Unofficial Grok API

🤬😡 The following project is an unofficial xAI-Grok API. DestroyerDarkNess and I, Pentesting-28, were hired to reverse engineer https://grok.com and develop this project for 200 USDT. Unfortunately, the employer disappeared without paying even half of the agreed amount, so this project is incomplete (we didn't finish it).

⚠️👇🏻
What's missing???
- Cookies generators
- x-statsig-id generator
- Endpoint: https://grok.com/rest/app-chat/conversations/{conversationId}/responses
- Endpoint: https://grok.com/rest/app-chat/conversations/{conversationId}/load-responses
- Cloudflare Bypass (Optional)

🤩 If you found it useful, please leave a star to the repository. 💫

Unofficial client for the Grok API with CLI interface built on modular architecture and enterprise-level design patterns.

See Quick Start Guide (5 minutes) | Full Documentation

How to run

compressO-2025-10-16.22-47-30.mp4

Architecture

This project follows a layered architecture with clear separation of concerns:

src/
├── config/           # Configuration and constants
│   ├── constants.js  # URLs, endpoints and defaults
│   └── headers.js    # Factory for HTTP headers
├── models/           # Domain models
│   ├── Model.js      # Model entity
│   └── Conversation.js # Conversation entity
├── repositories/     # Repository Pattern (data access)
│   ├── ModelRepository.js
│   └── ConversationRepository.js
├── services/         # Service Layer (business logic)
│   └── GrokService.js
├── utils/            # Reusable utilities
│   ├── StreamReader.js # Event stream reader
│   └── Logger.js     # Centralized logger
├── errors/           # Custom error classes
│   └── ConfigurationError.js
└── cli/              # CLI Interface (Facade Pattern)
    ├── CLI.js        # Main entry point
    ├── MenuController.js # Menu controller
    └── PromptHandler.js  # Prompt handling

Implemented Design Patterns

1. Repository Pattern

Encapsulates data access logic (API calls) in ModelRepository and ConversationRepository.

2. Service Layer Pattern

GrokService coordinates multiple repositories and contains business logic.

3. Facade Pattern

The CLI class provides a simplified interface for the end user.

4. Factory Pattern

HeadersFactory creates different header configurations based on context.

5. Dependency Injection

All classes receive their dependencies via constructor, facilitating testing and maintainability.

6. Single Responsibility Principle

Each class has a single reason to change.

Quick Start

Prerequisites

• Node.js >= 18.0.0
• Web browser (Chrome, Firefox, Edge, etc.)

Installation

# Clone or download the project
cd Unofficial-Grok-API

# Run the application
node index.js

# Or using npm
npm start

Required Configuration

IMPORTANT: Obtaining Grok Credentials

The functioning of this API, especially the newChat endpoint, depends entirely on the cookies and headers you must extract from the Grok website.

Steps to Obtain Credentials:

1. Access the Grok Website

• Open your browser and visit https://grok.com
• You can obtain credentials even without logging in (anonymous mode)

2. Open Developer Tools

• Chrome/Edge: Press F12 or Ctrl+Shift+I (Windows/Linux) / Cmd+Option+I (Mac)
• Firefox: Press F12 or Ctrl+Shift+I (Windows/Linux) / Cmd+Option+I (Mac)

3. Go to the Network Tab

• Click on the "Network" tab
• Make sure it's recording (the record button should be red)
• If you don't see any activity, reload the page (F5 or Ctrl+R)

4. Find an API Request

• In the filter, search for requests containing "grok.com" or "/rest/"
• Click on any request to the Grok API
• Go to the "Headers" tab

5. Copy Required Headers

Find and copy these values from the "Request Headers" section:

a) Cookie

Look for the cookie: header and copy its complete value. It should contain:

• x-anonuserid= (Anonymous user ID)
• x-challenge= (Security challenge)
• x-signature= (Authentication signature)

Example:

x-anonuserid=af75eb1e-32d6-4652-8c27-76b8665124f1; x-challenge=g0kpQxSRI8fKa82%2FqRqwCLrzxJ6lWm6%2F973xbDXHXjU%2BgWx9lPN3zGfyjtkRVJv7l35qHVOJ21wPWGdOG%2BLjP758NHwOBdoU2yC%2BLoTxeUT646UaG8fSRo2xYLyCrKvYqO0DKwubeypt4LlG2JVE37uYGUGEaNeglBAt8Unrn0XDZ6Xfvt0%3D; x-signature=KZfrh7R6LjeqmOkb0dchB8sy4ddXgdeV7VId3ELP%2FCoTra40u6px58HFL56glStgN0NBSUCXljjBd4WhbJYQjg%3D%3D

b) x-statsig-id

Look for the x-statsig-id: header and copy its complete value.

Example:

SSn1YC6nCn3AKbQ1W9LIHfwMwac5ZcRPaB0qD9oA3BYEQ1VErvlaWfqg/j8KM7Q2rZV9600/Y/BZVtQuFYUPku0hRT5aSg

6. Configure in the Project

Create a config.json file from the example:

cp config.json.example config.json

Then edit config.json with your values:

{
  "cookie": "x-anonuserid=YOUR_VALUE; x-challenge=YOUR_VALUE; x-signature=YOUR_VALUE",
  "statsigId": "YOUR_STATSIG_ID"
}

Credential Renewal

Important Note: These credentials may expire after some time. If you start receiving authentication errors:

1. Repeat the above steps
2. Obtain new credentials
3. Update config.json

Verify Configuration

After configuring credentials, test the application:

node index.js

Select option 1) List models to verify the connection works correctly.

Dependencies

• Node.js >= 18.0.0
• No external dependencies required (uses native Node.js APIs)

Troubleshooting

Error: "HTTP 401" or "HTTP 403"

• Cause: Invalid or expired credentials
• Solution: Re-obtain cookies and headers from grok.com

Error: "fetch is not defined"

• Cause: Old Node.js version
• Solution: Update to Node.js >= 18.0.0

Models don't display

• Cause: Incorrect cookie or x-statsig-id
• Solution: Verify you copied the complete values without extra spaces

Chat doesn't respond

• Cause: The newChat endpoint requires valid credentials
• Solution: Make sure all three parts of the cookie are present:
  • x-anonuserid
  • x-challenge
  • x-signature

SOLID Principles

• Single Responsibility: Each module has a single responsibility
• Open/Closed: Extensible without modifying existing code
• Liskov Substitution: Implementations can be interchanged
• Interface Segregation: Specific interfaces per client
• Dependency Inversion: Depends on abstractions, not concretions

Architecture Benefits

1. Testable: Easy unit test creation with mocks
2. Maintainable: Organized and easy-to-understand code
3. Scalable: Simple to add new features
4. Reusable: Independent and decoupled components
5. Professional: Follows industry standards

Additional Documentation

• ARCHITECTURE.md - Detailed architecture diagrams and data flows
• EXTENDING.md - Complete guide for adding new features
• SECURITY.md - Best practices for secure credential handling

Contributing

If you wish to contribute to the project:

1. Fork the repository
2. Create a branch for your feature (git checkout -b feature/AmazingFeature)
3. Follow the established design patterns
4. Ensure credentials are not in the code
5. Commit your changes (git commit -m 'Add some AmazingFeature')
6. Push to the branch (git push origin feature/AmazingFeature)
7. Open a Pull Request

License

Distributed under the license specified in LICENSE.

⚠️ Disclaimer

This is an unofficial client for the Grok API. It is not affiliated, associated, authorized, endorsed by, or in any way officially connected with Grok or xAI. Use at your own risk.