The “official” rules are that users are not supposed to enter their API keys in your app. There is another post about this if you search the community forums.
However, there are apps out there also doing this.
I think that is incorrect. Do you have a link to the official rules saying this cannot be done? OpenAI states:
“Do not share your API key with others, or expose it in the browser or other client-side code. In order to protect the security of your account, OpenAI may also automatically rotate any API key that we’ve found has leaked publicly.”
It seems like OpenAI may allow adding API keys but on the server side.
Also
" Use a Key Management Service
There are a variety of products available for safely managing secret API keys. These tools allow you to control access to your keys and improve your overall data security. In the event of a data breach to your application, your key(s) would not be compromised, as they would be encrypted and managed in a completely separate location.
For teams deploying their applications into production, we recommend you consider one of these services."
Thank you for sharing the posts! This makes things more clear. I think OpenAI should definitely have an auth feature otherwise we have to implement complicated custom logins and payment systems in order to allow users to make API requests. The name is “OpenAI” but everything is built around money and profit! They have NO solutions for people who want to make simple and free to use apps. Yes, AI is expensive and we must pay to use it but OpenAI can handle the transactions through bring your own key or an auth feature. Devs should not have to integrate payments in custom apps.