API ban from user abuse

Hi all. If a user is abusing the AI bot/app with my API integrated, can this result in my API being banned for all users? If so, how can this be avoided?

Thank you in advance for your help.

Do you mean they’re using your OpenAI secret key? I believe banning for abuse is based off the particular secret key / authentication key being used.

Hope this helps.

PS - welcome to the community!

Thank you. Yes I was going to setup a bit/app using my secret key but I am concerned about users abusing it and then the key being banned which would ruin if for others using the bot or app.

Thank you for kind welcome.

1 Like

It’s good to think ahead about this stuff.

Here’s a snippet from their updated App Review page…

You can use our free moderation endpoint and safety best practices to help you keep your app safe.

So, basically, you’ll want to put measures in place (your own or using the moderation API) to make sure no rules are broken. Also, be sure to include a user id of some sort with your API calls as this can help you track the malicious users if they slip through.

I’d make sure you have good Terms of Service too.

There’s an OpenAI Discord, but I prefer the slower page of the forums. Glad you stopped by.

What are you planning on building? We might be able to help give you pointers to get headed in the right direction.

1 Like

Thank you very much. This is a big help. I am basically building a native android and iOS app for an AI chat using the davinci 003 engine. I already have a telegram bot that is about 95% complete. My goal is to simplify access to an AI rather than a web version like ChatGPT. I have limited coding knowledge though so it’s taking a lot longer than I expected. I considering just paying to have the remaining work completed.

Hate to open an older thread, but it’s my exact question.

1). If I have a user that’s abusing the system and would call for a ban, how open to communication is OpenAI? Every chat that my users make is logged in a database with their unique user_id. So, if that user is going to cause a ban, will OpenAI allow me to ban that user, and not have my entire API banned, thus banning all my users?

2). I haven’t tried the moderation endpoints – wonder how much overhead there is. Should I run every call through them, or just randomly? [edit: Reading more of the provided links, it would seem the best might be to run the Questions through the moderation endpoint and have a reporting flag button available if my user thinks the Response should be moderated.]

3). Not sure how to send my user’s id with the JSON api call. I’ve tried a number of formats, but haven’t seen any documentation.


This JSON was accepted, no clue if OpenAI saves the custom field (user)?

  "model": "gpt-3.5-turbo",
  "temperature": 0.5,
  "messages": [
      "role": "user",
      "content": "Who are the members of clone force 99?"


Also documented on API Reference page

1 Like