Last month, I paid for GPT-4 API access through a relay provider and got GPT-3.5 instead. The relay was charging premium prices while downgrading models. Token counts were inflated by 30-50%. And there was a hidden system prompt injected into every request.
I got scammed. So I built API DNA — a free tool that detects API fraud in seconds.
The Problem: API Relays Are a Wild West
The AI API market has exploded with relay/proxy providers. Some are legitimate businesses. Others are not:
• Model substitution: Selling GPT-4, serving GPT-3.5-turbo
• Token inflation: Charging for 1000 tokens when only 600 were used
• Hidden prompt injection: Secretly injecting system prompts that consume your token budget
• Identity fraud: Claiming to be an official endpoint while routing through cheap proxies
How API DNA Works
Quick Scan (3 seconds, no API key needed)
Enter any API endpoint and get instant results:
Architecture Detection — Is it official, a legitimate relay, or an unknown proxy? We check IP/ASN records, response headers, server signatures, and error format fingerprints.
Model Listing — We probe /v1/models and variant endpoints to see what models are actually available.
Security Headers — CORS, HSTS, CSP analysis.
Price Audit — Compare the endpoint's pricing against official rates.
Deep Scan (30 seconds, requires API key)
The full DNA test with your own credentials:
Behavioral Fingerprinting — We send carefully crafted prompts that elicit unique behavioral signatures from different model families. GPT-4o responds differently from GPT-3.5, which responds differently from Claude, which responds differently from DeepSeek. These differences are structural, not just stylistic — they persist even when the model is told to impersonate another.
Rare Token Probing — Each tokenizer has unique rare tokens. By probing with multilingual, mathematical, and Unicode-heavy inputs, we can identify the underlying tokenizer family, which reveals the true model.
Token Audit — We compare the token counts reported by the API against our own independent estimation. A discrepancy means someone is inflating your bill.
Speed Analysis — TTFT (Time to First Token), tokens per second, and chunk variance. Each model family has characteristic speed profiles.
Security Audit — We test for hidden system prompt injection, context leakage between requests, tool call tampering, and identity consistency across probes.
Trust Score — All checks are aggregated into a L0-L7 trust level with a detailed breakdown.
Real Findings
In testing, we've found:
• A "GPT-4" relay actually serving GPT-3.5-turbo (detected via behavioral fingerprinting)
• Token inflation of 2-3x on popular relay services
• Hidden system prompts consuming 50-200 tokens per request
• Endpoints claiming official status but routing through 3rd-party proxies
Try It Yourself
API DNA is free to use, no signup required.
• Quick Scan: Enter any API endpoint, get results in 3 seconds
• Deep Scan: Provide your API key for full analysis in 30 seconds
Every scan generates a shareable report with a unique URL and downloadable PNG image.
What's Next
• Provider registry with verified endpoints
• API for programmatic scanning
• Continuous monitoring alerts
• Browser extension for real-time verification
If you've ever used an API relay and wondered "am I getting what I paid for?", give it a try. I'd love to hear what you find.
Top comments (0)