DEV Community: xiaoqiangapi

A Chinese Language Teacher's API Security Check (3) : Pressure and Compatibility, Can You Withstand It?

xiaoqiangapi — Tue, 05 May 2026 00:51:14 +0000

Hello everyone, I'm @xiaoqiangapi, the Chinese teacher who gives apis a "check-up".

An article on , my SQL injection, XSS and prompt hijacked, API are blocked off. Let's take a different approach today - ** not attack, test 'resilience' **. Would the API crash if a sudden wave of requests came in, or if someone typed several thousand characters? I'm curious about it.

The tools are still the same old two: Postman and Windows' built-in curl. An honest test by a non-security expert, now going on.

Test (7) : High Frequency Requests (Rate limiting)

** Test purpose ** : To see if the API triggers "rate limiting" and returns error code 429 when sending requests frantically.
! Multiple consecutive API requests sent, server responds normally, no 429 status code returned
** Conclusion ** : I didn't detect 429 (Too Many Requests). The frequency of normal developer usage doesn't trigger rate limiting at all. Cloudflare will automatically block malicious traffic, but not restrict normal users. ** The platform did this for me *, so it's not a failure, nor a complete pass, 0.5 points.
⚠️ * half-pass ** -- the platform is protected, but the API layer does not explicitly return 429, which is less visible to frequent malicious requests.

Test (8) : Extra-long input (DoS protection)

** Test purpose ** : Send an extremely long request (several thousand repetitive characters) to the API to see if the service gets "overwhelmed" or crashes.

** Conclusion ** : Sending thousands of repeated characters "A", the API returns 200 OK, the model responds normally, and the service does not crash.
✅ ** through ** - a single extreme input does not cause the service to be unavailable.

Test (9) : Special Characters with Multilingual Support

Test purpose : Mix Korean, Emoji, etc. into the request to see if the API garbled or crashed.

Conclusion : The request contained Korean and emoji (😊🎵), the API returned 200 OK, the model responded normally, no garbled text or crash.
✅ Passed — Multilingual and special character support confirmed.

Summary

Three "Pressure and compatibility" tests, results: two completely pass and one half pass.

/ Test items/Test objectives/results /
|---|---|---|
/ High frequency requests (rate limiting)/Will be flooded / ⚠️ half-pass (platform already protected) /
Extra-long input (DoS) : Will it be overwhelmed? ✅ pass
Special characters and multilingualism: Garbled text: ✅ pass

Overall, the API's resilience is decent, at least it can stand up to normal use by ordinary developers.

Next preview

Final test: *HTTPS/TLS Transport encryption *, and then I'll publish the full score sheet of 10 security tests. A layman's 9.5-point answer sheet, look forward to it.

If you have any additional information about my testing methods or would like me to test something else, please let me know in the comment section. I'm not a security expert and I really need your sharp eyes.

About me and my API*
I'm a nearly 50-year-old former Chinese teacher who taught myself programming from scratch and is publicly building a Chinese large model API relay service. All the tests in this series were done by my own hands and recorded honestly, without any exaggeration or underestimation. *

more or free trial API

** Today 's interactive question ** : Have you ever been tormented by API' rate limiting '? Or have you ever had a ridiculous experience with your API crashing because of special characters? Share your story in the comment section.

"A Chinese Language Teacher's API Security Check (2) : SQL Injection, XSS, Prompt Hijacking - All Prevented

xiaoqiangapi — Sun, 03 May 2026 02:50:53 +0000

Hello everyone, I'm @xiaoqiangapi, the Chinese teacher who gives apis a "check-up".

[An article on] (HTTP: / / https://dev.to/xiaoqiangapi3721/a-chinese-language-teachers-api-security-checkup-1-passing-all-three-certification-checkpoints-3d1e, I tested the most basic authentication mechanisms - no Key, wrong Key, empty requests - and the API blocked them all.

But authentication is just the first gate. Today we're going to test something even tougher: ** Will the API be fooled if someone deliberately inputs malicious code? **

I'm not a security expert. I only use Postman and curl. Test one item at a time, record honestly, no exaggeration.

Test (4) : SQL Injection

Test purpose : To see if the API executes malicious SQL commands when someone tries to "steal the database" through the chat box.

Conclusion : The model recognizes this as a malicious SQL statement, rejects execution and returns a security warning.
✅ Passed — SQL injection attack blocked, database protected.

Test (5) : XSS (Cross-site Scripting) attack

** Test purpose ** : To test whether the API will be executed when someone enters the <script> tag in an attempt to implant a malicious script.

Conclusion: The model recognized the <script> tag, escaped it and returned it as plain text without executing any script.
✅ Passed — No malicious code reflected, XSS attack blocked.

Test (6) : Prompt Injection (Instruction hijacking)

** Purpose of the test ** : To test whether the AI will be "brainwashed" by using malicious instructions to make it betray the original system Settings.

Conclusion: The model did not return "HACKED" and maintained a normal response.

✅ Passed — The model was not hijacked by malicious instructions.

Summary

Three injection attack tests, ** all passed **.

/ Test item/Attack type/result
|---|---|---|
SQL injection, database attack, ✅ interception
XSS Cross-site scripting, front-end attack, ✅ defense
Prompt hijacking: AI instruction attack: ✅ defense

For a personal API service that is being publicly built, ** this second line of security is also held **. Common injection attack tactics are currently unbreakable.

Next preview

In the next group, I will test ** Pressure and compatibility ** : rate limiting policies, extra-long input, special characters, and multi-language support. See if my API gets crashed.

If you have a different opinion on these three tests, or think I missed any common injection methods, ** please let me know in the comment section ** - I'm not a security expert, and community advice is important to me.

About me and my API*
I'm a nearly 50-year-old former Chinese teacher who taught myself programming from scratch and is publicly building a Chinese large model API relay service. All the tests in this series were done by my own hands and recorded honestly, without any exaggeration or underestimation. *

more or free trial API

** Today 's interactive question ** : What's the most outrageous attack you've ever encountered in development? Was it SQL injection, XSS, or someone using prompt words to play tricks? Share your experience in the comment section.

A Chinese Language Teacher's API Security Check (1) : Passing All Three Certification Checkpoints

xiaoqiangapi — Fri, 01 May 2026 01:14:28 +0000

Hello everyone, I'm @xiaoqiangapi, the Chinese teacher who gives apis a "check-up".

An article on [] (HTTP: / / https://dev.to/xiaoqiangapi3721/a-chinese-language-teacher-gave-his-api-a-physical-examination-i-ran-10-securit In y-tests-using-1hpp, I list 10 safety test plans. Today we officially start testing Group 1: ** Authentication *. I'll first address the most fundamental concern of developers - "Can my API be invoked without a Key or with the wrong Key?" *

These are the two things I use: Postman and the curl that comes with Windows. Don't play with virtual.

Test (0) : Normal Request (baseline)

** Result ** : With the correct API Key and valid parameters, 200 OK is returned and the model responds normally.
✅ Basic functionality of the API is normal.

Test (1) : No API Key provided

** Test purpose ** : To see if the API will allow when no API Key is passed.

** Result ** : returns' 401 Unauthorized '.
✅ ** guard against "getting something for nothing" by ** -- not providing the Key, no data at all.

Test (2) : Provide the wrong API Key

** Test purpose ** : Can you get through by deliberately filling in a fabricated Key?

** Result ** : Still '401 Unauthorized', the wrong Key is ruthlessly rejected.
✅ ** by ** -- want to get it for free by guessing keys? No door at all.

Test (3) : The 'messages' array in the request body is empty

Test purpose : Send a correctly formatted but empty request to see if the API wastes resources to process it.

Result : returns 400 Bad Request with an explicit prompt "Please provide a non-empty array of messages".
✅ Passed — API rejects invalid requests, saving computing power and preventing someone from using empty data to cause damage.

Summary of three tests

Three certification tests, ** pass all **.

Test items/Purposes/results /
|---|---|---|
No API Key protected against unauthorized calls: ✅ 401 interception
Incorrect API Key: Prevent guessing Key: ✅ 401 interception
Empty messages prevent invalid requests from wasting resources: ✅ 400 interception

For indie developers or small teams, ** authentication is the first line of defense **. You don't have to worry about being taken advantage of.

Next preview

For the next group, I will test ** injection attacks ** : SQL injection, XSS cross-site scripting, and prompt hijacking. These are the most common tricks of malicious attacks. See what this clumsy method of mine can detect.

If you have other types of attacks you want to test for, or think my testing method can be improved, ** please let me know in the comment section ** - I really need advice from the community because I'm not a security expert.

** About me and my API
** I'm a nearly 50-year-old former Chinese teacher who taught myself programming from scratch and is publicly building a Chinese large model API relay service. All the tests in this series were done by my own hands and recorded honestly, without any exaggeration or underestimation.

Learn More or Try the API for Free

** Today's interactive question ** : What is your most troublesome authentication issue when invoking the API? Is it the hassle of Key management or the fear of leaks? Let's chat in the comment section.

A Chinese language teacher gave her API a 'physical examination': I ran 10 security tests using Postman and passed 9.5 of them

xiaoqiangapi — Wed, 29 Apr 2026 02:41:10 +0000

Hello everyone, I'm @xiaoqiangapi, a Chinese teacher who has been teaching Chinese for over a decade.
Yes, that's the one who, because of one sentence from a student, forced himself to build an API gateway from scratch.
In the previous article, I tested the overseas latency speeds of DeepSeek, Zhipu, and MiniMax.

xiaoqiangapi

Apr 27

How I Tested DeepSeek, Zhipu, and MiniMax API Latency from Overseas: Full Data & Method

#api #deepseek #beginners #buildinpublic

Comments 1

6 min read

But you will surely have questions:
"Is your API secure?"
"Will the Key leak?"
"Will the data be intercepted by a man-in-the-middle?"
I wasn't in a hurry to answer.
Because I'm not a security expert. I'm just a beginner who has just learned to use Postman, a former Chinese teacher who only started learning API transit at nearly 0 years old.
But I decided to use the stupidest method: test one item at a time and write down the results honestly.

I used only two tools:

Windows' built-in curl
No fancy scanner, no professional security platform. I believe plain tests are more persuasive than pretty ads.

What am I going to test?

A total of 10 tests, divided into four groups:

For every test, I will:
Take screenshots to keep evidence
Give a clear conclusion
Don't be careless

Why would a Chinese teacher bother with security tests?

To be honest, I myself am the user who is most concerned about security.
If I were a developer, I would care about three things:
1.If I lose my API Key, can someone else use it?
2.Will my conversation be peeked at during transmission?
3.Will the API crash if someone deliberately inputs malicious code?
These concerns are perfectly reasonable. So, I decided to verify it myself, no exaggeration.
My goal is: Even if you are an independent developer who puts your entire business on the API, you can use my service with peace of mind.

Preview of Transcript

When all ten tests are completed, I will publish the full transcript. Preliminary statistics for now:
✅ completely passed: 9 items
⚠️ Half pass: 1 (Rate limiting - the platform already has Cloudflare protection, but the API layer does not explicitly return 429 status code)
❌ failed: 0
Overall self-assessment: 9.5/10.
Of course, this is just my self-assessment. I will make all the testing process and screenshots public and welcome every developer to supervise and criticize.

Next preview

Next, I'll post the first set of tests: keyless calls, wrong keys, empty messages requests - to see if the API can defend against the most basic "freehand" attacks.
If you have suggestions for my testing methods or would like me to test anything else, please let me know in the comment section.

About Me and my API

I'm a nearly 50-year-old former Chinese teacher who taught himself programming from scratch and is publicly building a Chinese large model API transit service. All the tests in this series are done by my own hands, recorded honestly, without exaggeration or underestimation.
Try my API
After reading this preheating, do you think my "non-professional security test" is reliable? Which security issue of the API do you usually worry about the most? Feel free to let me know in the comment section and I'll adjust the subsequent test items based on the feedback.

How I Tested DeepSeek, Zhipu, and MiniMax API Latency from Overseas: Full Data & Method

xiaoqiangapi — Mon, 27 Apr 2026 04:14:11 +0000

DeepSeek: 1.45s avg TTFT. Zhipu: 1.98s. MiniMax: 2.30s. Here's how I tested them as a non-coder, and what I learned.

🎯 ** are you confused too? **
1.Is it fast to call the new API relay? Are there any objective and comparable data?
2.Those professional testing tools are complex to configure and require writing scripts. I simply don't have time to tinker with them.
3.Is there a simple, reproducible way for me to verify the authenticity myself without deep learning?

** What this article provides: **
✅ a simple and easy-to-operate TTFT test method (not the standard answer)
✅ Specific test tools and operation steps
✅ Cost accounting - less than 0.005 cents for three calls

❌ This is not an "authoritative performance testing guide," I am a developer who is transitioning from a Chinese teacher. ** Inviting tech experts to share more professional testing methods! **

1. Why Should I test it Myself? Who am I? And the real experience of choosing tools

I'm @xiaoqiangapi, an entrepreneur who has taught Chinese for over a decade and now works as a Chinese LLM API intermediary for global developers.

My API is connected to DeepSeek, Zhipu GLM, and MiniMax. Users often ask: "How fast is your transit when I use it overseas? What are the actual data?"

To be honest, I can't just say "very fast." So I decided to ** test it myself ** to answer the question in the most intuitive way.

But at the beginning, I also encountered some difficulties.
*When I first searched for "API testing tools", Postman, Insomnia, Apidog popped up... I clicked on the Postman page and saw a screen full of tabs, environment variables, collections, scripts - to be honest, as a newly transitioned teacher, my first reaction was, "I probably can't handle this." I don't want to get stuck on the configuration of one tool for days. So I looked up articles and comparisons again, and finally chose Apidog -- because it offers a graphical interface and a free plan. There's no need to learn the script from scratch. After opening it, you can debug with just a few taps, which is friendly to beginners like me.
* Not knowing what metrics would be considered "fair" ** : At the beginning, I only focused on the total time (that is, the full time shown on the Timeline). Later, I realized that for streaming output LLMS, ** First Word response time (TTFT) ** is the metric that most affects the user experience, and the time users wait for the first word determines their psychological perception of "fast or not" . You generate fast overall but wait three seconds for the first word, and users already have a preconceived notion of "slow".

Based on these experiences, I've figured out a very simple method.

2 Test Environments and Methods (Reproducible, comparable)

-- I chose regular broadband in Seoul, South Korea, to simulate the scenario when most overseas developers access.

** Parameter configuration: **

* * * * API address: https://api.xiaoqiangonline.shop/v1/chat/completions relay gateways (I)
** Test tools ** : Apidog + mobile stopwatch
Test model ** :
- DeepSeek (deepseek-chat)
- Zhipu GLM (' GLM-4-flash-250414 ')
- MiniMax (' minimax-M2.7 ')
** Test Method ** : stream output (' stream: true '), and take the ** initial response time (TTFT) ** three consecutive times
** test question ** : Korean everyday conversation '"안녕하세요? Youdaoplaceholder0. Youdaoplaceholder1? '(Hello, it's a nice day. Could you say hello briefly?)

📌 ** Special notes on Apidog ** : According to official Apidog 2026 data, it has become the trusted full lifecycle development platform for over 500,000 teams worldwide, integrating design, debugging, testing, mocks, and documentation . But the total time it shows (overall response time) is not "first word delay", so I measured it with a mobile phone stopwatch.

3 Measured Data: TTFT Values I Measured (Honest and Open)

Here are the results of taking the average of the TTFT three times for each model:

/ Model/Time 1 / Time 2 / Time 3 / ** Average First Letter Response (TTFT)**
|------|-------|-------|-------|-----------------|
DeepSeek | * * * * | s | s | s | 1.55 1.38 1.42 1.45 seconds * * * * ⚡ |
** Zhipu GLM** 1.95s / 2.02s / 1.97s / ** 1.98s / **
S | | | MiniMax * * * * 2.28 2.35 s 2.27 s | | | * * * * 2.30 seconds

The data is honest. I don't glorify or fabricate: DeepSeek takes the lead in first-word response time, Zhipu is stable, and MiniMax is slightly slower but still in the smooth range.

4 Specific Operation Steps (You can reproduce and verify immediately)

(1.) Create a new POST request in Apidog
URL: https://api.xiaoqiangonline.shop/v1/chat/completions
Method: POST
(2.) Add Headers
text
Authorization: Bearer your API KeyContent-Type: application/json
(3.) Fill in the request Body (JSON, must include "stream": true)
json
{ "model": "deepseek-chat", "messages": [ { "role": "user", "content": "안 녕 하 세 요? 오 늘 날 씨 가 좋 네 요. 간 단 한 인 사 한 마 디 해 줄 수 있 어 요?"}], "stream" : true}
(4.) send requests and time
Click the Send button with your mouse and start your phone's stopwatch immediately.
Observe the Apidog response area: Stop the stopwatch immediately when the first text snippet appears on the screen.
Record the time (that's the TTFT - First Word delay).
Repeat each model three times and take the average.

(5.) Notes
Youdaoplaceholder0 Do not look at the "total time" that Apidog automatically displays -- that is the full response time, not the first word delay.
Youdaoplaceholder0 If the API does not return a stream (i.e., a full JSON at once), TTFT cannot be measured; only total time consumption can be measured.

Here are three test screenshots of the Chinese model

deepseek test data

📌 Note: Apidog in the screenshot shows "total time" (3.58 seconds), not the first word delay. The first word delay was measured with a phone stopwatch. Here only one screenshot of the test is shown as an example.

Zhipu GLM actual test data

📌 Note: The "total time" (4.61 seconds) shown in Apidog is the end-to-end latency, not the first word delay. The first word delay was measured with a phone stopwatch. Only one test screenshot is shown as an example.

Minimax test data

📌 Note: The "total time" (5.29 seconds) shown in Apidog is the end-to-end latency, not the first word delay. The first word delay was measured with a phone stopwatch. Only one test screenshot is shown as an example.

5. Do a cost account by the way: Is it really "fast and economical"?

!(https://dev-to-uploads.s3.amazonaws.com/uploads/articles/nnmb119ulyj3xjgckb7h.png)
Here are the tokens and amounts I actually consumed:
Total consumption for 3 tests: 528 tokens
Current experience package pricing: $5/500,000 Token
Equivalent cost ≈ 0.005 US dollars (half a cent)
If the API is called 1,000 times a day, the total cost of the Token each month would be about $5.
The conclusion is that the intermediary channels for AI in China are not only fast but also very cost-effective for start-up individuals and teams.

// Detect dark theme var iframe = document.getElementById('tweet-2048305918388117781-159'); if (document.body.className.includes('dark-theme')) { iframe.src = "https://platform.twitter.com/embed/Tweet.html?id=2048305918388117781&theme=dark" }
(More test data I will keep updating on my X account)

6.Does the model itself have "personality" differences?

During the test, I noticed that in addition to the differences in speed, there are also generational differences in style among the large models:
Different models have different focuses in terms of speed and style:
DeepSeek (1.45 seconds) : The response is straightforward and concise, suitable for real-time customer service, chatbots, and other scenarios that are sensitive to the first character delay.
Zhipu GLM (1.98 seconds) : Logical and well-structured, suitable for generating long content and organizing reports.
MiniMax (2.30 seconds) : Smooth and natural, with rich details, suitable for open scenarios such as casual chatting and creative writing.

7.speed and style are just appearances. What really matters to developers are the following three quantifiable conclusions

✅ tests take less than an hour altogether - much faster than you might think
✅ Apidog with a graphical interface and a mobile stopwatch can be reproduced even with zero coding experience
✅ How is the latency of the Chinese LLM API overseas? → Based on my actual test of the transit gateway, DeepSeek has a first-word delay of about 1.45 seconds, Zhipu 1.98 seconds, and MiniMax about 2.30 seconds, all of which can meet the basic efficiency requirements of the production scenario. If the first-word response requirements are extremely high, DeepSeek has the most comprehensive advantage at present.
The data belongs to others, but the experience is yours. If you encounter any problems in the reproduction, feel free to leave a comment and I'll do my best to answer them.

At the end of the writing, my feelings
I'm a Chinese teacher, not an expert in operations or data backends. My testing method is very "stupid". I choose tools by "check, look, ask, touch", and there are no built-in bonus shortcuts. But I'm willing to lay all the details out in the light.
If you think such genuine sharing is valuable, give it a thumbs up and share it with more independent developers in need.
Next topic preview: "Is the LLM you're calling really secure? How to detect it ". Friends who are interested are welcome to take the test together!
"I tested from a single location with basic tools. If you've run similar tests in production, what latency are you seeing? Let me know in the comments."

I compared 4 Chinese LLMs – DeepSeek can be as low as 1/50 the price of OpenAI (and here’s a gateway to use them overseas)

xiaoqiangapi — Thu, 23 Apr 2026 03:08:33 +0000

I’m a former Chinese teacher who accidentally became an API provider. Here’s the price, speed, and how to actually use them from outside China--DeepSeek, MiniMax, Zhipu and Qwen

Recently, many overseas developers have asked me: "Are China's big models really cheap? Which ones exactly? How does it compare to OpenAI?"

To be honest, I also started from scratch and worked my way through step by step to help students find cheap apis. It was this experience that led me to start seriously studying large models in China.

Today, in the most accessible way, I would like to introduce to our fellow developers around the world: ** How far have China's large models developed as of today in April 2026? Which models are worth paying attention to? How about the price? **

This article is not an advertisement; it's my research report as a "non-tech entrepreneur". If you find it useful, please give it a thumbs up, share it and follow.

1 Industry Big Event: China's large model weekly call volume surpasses US for the first time

Data released by OpenRouter, the world 's largest AI model invocation statistics platform, in collaboration with Stanford HAI Institute in March 2026 showed:

** China's weekly call volume of large models reached 4.69 trillion tokens **, up 320% year-on-year
** Surpassing the US for two consecutive weeks ** (4.21 trillion tokens)
In the TOP10 global callings, ** Chinese models occupy 6 seats **

What does that mean? It's not a mere "quantitative" lead, but a comprehensive catch-up in terms of technological maturity, ecological completeness, and industrial implementation capabilities.

For overseas developers, this means: ** You have more low-cost, high-performance options **.

2. Detailed Explanation of the Four Major Domestic Flagship Models

Here are the four most notable large Chinese models at present.

(1) DeepSeek - the king of ultimate cost performance

** Core feature ** : extremely low inference cost, claimed to be "1/20 to 1/50 of OpenAI"
** Context length ** : Supports *1 million tokens * (can handle the Three-Body trilogy all at once)
** Inference speed ** : approximately 1200 tokens /s (CPU), 8500 tokens /s (GPU)
** Advantages ** : Open source, free commercial use, excellent Chinese language skills, extremely low API price
** Suitable scenarios ** : Individual developers with limited budgets, start-up teams, large amounts of text processing

(2) MiniMax M2.5 - the world's most invoked

** Core feature ** : Excellent value for money, inference cost only 1/8 of GPT-4 Turbo
** Context length ** : 800,000 tokens (measured to stably handle 750,000 tokens)
** Inference speed ** : 1200 tokens /s (CPU), 8500 tokens /s (GPU)
** Advantage ** : The world's leading Chinese processing power, high dialect recognition accuracy
** Suitable scenarios ** : corporate customer service, code development, document processing, intelligent translation

(3) Zhipu GLM-5-Turbo -- Agent scenario leading in China

** Core feature ** : Neural symbol fusion architecture, 18% higher accuracy in complex reasoning
** Context length ** : 200K Token
Inference speed: 900 Token/s (CPU), 7200 Token/s (GPU)
** Advantage ** : The Agent has outstanding autonomous planning capabilities and can complete multi-step and cross-tool tasks
** Suitable scenarios ** : Office automation, intelligent assistants, developer tools

(4) Alibaba Tongyi qianwen Qwen 3.5-Max - strong multimodal and coding capabilities

** Core features ** : Top 5 math skills globally, code generation accuracy over 94%
** Context length ** : 640,000 tokens
Inference speed: 1000 Token/s (CPU), 7800 Token/s (GPU)
** Advantage ** : Supports native fusion of text, image and audio, built into Alibaba Cloud
** Suitable scenarios ** : Financial risk control, academic research, industrial design, multimodal content creation

III Price Comparison: Chinese Model vs. OpenAI (Reference April 2026)

Model: Input Price (/1M tokens) Output Price (/1M tokens) : approximately OpenAI's
| :--- | :--- | :--- | :--- |
DeepSeek | * * * * | | ~ $0.014 to $0.028 | | 1/20 ~ 1/50
MiniMax M2.5 Unpublished ~$1.2 1/25
** Smart Spectrum GLM-5** Please check official/Please check official/about 1/10
** Tongyi Thousand Questions ** * Please check official/Please check official/approximately 1/8 to 1/10
OpenAI GPT-4 Turbo $10.00 $30.00 benchmark

Note: The above is the market reference price. The actual price is subject to the official documentation.

** Conclusion ** : The API cost of Chinese models is generally 1/10 to 1/50 of that of OpenAI. This is a very realistic option for individual developers and start-up teams with limited budgets.

4 Strengths and Weaknesses of the Chinese Model (Objective Evaluation)

** Strengths: **

✅ very low price, suitable for cost-sensitive projects
✅ highly proficient in Chinese (a significant advantage if you need to handle Chinese translations or Chinese content)
✅ Some models support edge-side deployment (run locally on mobile or PC)
✅ context length is large (800,000 to 1,000,000 tokens), suitable for handling long documents

** Shortcomings: **

❌ English/other languages are not as good as Chinese overall (but normal API calls are sufficient)
❌ overseas localization knowledge (such as the latest buzzwords, local news) may not be updated in a timely manner
❌ Some model documentation is only available in Chinese

** My opinion ** : If you are using it for technical tasks such as *API calls, translation, content generation, code assistance *, the cost-performance advantage of Chinese models is very obvious. If you are going to do an application that is deeply localized overseas, it is recommended to test it first.

How to try these models :
Official API (fast but may need network setup)
My gateway – one key, PayPal, stable for overseas (link)
Open-source deployment (free but technical)

5, Next Step preview

Which Chinese LLM are you most interested in? I’ll run a speed test next – comment below.

References

DeepSeek official pricing page: https://platform.deepseek.com/api-docs/pricing
the MiniMax official pricing page: https://www.minimaxi.com/document/pricing
Zhipu Open Platform: https://open.bigmodel.cn Ali YunBaiLian: https://bailian.console.aliyun.com
OpenRouter Global Large Model Monthly Report (March 2026)

I was a Chinese teacher. Now my API handles 500K tokens. A student changed my life.

xiaoqiangapi — Tue, 21 Apr 2026 03:19:27 +0000

“Teacher, can you build a stable API environment yourself? We trust you.”

I had never written a line of code. I was just a Chinese teacher. But my student's AI project was stuck.

I have been a Chinese language teacher for over ten years, teaching Chinese to international students. My income is not high, but my job is stable and I enjoy it.

You might be curious: How did a liberal arts teacher without a technical background start providing AI API services? The story begins with a request from a Korean student.

1. The Origin: A Student's Request for Help

At the beginning of this year, a former student from South Korea approached me and said, "Teacher, our school's artificial intelligence project wants to use OpenAI's API, but it's too expensive. We want to try Chinese LLMs, like DeepSeek. Do you know where we can find a reliable supplier?"
At that time, I knew nothing about API gateways or large model invocation, but seeing the student's expectant eyes, I agreed.
I started searching everywhere on Taobao, Xianyu, and domestic AI communities. The results were:

Unstable connections, frequent timeouts and disconnections
High response latency, seriously affecting the development progress
Unclear charging, with additional fees popping up all the time The student finally said, "Teacher, why don't you set up a stable API environment yourself? We trust you." As a liberal arts teacher, I took on the challenge despite my reservations.

2. Process: Learning from Scratch

It took me a few weeks to learn by translating English documents and studying:

How to set up a gateway using Cloudflare Workers
How to register official API accounts for DeepSeek, MiniMax, and Zhishu AI

The document was all in English. I looked up every single word. After staying up for more than ten nights, I finally set up the basic framework and got the test running smoothly. The student project was successfully completed and I could finally breathe a sigh of relief.

3. Transformation: From "Helping" to "Serving"

A few weeks later, that student came to me again: "Teacher, my classmates and seniors also want to use your API. Can you provide it officially and set a stable price?"
From then on, I gradually started to operate the service. I handled everything myself, from the domain name to the technical documentation and the website's UI/UX (with some help from students). It was busy, but very fulfilling.

4. My Principles

Having been a teacher for many years, I understand one thing: what users pay for is not the complexity of the technology, but the certainty of problem-solving.
That’s why my service focuses on three things: stable gateway, PayPal payment, and real human support. No hidden fees, no marketing gimmicks.

5. Current Status and Invitation

Currently,the first paying user was a classmate of that student. We have been making improvements based on feedback.
In the future, we will continue to transparently document the entire entrepreneurial process and grow together with the developer community.

What’s the hardest part of your first API project? Drop a comment – I read every single one.
Thank you!