API Key domain restriction or token server

I want to confirm that there is no method for restricting API keys via domain or for issuing access tokens based on a key for OpenAI APIs? This suggests I cannot use the API streamed services (like whisper transcription) on the client. Do I have to go enterprise to get this? Does anyone recommend an alternative service with similar quality models and transcription services as GPT / Whisper but with a full service API with domain restriction and token server? Thanks

  • there is no method for restricting API keys via domain.
  • there is no service for issuing credentials to other parties, other than inviting someone to be a member of your organization (where they can bill their own key usage to your account without limit).

API keys are for use in offering your own products. Not for transferring them to third-parties.

You’ll need a server that can service client requests using your own authentication method, and return AI-generated results to them. You’ll also need that customer account tracking and logging to see who hit you with $1000 of requests.

You answered my questions. Thank You. Just to clarify that there are legitimate uses of the API that is by my product that is not transferring access to third parties. My web app should (on the server) be able to request a temporary access token with an expiration time, with limited permissions, so that the web app can reach out to the OpenAI API directly from the client (the users instance of the app in their browser). This is pretty standard stuff but I understand if the service is not ready for that at this time. Thanks