Allowing users to add their own OpenAI API Keys - guidelines/policy?

I’m building a Google Chrome extension that uses GPT. It will allow users to enter their own OpenAI API key in order to interact with OpenAI GPT.

Does OpenAI have rules when it comes to storing APIs? Can I allow users to enter their own APIs into a Google Chrome extension?

The “official” rules are that users are not supposed to enter their API keys in your app. There is another post about this if you search the community forums.

However, there are apps out there also doing this.

I think that is incorrect. Do you have a link to the official rules saying this cannot be done? OpenAI states:

“Do not share your API key with others, or expose it in the browser or other client-side code. In order to protect the security of your account, OpenAI may also automatically rotate any API key that we’ve found has leaked publicly.”

It seems like OpenAI may allow adding API keys but on the server side.

Also

" Use a Key Management Service

There are a variety of products available for safely managing secret API keys. These tools allow you to control access to your keys and improve your overall data security. In the event of a data breach to your application, your key(s) would not be compromised, as they would be encrypted and managed in a completely separate location.

For teams deploying their applications into production, we recommend you consider one of these services."

Sure, here is the actual post from an OpenAI staff member

It is also in one of their document pages. But I cant find it right now

Click on the link to see it was posted by OpenAI staff

Also this link (and others. If you search for “Bring Your Own Key” in the community, you will find the other references)

This post has links to sources

1 Like

Thank you for sharing the posts! This makes things more clear. I think OpenAI should definitely have an auth feature otherwise we have to implement complicated custom logins and payment systems in order to allow users to make API requests. The name is “OpenAI” but everything is built around money and profit! They have NO solutions for people who want to make simple and free to use apps. Yes, AI is expensive and we must pay to use it but OpenAI can handle the transactions through bring your own key or an auth feature. Devs should not have to integrate payments in custom apps.