My API key has disappeared. When I go to the “view API Keys”, there is no key.
My app was working a few hours ago. Does openAI just remove keys without notice?
3 Likes
I have heard of no instance of “removal” of a particular or all keys. Misuse as one case you might suspect usually leads to disengagement of the whole account.
They have had database problems before. Anything from ChatGPT messaging disappearing or even appearing on the wrong account, to strange billing.
You can make a new one, make sure it is associated with the correct organization, and see if you can’t apply it again to the applications where you’ve used it.
Also might be wise to do a review of organization members, review usage, and change the password, just in case there is a bad actor who has obtained your credentials and made the modification.
1 Like
It could just be a bug, when was the last time you generated a key? and is it still working in those applications?
Last time it worked was around 4:00 pm. Then I tried using my app around 9:00 pm and it didn’t work.
I went to my account and noticed that the api key is gone. My org doesn’t have anyone else but me.
I created another key and it’s working but now I have to update my iOS app and it takes a day for Apple to review and release.
2 Likes
Putting the API key in widely-distributed software the end user can disassemble is just asking for trouble.
Perhaps they do a safety scan and look for leaked keys to deactivate.
This will be the problem, you need to use either a 3rd party API calling server to which you authenticate clients via say OAuth and then that server acts as an API relay and has the API keys held in it’s private environment variables or you can make use of an API key service from the likes of Azure, AWS, Google, etc, who will take your API request and appends your private API key details and then continues.
You can find some helpful tips here
https://help.openai.com/en/articles/5112595-best-practices-for-api-key-safety
3 Likes
Ditto. Same thing happened to me about an hour or so ago. And, mostly the only person who even knows about my app is me as I’m still working on it. I don’t think it’s just coincidence that we both lost our keys around the same time. Something must have happened.
2 Likes
Interesting, is yours not out in the wild at the moment?
1 Like
Not at all. It’s an online application, and nothing that might contain the key could ever be displayed to an end user – and right now, I’m the only end user! But, even if someone got a hold of it, that doesn’t explain how it disappeared from my OpenAI account. Why would someone hack into the account (which I doubt) just to delete the API key of a system that hasn’t even been released yet?
I’m thinking that something must have happened on OpenAI’s end, and we are perhaps just the first two that have noticed our API keys are missing.
2 Likes
Very interesting, I just checked mine and they all seem to be there… not sure on this one then.
Same thing happened to me! my APIKey was working one minute and then vanished from the portal the next. Today July 13 at around 10am PST… Maybe it got deleted during a server replication during a backup restore (they had an outage around this time)? This is totally messed up for users of my app! I can create a new one, but that does not help my shipped app. If I could at least recreate the old key then I could fix without a hotfix.
1 Like
Same thing here. Usage is down to zero for all of my users and API key is missing from my account.
1 Like
Yes, I had to release a new version of my apps. This is very annoying and causes users to leave negative reviews for the app because they don’t know that it’s openAI’s fault and they blame the app.
Shipping your key in your app is a bad idea in general. Users can decompile the app and use your key, potentially driving up your costs or getting your entire account banned. They key should be stored in a server side endpoint that your app calls.
2 Likes
Sure I get that, and in a best case scenario we would totally do that, but that’s added infrastructure maintenance for very small teams doing proof of concept apps. Also if we are using a middleman web infrastructure, then we still have the issue of needing to update it’s list of working APIKeys, and then perhaps adding triggers to see if they randomly stop working and then hot fix those keys that have randomly disappeared, so its just a pain no matter what…
All of development is a pain, no way around it. Just be aware it’s a risk, you can see other threads on this forum like this one, API key theft is a real thing. All of the things you mentioned are true, but are not exceedingly complicated. Entirely possible that OpenAI invalidates keys they find in apps or with traffic on a wide variety of IP addresses. Unfortunate that there’s no communication from them on why this happened, but that’s the current state of their service.
My Key was encrypted. Apps are meant to be used by many people from different IP addresses. If don’t think openAI is removing keys if the access is based on too many different IP addresses.
The fact that there has been no communication from openAI leads me to believe that this was not intentional. Still, they should have communicated.
1 Like
You are giving users a locked container - and the key to unlock it.
You will fail to keep your secret.
No, it’s more involved than that.
You are giving users the local device that sends data - and their simulated environment that can inject certificates and decode.