Hello, i have a question about security of gpt secret key.
I am making the game where npc is a 3.5 chat gpt bot, it has a role, and has restrictions on answers out of the topic.
And i don’t want to ask my user for gpt secret key, i plan to use mine in the game. And game is planned to be uploaded on web, and won’t be fully opensource.
Is it legal to do that?
If you put the key in a binary or in a HTML/JS/config file that can be downloaded by users, this is not recommended and afaik disallowed as they could abuse the token. The recommended way is that you store the key on a backend server and make requests to it from your frontend.
2 Likes
So it would be fine if game had its own secret key?
The main thing that it should be on server side.
Of course you can provide users access to the OpenAI API unless you expose your keys. However, if there is any risk of abuse, be sure to use the moderation endpoint of the API to avoid being banned by OpenAI.
It doesn’t matter if it’s open-source or not. If you put the API key in the game and put the game on the Internet, it WILL get abused. People can extract it even if you take “extra-measures”. The only way to protect it is to put it behind a server.
Exactly. The game sends requests to your server, and your server sends it to OpenAI. This way, it’s “harder” to abuse it.
1 Like