Best practices for preventing usage from banned countries


We were developing a feature in our app which integrates with Open AI APIs. Our servers from where the API calls will be made are from an open allowed country. However, our users may be in any part of the world.

  1. Do we need to make sure ,we, as an app, block requests coming from countries where Open AI is banned or not supported
  2. If yes, any best practices, guidelines or guidance that are being followed for the above would be of great help.



You need to ensure that your service does not break the OpenAI terms, so that would include making sure you are not supplying AI services to unsupported countries, there are currently no best practices that I know of for this, it is left as an exercise for the developer to implement.


If you’re using the Open AI API’s, then you would definitely need to abide with their regulations.

As a basic example, you could check where the user is using/querying your API from in the server side and deny execution based on it


Even if I geolocate, there is no guarantee the user is not behind a VPN. But then I suppose even a direct API call cannot be prevented. So, we can do our best efforts with the best intentions. :crossed_fingers:

1 Like

The term is “due diligence” and is the legal minimum requirement for contractual obligations unless otherwise stated. Ensuring that you geo locate users IP addresses and also perhaps make use of a VPN IP checking service… that would seem to fit that description (IMHO).

1 Like

Would it be possible for Open AI to add an API to check the validity of an IP, because the country list may change and each developer needs to first know about the change and then make those changes continually.

That’s a cool idea, but I would expect to just keep up with announcements and regular spot checking of terms.

1 Like

I think am just trying really hard, not to have a country’s police looking for me :rofl:

1 Like