API Endpoints with Integrated Content Moderation

wclayf · 2023-09-05T16:54:32.535Z

The problem with making two API calls every time instead of one is the latency, and degrading performance for no reason.

I can see use cases where developers might have a need to call the ‘moderation’ endpoint standalone, with no intent to RUN the query if it passes moderation, but just because that’s true doesn’t mean that 100% of all of the most common usage patterns of the API should always require two back to back HTTP requests.

The obvious solution is a “moderate=true” flag on the completions endpoint, that defaults to true.

wclayf · 2023-09-05T17:23:17.214Z

Yes indeed, the additional HTTP call adds latency.

I think one of the most common use cases is “chat bots” where apps take raw input from end users, and so 100% of those calls would need to be sent thru moderation (according to many peoples interpretations of the vague policy docs), and so if that’s the case the rational choice for API design is to have moderation built into the ‘completions’ call, as an option that defaults to true.

I’d like to say to the API, “block this if it violates OpenAI policy”, and don’t ding my API key. So maybe the more applicable parameter name is “ding=false”. lol.

RonaldGRuckus · 2023-09-05T17:32:29.782Z

wclayf:

Yes indeed, the additional HTTP call adds latency.

This seems like a lot of extra work and compromises just to prevent mere milliseconds of latency.

wclayf:

rational choice for API design is to have moderation built into the ‘completions’ call, as an option that defaults to true.

When you are building a tool for all programmers the less assumptions & opinions the better.

N2U · 2023-09-05T17:39:47.933Z

I can agree with that, I think it’s worth delving a bit into this.

sps:

The problem with this approach is the unnecessarily high frequency of requests hitting the endpoint. Such an approach will unnecessarily add to the compute requirements.

This is absolutely true, let’s remember that the moderation endpoint is an AI classifier. It’s probably not as resource-intensive as GPT, but it will still require GPUs, and those are currently in short supply.

sps · 2023-09-05T17:45:02.180Z

Not just that. At the scale at which OpenAI receives requests per sec, even a slight hold can induce a huge backlog.

As the saying goes “the more moving parts, the more things can go wrong”.

N2U · 2023-09-05T17:50:55.238Z

Fair point,

Although I think it’s worth mentioning that OpenAI is already passing the input, output, and generated title on ChatGPT through the moderation endpoint, so they do already know how to successfully put those cogs together.

sps · 2023-09-05T17:55:27.754Z

ChatGPT is an end-user product and that uses the moderation endpoint really well.

also,

sps:

Integrated approach will also hamper devs from bringing their own moderation system, which could be faster/better.

wclayf · 2023-09-05T18:08:19.406Z

Don’t you think cutting the number of requests per second in half is a good idea? lol. I do.

wclayf · 2023-09-05T18:10:16.924Z

When developing a tool for everyone, also the most commonly occurring usage patterns become particular relevant. If most of the time a call does moderation+completion, that’s a pretty good tip you need an endpoint that encapsulates exactly that.

N2U · 2023-09-05T18:10:46.749Z

I 100% agree with @sps

N2U:

To be clear, I’m not suggesting that any endpoints should be replaced. I’m suggesting adding a few new ones, such as gpt-3.5-turbo-mod for gpt-3.5-turbo, to make it easier for developers to comply with OpenAI’s policies.

But I fail to see the logic here

wclayf:

Don’t you think cutting the number of requests per second in half is a good idea? lol. I do.

Why would this cut the number of requests per second in half?

wclayf · 2023-09-05T18:16:54.462Z

“API Endpoints with Integrated Content Moderation” take one HTTP request. Without integration it’s two.

wclayf · 2023-09-05T18:19:45.787Z

You made a whole lot of assumptions I wasn’t implying. I’m just saying have a “moderate=true” flag, and if I set that the server can simply throw a bad request error, with the reason. It’s not mixing responsibilities. It’s good API design. If something takes 10 steps you don’t always tell the API consumers to make 10 HTTP requests. It’s an art not a science.

wclayf · 2023-09-05T18:28:16.515Z

HTTP APIs normally have all kinds of different “reasons” that any particular request can fail. I’m just saying “bad morality” is most certainly one of the reasons the “completions” should be able to fail. And from my 23yrs exp as a dev, I can tell you it’s about 3 lines of code to check this and throw an exception in OpenAI’s implementation. Aside from adding “dontDingMeBro” as an argument.

N2U · 2023-09-05T18:31:20.547Z

The rate limits are counted per endpoint, using the moderation endpoint is not going to count towards your rate limits on completion requests

novaphil · 2023-09-05T18:32:13.495Z

RonaldGRuckus:

Everyone is telling you that this is not good API design.

Regardless of academically good API design, Azure already does this. They run filtering on all chat completion requests and return moderation errors from that endpoint.

wclayf · 2023-09-05T18:33:51.982Z

Good point. That would imply an “immoral query” attempt would cost nothing, because they refused to answer it. That’s identical to submitting a moderation endpoint query that gets failed. Currently they already offer the pure moderation endpoint for free. Correct.

RonaldGRuckus · 2023-09-05T18:35:46.475Z

To me that’s just silly and would result in a lot of unhandled errors

novaphil · 2023-09-05T18:44:37.203Z

Well I think that’s the crux of the issue in these threads. Azure thinks that it’s important enough to strictly enforce all requests should be moderated before running. OpenAI doesn’t, and while OpenAI may punish you if you don’t moderate it, the documentation could certainly be more clear around when to use it and the ramifications of not using it.

logankilpatrick · 2023-09-05T18:47:54.628Z

Will take it as an action item to make it more clear people should use moderation, our best practices and safety best practices already suggest this but will look for more places to add it.

grimes · 2023-09-06T22:49:44.203Z

yes, they should. My service is partly backed by GPT and the actions of users of my service could lead to my api access to be revoked. I am implementing a moderation verification before the api call now, but I hate that this is even a thing. The API could just respond with a code (HTML - like) that says 403 Forbidden when against the guidelines and the api user can implement a catch