iFlytek (讯飞) Spark API keys

[random-robbie]

Please review the Community Note before submitting

Description

Add detector for iFlytek (讯飞) Spark API keys. iFlytek is a leading Chinese AI company providing the Spark (星火) cognitive large model through their MaaS platform.

Preferred Solution

Key Format:

• Starts with sk- prefix
• Followed by alphanumeric characters and potentially special characters
• Length appears to be 50-60 characters
• Example pattern: sk-[A-Za-z0-9]{50,60}

Suggested Regex:

\bsk-[A-Za-z0-9]{48,64}\b

Context-aware detection:
To avoid conflicts with OpenAI/other sk- prefixed keys, look for:

• Variable names containing: XUNFEI, IFLYTEK, SPARK, XINGHUO
• Proximity to API endpoints: xf-yun.com, iflytek.com
• API URLs containing: maas-api.cn-huabei-1.xf-yun.com, spark-api.xf-yun.com

Verification Endpoint:

POST https://maas-api.cn-huabei-1.xf-yun.com/v1/chat/completions
Headers:
  Authorization: Bearer <API_KEY>
  Content-Type: application/json
Body:
{
  "model": "general",
  "messages": [
    {
      "role": "user",
      "content": "test"
    }
  ]
}

Valid key returns 200 OK with response, invalid key returns 401 Unauthorized.

How to Obtain a Test Key:

1. Register at iFlytek Open Platform: https://www.xfyun.cn/
2. Access Spark console: https://console.xfyun.cn/services/bm3
3. Navigate to API services management
4. Create API key in the key management section
5. Free tier available with limited tokens

Additional Context

iFlytek (科大讯飞) is one of China's largest AI companies, particularly known for speech recognition and natural language processing. Their Spark cognitive model (讯飞星火) competes with other Chinese LLMs like ERNIE and Qwen.

The MaaS (Model as a Service) platform provides OpenAI-compatible API endpoints, making it easy to integrate but also important to detect for security scanning.

Detection Priority:
While the key format is similar to OpenAI's sk- prefix, the character composition and length differ. Combined with context-aware detection (API URLs, variable names), this should provide reliable detection without excessive false positives.

References

• Official Website: https://www.xfyun.cn/
• Spark MaaS Platform: https://www.xfyun.cn/doc/spark/Web.html
• API Documentation: https://www.xfyun.cn/doc/spark/HTTP%E8%B0%83%E7%94%A8%E6%96%87%E6%A1%A3.html
• Authentication Guide: https://www.xfyun.cn/doc/spark/%E6%8E%A5%E5%8F%A3%E8%AF%B4%E6%98%8E.html
• Console: https://console.xfyun.cn/services/bm3