
| Any OpenAI SDK | baseURL | http://localhost:3000 |
Each provider uses a different auth method. Here's the breakdown:
| Provider | Auth Method | Port | Notes |
|---|---|---|---|
| Gemini CLI | OAuth 2.0 PKCE | 8085 | Auto browser pop-up on first run |
| Antigravity | OAuth 2.0 | 8086 | Google internal API access |
| Claude Kiro | OAuth + Cookie | 19876-19880 | 500 free credits on new accounts |
| Codex | OpenAI OAuth | 1455 | OpenAI Codex subscription required |
| Grok | xAI SSO Cookie | N/A | Grabbed via browser cookie extraction |
| Qwen Code | Alibaba OAuth | N/A | Free qwen3-coder-plus access |
| Kimi K2 | Moonshot OAuth | N/A | Moonshot account required |
All auth configs live in configs/config.json (or manage via Web UI β the sane option).
# Use Gemini
curl http://localhost:3000/gemini/v1/chat/completions
# Use Claude/Kiro
curl http://localhost:3000/kiro/v1/chat/completions
# Use Grok
curl http://localhost:3000/grok/v1/chat/completions
# Auto-detect from model name in request body
curl http://localhost:3000/v1/chat/completions \
-d '{"model": "claude-opus-4-5", ...}'MASTER_PORT=3100 # Master process management port
API_PORT=3000 # Main API port
OTEL_ENABLED=true # Enable distributed tracing
LANGFUSE_PUBLIC_KEY=... # Langfuse integration
LANGFUSE_SECRET_KEY=...
PROVIDER_POOLS_FILE_PATH=./configs/provider_pools.json// configs/config.json
{
"systemPrompt": {
"mode": "override", // or "append"
"content": "You are a helpful assistant deployed via BlacklistedAPI."
}
}BlacklistedAPI ships with built-in plugins that can be activated from the Web UI:
| Plugin | What It Does |
|---|---|
| AI Monitor | Sniffs request/response payloads before and after protocol conversion. Perfect for debugging |
| Model Usage Stats | Tracks token consumption per model, per provider, per time period |
| API Potluck | Community key sharing pool |
| Langfuse Bridge | Ships all LLM calls to Langfuse for observability dashboards |
Concurrency Load Test Results (8-core dev machine, local network):
Requests/sec β βββββββββββββββββββββββββββ 2,400 req/s (no pool)
β ββββββββββββββββββββββββββββββββ 3,800 req/s (5-acct pool)
β
Latency P50 β 12ms (gateway overhead only, excl. upstream)
Latency P99 β 45ms
β
Uptime β 99.9% with auto-failover on 3+ accounts
Restart time β <1.5s (master process watchdog)
# Unit tests (fast, no network)
npm test -- tests/hybrid-gateway.test.js tests/provider-models.unit.test.js tests/security-fixes.unit.test.js --forceExit
# Full test suite
npm test
# Promptfoo red-team security suite
npm run test:promptfoo:security
# Coverage report
npm run test:coverage| Version | Date | Highlight |
|---|---|---|
| 2.13.7 | Current | BlacklistedAPI fork β OTel, Langfuse, Promptfoo hardening |
| 2.x | 2026.03 | Grok protocol, multimodal, video gen |
| 1.x | 2026.01 | Codex OAuth, AI Monitor plugin, async refresh queue |
| 0.x | 2025.12 | Web UI, Docker Hub, unified config management |
| Origins | 2025.08 | Account pool management, multi-account failover |
# Latest stable
docker pull crazyrob425/blacklisted-api:latest
# Specific version
docker pull crazyrob425/blacklisted-api:2.13.7- π OpenClaw Config Guide β Using BlacklistedAPI with OpenClaw
- π Provider Adapter Guide β Adding new AI providers
- π OpenCode Config Example β OpenCode integration
- π¦ Dependency Register β Third-party inventory
- πΊοΈ Governance Roadmap β What's coming next
- πͺ Windows Beta Blueprint β Beta scope, QA gates, and go/no-go checklist
- π WRB Tauri Desktop App β Native Windows tabbed dashboard shell
"With great power comes great responsibility to read the terms of service you're definitely not violating."
BlacklistedAPI is for educational and research purposes. Use it to:
- Access models you're legitimately subscribed to
- Build personal tools and projects
- Study how AI APIs work under the hood
Do NOT use it to circumvent paid services without authorization, abuse rate limits in bad faith, or do anything that would get you actually blacklisted (the bad kind).
GNU GPL v3 β Free as in freedom. Fork it, hack it, improve it. Just keep it open.
Standing ovation for the real ones:
- @router-for-me β For
CLIProxyAPI, the original Go-based CLI proxy engine that proved the whole concept worked and spawned an entire ecosystem of projects. The blueprint. - @justlovemaki β For
AIClient-2-API, the Node.js reimplementation with full Web UI, TLS bypass, multi-protocol conversion, and a feature set wild enough to make this worth combining. The engine. - The open-source legends powering the stack: OpenTelemetry, Langfuse, Promptfoo, uTLS
- Every star, fork, and contributor on both source repos β you built the foundation we're standing on