Skip to main content

Qwen (Alibaba Cloud)

In this guide, you will connect AISIX AI Gateway to Alibaba Cloud Qwen models. Callers reach qwen-plus, qwen-max, and qwen-turbo through the gateway's OpenAI-compatible API, while AISIX owns the credential, model allowlist, rate limits, and usage accounting.

Alibaba Cloud Model Studio (DashScope) exposes an OpenAI-compatible endpoint, so Qwen uses the openai adapter with a DashScope api_base. Use this configuration when applications should authenticate to AISIX with a caller API key instead of holding the DashScope key directly.

Prerequisites

Before starting, prepare the following:

  • A gateway with the admin API on :3001 and the proxy API on :3000.

  • The admin key from the gateway config.yaml.

  • A DashScope API key from Alibaba Cloud Model Studio. The OpenAI-compatible API root depends on your region:

    • International (Singapore): https://dashscope-intl.aliyuncs.com/compatible-mode/v1
    • China (Beijing): https://dashscope.aliyuncs.com/compatible-mode/v1

    API keys are region-specific. Use the key issued in the same region as the base URL. Alibaba Cloud is also rolling out per-workspace endpoints, so confirm the current base URL for your account in the Model Studio console and Alibaba Cloud's OpenAI-compatible reference.

Supported Capabilities

Qwen is configured here as a chat-completions upstream through DashScope's OpenAI-compatible mode.

EndpointSupportedStreamingNotes
/v1/chat/completionsYesYesPrimary path for qwen-plus, qwen-max, qwen-turbo.
/v1/images/generationsNoRejected: image generation requires provider: "openai".
/v1/rerankNoQwen is not in the rerank allowlist (openai, cohere, jina).

See Provider Compatibility for the exact per-endpoint rules.

Configure the Qwen Upstream

Create a provider key, model alias, and caller API key for the Qwen-backed route. The examples use the international DashScope endpoint.

Create a Provider Key

export AISIX_ADMIN_KEY="YOUR_ADMIN_KEY"
export DASHSCOPE_API_KEY="YOUR_PROVIDER_API_KEY"

curl -sS -X POST "http://127.0.0.1:3001/admin/v1/provider_keys" \
-H "Authorization: Bearer ${AISIX_ADMIN_KEY}" \
-H "Content-Type: application/json" \
-d '{
"display_name": "qwen-prod",
"provider": "qwen",
"adapter": "openai",
"secret": "'"${DASHSCOPE_API_KEY}"'",
"api_base": "https://dashscope-intl.aliyuncs.com/compatible-mode/v1"
}'

provider is qwen.

adapter is openai, because DashScope's compatible mode accepts OpenAI chat-completions requests.

secret stores the DashScope API key. It follows the credential-handling behavior in Provider Credentials.

api_base is required, and it already includes the /compatible-mode/v1 path. Use the root that matches your DashScope region.

Copy the returned provider key ID.

Create a Model

export PROVIDER_KEY_ID="YOUR_PROVIDER_KEY_ID"

curl -sS -X POST "http://127.0.0.1:3001/admin/v1/models" \
-H "Authorization: Bearer ${AISIX_ADMIN_KEY}" \
-H "Content-Type: application/json" \
-d '{
"display_name": "qwen-plus-prod",
"provider": "qwen",
"model_name": "qwen-plus",
"provider_key_id": "'"${PROVIDER_KEY_ID}"'"
}'

display_name is the alias callers send in model.

model_name is the Qwen model ID, for example qwen-plus, qwen-max, or qwen-turbo.

provider_key_id attaches the alias to the Qwen provider key.

Create a Caller API Key

Choose the caller API key value that the application will send to AISIX, then hash it for the admin resource:

export AISIX_API_KEY="YOUR_CALLER_API_KEY"

CALLER_KEY_HASH=$(printf '%s' "${AISIX_API_KEY}" | shasum -a 256 | awk '{print $1}')

curl -sS -X POST "http://127.0.0.1:3001/admin/v1/apikeys" \
-H "Authorization: Bearer ${AISIX_ADMIN_KEY}" \
-H "Content-Type: application/json" \
-d '{
"key_hash": "'"${CALLER_KEY_HASH}"'",
"allowed_models": ["qwen-plus-prod"]
}'

allowed_models must match the model alias you created.

Verify the Upstream

Send a chat-completions request through the AISIX proxy:

curl -sS -X POST "http://127.0.0.1:3000/v1/chat/completions" \
-H "Authorization: Bearer ${AISIX_API_KEY}" \
-H "Content-Type: application/json" \
-d '{
"model": "qwen-plus-prod",
"messages": [{"role": "user", "content": "Say hello from Qwen."}]
}'

The gateway returns an OpenAI-compatible response that echoes the caller-facing alias qwen-plus-prod. Confirm the request on the Model Studio usage page. If AISIX returns an upstream authentication error, check the provider key secret and confirm the key and base URL are from the same region.

Behavior and Limits

DashScope issues separate API keys per region. A key from the China (Beijing) console does not work against the international base URL, and vice versa. If you route to both regions, create one provider key per region.

Response extensions beyond the OpenAI envelope are not normalized by default.

Next Steps

API7.ai Logo

The digital world is connected by APIs,
API7.ai exists to make APIs more efficient, reliable, and secure.

Sign up for API7 newsletter

Product

API7 Gateway

SOC2 Type IIISO 27001HIPAAGDPRRed Herring

Copyright © APISEVEN PTE. LTD 2019 – 2026. Apache, Apache APISIX, APISIX, and associated open source project names are trademarks of the Apache Software Foundation