We’re a volunteer team working on an app that utilizes OpenAI for generating customer questions. We’re currently exploring different usage models and payment plans.
- Can our customers use their own API key? If yes, what are the conditions we need to follow? If no, is there any documentation or policy that explains why we can’t use customer-provided API keys?
- Is it possible for us to create OpenAI API keys on behalf of our users using our own profile?
- What are the recommended payment models for integrating OpenAI usage into our application? Could you please provide links for more information if you know any?
Yes they can and this would be the easiest solution.
The ToS are very vague about what you’re asking at the moment.
(c) Restrictions. You may not (i) use the Services in a way that infringes, misappropriates or violates any person’s rights; (ii) reverse assemble, reverse compile, decompile, translate or otherwise attempt to discover the source code or underlying components of models, algorithms, and systems of the Services (except to the extent such restrictions are contrary to applicable law); (iii) use output from the Services to develop models that compete with OpenAI; (iv) except as permitted through the API, use any automated or programmatic method to extract data or output from the Services, including scraping, web harvesting, or web data extraction; (v) represent that output from the Services was human-generated when it is not or otherwise violate our Usage Policies; (vi) buy, sell, or transfer API keys without our prior consent; or (vii), send us any personal information of children under 13 or the applicable age of digital consent. You will comply with any rate limits and other requirements in our documentation. You may use Services only in geographies currently supported by OpenAI.
The bold text vaguely implies that managing users API keys isn’t be allowed, but I don’t believe that to be the case and I know for a fact lots of companies are already doing this by white-labeling things. But I’m not sure about their internal procedures, if they have specifically asked for permission to do so or if they are using proxies to make sure all the requests are only coming from a handful of IP’s they control.
It would not be difficult to completely white-label the process, assigning an individual API key to each customer and billing them based on usage (usage costs can be tracked on an individual API key level).
There are options of adding user’s OpenAI accounts to your organization and giving them a key that way. But if you were going to do that, it would just be simpler to let them use their own API keys.
The obvious solution to me is that you have an API of your own in the middle and charge a slight markup for usage of it so you don’t lose money. For example, they ask a question, it is routed to your server, which hides your key, and you ask OpenAI the question and pass the answer back to your customer.
The downside here is:
If they violate TOS, you’d get blamed for it. Also for making a tool that can violate TOS. I guess an example is something like a search engine where users may search for illegal stuff. This is still the case if they use your org’s keys, but if you make keys for them, you can just blame those users.
Their rates count towards yours. OpenAI gives a fairly low starting limit. But this is still the same case if you create API keys with your own org.
Infra, costs, overhead of setting up auth and payment systems, and all that stuff.
The simpler solution is to let them use their own key, but have them sign up and use their own accounts with it. Maybe a tutorial for them to do their own.