API Key not disabled after revoked

Hi,

We have just revoked a API secrete key several hours ago because of unexpected and suspicious usage of it. But we can still use the API key to make the API request and see the unexpected usage now. Is this a bug? If not, how long will it take for the key to be disabled after revoking?

Thanks,
Jonas

1 Like

Revoking your key should take effect quickly, there could be some delay on distributed servers around the globe taking a little time to update.

If you think your API key is subject to fraudulent use you should check
https://help.openai.com/en/articles/7242626-how-can-i-report-fraud-or-suspicious-activity
and
https://help.openai.com/en/articles/5112595-best-practices-for-api-key-safety

1 Like

If you have revoked an API secret key, it should ideally become invalid immediately or within a very short period of time, typically a matter of seconds or minutes. However, the exact time it takes for a revoked key to become invalid can depend on the API service provider and their implementation.

The fact that you can still use the revoked API key several hours after revoking it does suggest a potential issue or bug in the API provider’s system. In a secure and well-implemented system, a revoked key should no longer grant access to the API.

2 Likes

Foxabilo

Revoking your key should take effect quickly, there could be some delay on distributed servers around the globe taking a little time to update.

If you think your API key is subject to fraudulent use you should check
How can I report fraud or suspicious activity? | OpenAI Help Center
and
https://help.openai.com/en/articles/5112595-best-practices-for-api-key-safety

Thank you. Just reported this fraudulent use to OpenAI.

And for some reason, the revoked key is still working for us even now.

Yes, agree, will report a bug for this revoked key issue.

I am also experiencing this issue, i reported it and got a credit, but its still happening.

None of my api-keys show usage associated with GPT-4 on Jan 13 and 14 but the cost tab (in usage tab) shows costs associated with GPT-4 model on Jan 13 and 14.

I have revoked keys days ago (suspicious activity). I think some revoked keys are still active after several days. I have reported it. Awaiting response.

1 Like