DeepSeek
In this guide, you will connect AISIX AI Gateway to DeepSeek. Callers reach deepseek-chat and deepseek-reasoner through the gateway's OpenAI-compatible API, while AISIX owns the credential, model allowlist, rate limits, and usage accounting.
DeepSeek exposes an OpenAI-compatible API, so it uses the openai adapter with a DeepSeek api_base. Use this configuration when applications should authenticate to AISIX with a caller API key instead of holding the DeepSeek key directly.
Prerequisites
Before starting, prepare the following:
- A gateway with the admin API on
:3001and the proxy API on:3000. - The admin key from the gateway
config.yaml. - A DeepSeek API key from the DeepSeek platform. DeepSeek's OpenAI-compatible API root is
https://api.deepseek.com.
Supported Capabilities
DeepSeek is a chat-completions upstream. The gateway does not translate DeepSeek into endpoints that DeepSeek does not serve.
| Endpoint | Supported | Streaming | Notes |
|---|---|---|---|
/v1/chat/completions | Yes | Yes | Primary path. deepseek-reasoner returns reasoning content, see below. |
/v1/images/generations | No | — | Rejected: image generation requires provider: "openai". |
/v1/rerank | No | — | DeepSeek is not in the rerank allowlist (openai, cohere, jina). |
See Provider Compatibility for the exact per-endpoint rules.
Configure the DeepSeek Upstream
Create a provider key, model alias, and caller API key for the DeepSeek-backed route.
Create a Provider Key
export AISIX_ADMIN_KEY="YOUR_ADMIN_KEY"
export DEEPSEEK_API_KEY="YOUR_PROVIDER_API_KEY"
curl -sS -X POST "http://127.0.0.1:3001/admin/v1/provider_keys" \
-H "Authorization: Bearer ${AISIX_ADMIN_KEY}" \
-H "Content-Type: application/json" \
-d '{
"display_name": "deepseek-prod",
"provider": "deepseek",
"adapter": "openai",
"secret": "'"${DEEPSEEK_API_KEY}"'",
"api_base": "https://api.deepseek.com"
}'
❶ provider is deepseek.
❷ adapter is openai, because DeepSeek accepts OpenAI chat-completions requests.
❸ secret stores the DeepSeek API key. It follows the credential-handling behavior in Provider Credentials.
❹ api_base is required. For any provider other than openai, AISIX does not fall back to api.openai.com; it errors if api_base is empty. AISIX appends the endpoint path to api_base, so use the vendor root https://api.deepseek.com without a trailing /chat/completions.
Copy the returned provider key ID.
Create a Model
export PROVIDER_KEY_ID="YOUR_PROVIDER_KEY_ID"
curl -sS -X POST "http://127.0.0.1:3001/admin/v1/models" \
-H "Authorization: Bearer ${AISIX_ADMIN_KEY}" \
-H "Content-Type: application/json" \
-d '{
"display_name": "deepseek-chat-prod",
"provider": "deepseek",
"model_name": "deepseek-chat",
"provider_key_id": "'"${PROVIDER_KEY_ID}"'"
}'
❶ display_name is the alias callers send in model.
❷ model_name is the DeepSeek model ID, for example deepseek-chat or deepseek-reasoner.
❸ provider_key_id attaches the alias to the DeepSeek provider key.
Create a Caller API Key
Choose the caller API key value that the application will send to AISIX, then hash it for the admin resource:
export AISIX_API_KEY="YOUR_CALLER_API_KEY"
CALLER_KEY_HASH=$(printf '%s' "${AISIX_API_KEY}" | shasum -a 256 | awk '{print $1}')
curl -sS -X POST "http://127.0.0.1:3001/admin/v1/apikeys" \
-H "Authorization: Bearer ${AISIX_ADMIN_KEY}" \
-H "Content-Type: application/json" \
-d '{
"key_hash": "'"${CALLER_KEY_HASH}"'",
"allowed_models": ["deepseek-chat-prod"]
}'
❶ allowed_models must match the model alias you created.
Verify the Upstream
Send a chat-completions request through the AISIX proxy:
curl -sS -X POST "http://127.0.0.1:3000/v1/chat/completions" \
-H "Authorization: Bearer ${AISIX_API_KEY}" \
-H "Content-Type: application/json" \
-d '{
"model": "deepseek-chat-prod",
"messages": [{"role": "user", "content": "Say hello from DeepSeek."}]
}'
The gateway returns an OpenAI-compatible response that echoes the caller-facing alias deepseek-chat-prod. Confirm the request on the DeepSeek platform usage page. If AISIX returns an upstream authentication error, check the provider key secret; if it returns an upstream route error, check api_base and the DeepSeek model ID in model_name.
Behavior and Limits
deepseek-reasoner returns chain-of-thought in a non-standard reasoning_content field. To surface it in streaming responses, set the provider key's reasoning-field override:
{
"response": { "reasoning_field": "delta.reasoning_content" }
}
Response extensions beyond the OpenAI envelope are not normalized by default.
Next Steps
- Model Aliases — add routing, cost metadata, and rate limits for this alias.
- Routing and Failover — fail over between DeepSeek and a second provider.
- Provider Compatibility — the endpoint-by-endpoint support rules.