I’ve only used about $10/month in OpenAI API credits since I started testing it. Then suddenly, Soft Limit hit. HARD LIMIT HIT!
My account spent $50 overnight and I panicked. Rushed to my OpenAI account settings but couldn’t find any way to sort or differentiate between API keys so I’ve got absolutely no way of tracking down what may have happened.
A few questions:
(1) Should I delete all my API keys and start fresh, assuming one of my keys was exposed/exploited?
(2) Is it possible a script/bot pummeled a public input field on my site, costing me API credits even though my server/site was never prepared to handle them properly?
(3) Should I limit front-end API activities to logged-in users only?
Suggestion:
Implement some very basic API tracking so we can perform a minimal amount of troubleshooting when problems arise. The more the better but ANYTHING would be helpful at this point.
Worth noting: I’m not a developer and ChatGPT helped me write all the code I’ve used for Wordpress plugins and code chunks, so when you boil it all down, I’m expecting most of this to be a user error issue (me).
Hello, I would advise you to create new API keys and go from there. Depending on what your API is being used for you may want to also make it only available for logged in users.
Are you hitting the API on the server side not the front-end? What language is the API code in? PHP or javascript? Sounds like you have a leak somewhere. I would reset all the keys one by one and make sure you have the leak plugged.