Hermes Agent can use Grok via an present SuperGrok subscription, or via an X Top class+ subscription related to the X account you check in with. That suggests you don’t want to create an XAI_API_KEY simply to take a look at xAI fashions within Hermes.
You log in as soon as via a browser-based OAuth waft, Hermes saves the tokens in the neighborhood, and long run periods refresh routinely within the background.
That’s the easy model. The nicer section is that the similar login additionally covers Hermes’ direct xAI media gear, together with text-to-speech, picture technology, video technology, and transcription. The similar xAI credentials too can permit X seek if you need that software to be had.
Should you already pay for SuperGrok or X Top class+, this can be a cleaner technique to attach Hermes to Grok with out juggling API keys. If you’re nonetheless understanding the place Hermes suits, this OpenClaw vs Hermes Agent comparability is an invaluable significant other.
Contents
- 1 What Hermes Is If truth be told The usage of
- 2 What You Want First
- 3 Signal In In the course of the Type Picker
- 4 Signal In Manually
- 5 Set Grok as Your Default Type
- 6 The usage of It on a Faraway Server
- 7 Test Whether or not the Login Labored
- 8 Use the Identical Login for xAI Gear
- 9 To be had Grok Fashions
- 10 Repair Not unusual OAuth Issues
- 11 Log Out When Wanted
- 12 Ultimate Concept
What Hermes Is If truth be told The usage of
The service is known as xAI Grok OAuth (SuperGrok / X Top class+) within Hermes. Its service ID is:
xai-oauthBelow the hood, Hermes connects to xAI’s Responses-style API endpoint at:
https://api.x.ai/v1Hermes reuses its codex_responses delivery for this service, so options corresponding to reasoning, software calling, streaming, and instructed caching paintings without having a separate Grok-specific adapter.
The default style is recently:
grok-4.3Hermes pins that style close to the highest of the picker after you log in.
What You Want First
Prior to atmosphere this up, you want:
- Python 3.9 or more recent
- Hermes Agent put in
- An lively SuperGrok subscription, or an X Top class+ subscription at the X account you employ for login
- A browser at the similar gadget, or SSH port forwarding in case you are atmosphere it up on a distant server
The essential element: this service does now not use XAI_API_KEY. If you wish to use your Grok subscription as a substitute of API billing, use the OAuth service.
There’s one caveat price figuring out early. Hermes’ medical doctors observe that xAI would possibly limit OAuth API get entry to through tier. If the browser login works however inference returns HTTP 403, you might wish to transfer to the API-key service as a substitute.
Signal In In the course of the Type Picker
The perfect setup trail is thru Hermes’ style picker:
hermes styleChoose xAI Grok OAuth (SuperGrok / X Top class+) from the service checklist. Hermes opens accounts.x.ai on your browser, the place you check in and approve get entry to. This can be a commonplace OAuth-style login waft: you approve get entry to within the browser as a substitute of copying an extended secret key into your terminal.
After that, pick out a Grok style. For the general public, grok-4.3 is the most obvious place to begin.
Then get started Hermes usually:
hermesHermes shops the login credentials in:
~/.hermes/auth.jsonAs soon as the tokens are stored, Hermes refreshes them routinely ahead of they expire. You will have to now not have to copy the browser login for each consultation.
Signal In Manually
If you recognize you need the xAI OAuth service, you’ll skip the style picker and get started the auth waft without delay:
hermes auth upload xai-oauthThis launches the similar browser login waft. After approval, Hermes saves the OAuth tokens and the service is able to use.
Set Grok as Your Default Type
You’ll be able to transfer suppliers in the course of the interactive style picker:
hermes styleOr set the service and style without delay:
hermes config set style.default grok-4.3
hermes config set style.service xai-oauthYour ~/.hermes/config.yaml will have to then comprise one thing like this:
style:
default: grok-4.3
service: xai-oauth
base_url: https://api.x.ai/v1Hermes additionally accepts a couple of service aliases when you favor one thing extra descriptive:
hermes --provider xai-oauth
hermes --provider grok-oauth
hermes --provider x-ai-oauth
hermes --provider xai-grok-oauthI’d nonetheless use xai-oauth in scripts and documentation. It’s shorter and canonical.
The usage of It on a Faraway Server
OAuth is fairly extra tense when Hermes is working on a server, container, or SSH consultation.
Hermes can print the authorization URL as a substitute of opening a browser:
hermes auth upload xai-oauth --no-browserHowever the callback listener nonetheless runs at the distant gadget at:
127.0.0.1:56121Should you open the broadcast URL in your pc with out forwarding that port, the browser can not succeed in the callback listener. You’ll in most cases see a connection error.
Open a 2nd terminal in your native gadget and ahead the port first:
ssh -N -L 56121:127.0.0.1:56121 consumer@remote-hostThen, within the SSH consultation the place Hermes is working:
hermes auth upload xai-oauth --no-browserOpen the broadcast URL on your native browser. The login will have to now redirect again in the course of the forwarded port to Hermes at the distant gadget.
Should you attach via a leap host, upload -J jump-user@jump-host to the SSH command.
Browser-Simplest Faraway Consoles
If you’re the use of a browser-based distant console, corresponding to Cloud Shell, Codespaces, EC2 Example Attach, Gitpod, or a an identical surroundings, the SSH forwarding recipe will not be to be had.
If so, use guide paste mode:
hermes auth upload xai-oauth --manual-pasteOr release it from the style picker:
hermes style --manual-pasteHermes skips the native callback listener and allows you to paste the failed callback URL from the browser as a substitute.
Test Whether or not the Login Labored
Run:
hermes physicianSearch for the Auth Suppliers segment and take a look at the standing for xai-oauth.
If Hermes has a sound OAuth access, Grok will have to be to be had in the course of the style picker and direct service variety.
Use the Identical Login for xAI Gear
The OAuth token isn’t restricted to talk fashions. Hermes can reuse the similar xAI login for a number of direct-to-xAI gear:
- Textual content-to-speech
- Symbol technology
- Video technology
- Transcription
- X seek
Open the gear picker:
hermes gearThen make a choice the xAI backend the place wanted:
- Textual content-to-Speech: xAI TTS
- Symbol Era: xAI Grok Consider (picture)
- Video Era: xAI Grok Consider
- X Seek: xAI Grok OAuth (SuperGrok / X Top class+)
In case your OAuth token is already saved, Hermes will have to discover it and skip the credential instructed.
A small gotcha: video technology is disabled through default, so permit it in hermes gear ahead of anticipating the agent to name the video software. X seek behaves another way: Hermes’ medical doctors say it auto-enables when xAI credentials are provide, however you’ll nonetheless disable it explicitly within the gear picker if you don’t want it to be had.
To be had Grok Fashions
The present xAI OAuth setup exposes Grok chat fashions corresponding to:
grok-4.3grok-4.20-0309-reasoninggrok-4.20-0309-non-reasoninggrok-4.20-multi-agent-0309
For media gear, Hermes lists xAI choices corresponding to:
grok-imagine-imagegrok-imagine-image-qualitygrok-imagine-video- xAI TTS in the course of the
/v1/ttsendpoint
The chat style catalog is pulled from Hermes’ native fashions.dev cache, so new xAI style releases can seem after that cache refreshes.
Repair Not unusual OAuth Issues
Maximum setup issues fall into a couple of predictable buckets.
Token Expired or Refresh Failed
Hermes refreshes tokens ahead of a consultation and too can retry after a 401 reaction. If the refresh token used to be revoked or turned around, Hermes will ask you to authenticate once more.
Run:
hermes auth upload xai-oauthLogin Timed Out
The native callback listener handiest remains open for a restricted window. If you don’t approve the login briefly sufficient, the waft instances out.
Run the login command once more and approve the browser request throughout the window:
hermes auth upload xai-oauthState Mismatch
A state mismatch in most cases manner the OAuth reaction didn’t fit the request Hermes created. Re-run the login. If it helps to keep going down, take a look at whether or not a proxy, browser extension, or redirect layer is meddling with the callback.
Faraway Login Can not Succeed in the App
That is the typical SSH setup failure. The browser is in your pc, however the callback listener is at the distant gadget.
Ahead the callback port:
ssh -N -L 56121:127.0.0.1:56121 consumer@remote-hostThen rerun:
hermes auth upload xai-oauth --no-browserHTTP 403 After a A hit Login
If OAuth login succeeds however inference returns HTTP 403, the issue is also subscription entitlement relatively than a stale token. Hermes’ medical doctors say xAI’s backend has been observed to limit OAuth API get entry to for some tiers.
If that occurs, re-running hermes style is not going to mend it. Use the API-key service as a substitute:
export XAI_API_KEY=xai-...
hermes config set style.service xaiOr improve your Grok subscription if the OAuth course is needed.
No xAI Credentials Discovered
Hermes has no stored xai-oauth access and no XAI_API_KEY set.
If you wish to use SuperGrok or X Top class+ OAuth, run:
hermes styleSelect the xAI Grok OAuth service, or run:
hermes auth upload xai-oauthLog Out When Wanted
To take away stored xAI OAuth credentials:
hermes auth logout xai-oauthThat clears the OAuth access from Hermes’ auth retailer.
Should you handiest wish to take away one credential access from a pool, checklist the entries first:
hermes auth checklist xai-oauthThen take away the particular access:
hermes auth take away xai-oauth Ultimate Concept
The attraction this is comfort. If you have already got SuperGrok or X Top class+, Hermes can use that subscription via a standard browser login. No API key. No separate setup for each xAI software. No awkward token copying.
For native use, the setup is principally hermes style, pick out xAI OAuth, approve within the browser, and get started chatting. Should you favor a GUI round Hermes, Hermes Desktop is also price putting in too.
For distant machines, take into accout the callback port: 56121. That one small element saves numerous head-scratching.
The publish Learn how to Use SuperGrok With Hermes Agent With out an xAI API Key gave the impression first on Hongkiat.
WordPress Website Development Source: https://www.hongkiat.com/blog/hermes-agent-xai-grok-oauth/