Billing question for commercial apps

I am building a web app that will allow users to try creating prompts. I will offer some free credits but eventually, there will have three choices:

a) Use their own OpenAPI API Key to make their prompt runs
b) Use our API key and buy credits so that we pay OpenAI
c) Copy and paste the prompt they create on the ChatGPT interface

What are known policies or issues around asking users to enter the API key in the application settings to make the API call on their behalf of them? Does OpenAI prohibit such use of API keys?



I’m not 100% sure on a bring-your-own-key model, so you might want to check with support.

ChatGPT will likely not be free forever, but people could use your prompts with other free models.

Here’s some pages that might help you…

Hope this helps.

1 Like

Thanks. I am aware of the best practices for safe keeping API Keys but my question is more towards others using their key on a site we create to take advantage of the free credits that each user gets.



Yeah, I just linked for reference.

As I said in the comment, I’m not sure about the “bring-your-own-key” model, and you might want to reach out to official support.

Good luck.

ETA: Mentions bring-your-own-key…

@bakztfuture seems to be saying they do NOT support bring-your-own-key, but this was 2021, so things might have changed. I don’t see anything official in the docs, and I know some people are doing it, but it might not be the best model long term?


Most “bring-your-own-key” models are opensource software that people would install themselves. I don’t think OpenAI wants you storing keys (even encrypted) for other users… so that’s something to think about too…


Okay… seems it is NOT allowed… I’m not sure if they’re enforcing it, though…

1 Like

Thanks, Paul for your continued help in this matter. Yes, it appears bring-your-API-key is not a good idea, and I researched that for pay-as-you-go customers, the API limit is 3000 requests per min after the first 48 hours. Also, if we send a session nonce unique to each user and repeat the last prompt, we should be able to maintain context per user as well. Thanks again!

1 Like

No problem. Hope you stick around the community.

Are you talking about user id? This cannot chain API calls together. Each prompt->completion call is separate unto itself. The user id is to tag which users are sending what prompts for risk/safety issues.