< Back to all hacks

#45 Kimi Coding Provider + User-Agent Spoof

Network
Problem
3 obstacles: wrong endpoint (Kimi Coding != Moonshot), 403 without recognized User-Agent, reasoning_content conflicts.
Solution
Correct endpoint, User-Agent spoof as claude-code/1.0, reasoning: false in model config.
Lesson
API providers may check User-Agent headers and only allow recognized coding agents.

Context

Kimi (by Moonshot AI) offers a free "Kimi for Coding" tier with a dedicated API endpoint. This was the primary AI provider for PocketClaw due to its generous free tier and 262K context window. However, three issues blocked integration:

  • The endpoint is api.kimi.com/coding/v1, NOT api.moonshot.cn/v1 (the general Moonshot API)
  • Kimi Coding checks the User-Agent header and returns 403 for unrecognized clients. Only known coding tools (Claude Code, Roo Code, Cursor, etc.) are allowed
  • Kimi's K2.5 model returns reasoning_content fields in responses, which confuses OpenClaw's OpenAI-compatible response parser

Implementation

Configure the provider in openclaw.json:

{
  "kimi-coding": {
    "baseUrl": "https://api.kimi.com/coding/v1",
    "apiKey": "sk-kimi-xxx",
    "api": "openai-completions",
    "headers": {
      "User-Agent": "claude-code/1.0"
    },
    "models": [{
      "id": "kimi-for-coding",
      "name": "Kimi For Coding (K2.5)",
      "contextWindow": 262144,
      "maxTokens": 8192,
      "reasoning": false
    }]
  }
}

Key configuration points:

# 1. Correct endpoint (NOT moonshot.cn):
# WRONG: https://api.moonshot.cn/v1
# RIGHT: https://api.kimi.com/coding/v1

# 2. User-Agent must be a recognized coding tool:
# "claude-code/1.0" is allowed
# Default User-Agent ("node-fetch" etc.) returns 403

# 3. reasoning: false prevents K2.5 from returning
# reasoning_content fields that break the parser

Verification

# Test API key validity:
curl -s -H "Authorization: Bearer sk-kimi-xxx" \
     -H "User-Agent: claude-code/1.0" \
     https://api.kimi.com/coding/v1/models | head -5
# Expected: JSON list of available models

# Test without correct User-Agent (should fail):
curl -s -H "Authorization: Bearer sk-kimi-xxx" \
     https://api.kimi.com/coding/v1/models
# Expected: 403 Forbidden

# Test from gateway dashboard:
# Navigate to /keys -> click Test next to MOONSHOT_API_KEY
# Expected: green "OK" indicator

Gotchas

  • The Kimi Coding API key format is sk-kimi-*, different from Moonshot's sk-* format
  • reasoning: false is critical. With reasoning enabled, responses include reasoning_content alongside content, and OpenClaw's parser expects only content
  • The 262K context window is the largest free option available, making Kimi ideal for PocketClaw's use case
  • Rate limits on the free tier are generous but not unlimited. Monitor for 429 responses
  • Kimi periodically updates their User-Agent allowlist. If access breaks, check what agents are currently recognized

Result

MetricBeforeAfter
AI providerNone (setup blocked)Kimi K2.5 free tier
Context windowN/A262K tokens
Monthly costN/A$0
Response parsingBroken (reasoning_content)Clean
< #44 IPv6 DNS + autoSelectFamily
#46 WiFi Watchdog >