I’m building an app that allows organizations to bring their own API key. Multiple users will then be provisioned in the app and making requests using the same key. Some functionality will be similar to the commercial ChatGPT UI experience. Trying to understand if this would violate any ToS?
Thanks
As long as you know your customer, and aren’t providing a gateway for those who are in unsupported countries or are state-sponsored terrorist groups, etc., then developing a platform for bring-your-own-key should be acceptable, as I understand it. You can write the code, or you can host the code.
While outsourcing another “cloud” may be better for AI novices then trying to develop their own solution, the caution would be in providing personal or company level API spending credentials to ANY third party. Not just because of the large amount of malicious masquerading applications that pretend to offer such BYOK software or service, but also because then who is liable when personal data the platform may store (such as assistants threads) leaks, or the site is hacked and all credentials uploaded are bought and sold on the dark web?
Note that you cannot store the API key on your server. That’s a no-no. OpenAI's "bring your own key" policy - #2 by ishant.singh
That interpretation of a BYOK policy has been recanted in the intervening three years.
That’s nearly from the days of needing preapproval for an application and not being allowed to share API outputs.
Hmm. Is there a more detailed official take on it than the current Usage Policy which says not to ask for API keys?
The screenshot you provide specifically is about ChatGPT, and the creation of GPTs (custom instruction application you can share).
It tells you not to attempt to scarf up information about ChatGPT users that might interact with your shared GPT that is in the GPT store.
Yeah, I couldn’t find a more specific update. Except for this one where you were asking ChatGPT the question (this year) and it said that entering your API key into a third party website was considered sharing your key with them and that was not supported.
If there is a more up to date and clear communication from OpenAI, it’d be nice to see a link to it.
Welcome @nvp
A simple solution is to build an app where you charge for the usage of the API with your key being the one making calls from the server side.
If you want to build a BYOK app, you have to make sure that the user’s API key is securely stored on user’s own system and isn’t accessible to a third party including you. Note that this is not legal advice.
Keep in mind that OpenAI Business Terms restrict the transfer of API key to a third party.
“(g) buy, sell, or transfer API keys from, to or with a third party.”
