As the org owner how do I see all the API keys that have been created and delete those that I don’t want? Currently I don’t have any visibility like you do in Anthropic where you can delete or see all the keys that have been created by the developer team. Yes I’m on a paid tier.
Members of an organization are in control of their own API keys.
They can use an API key of theirs and either by “default organization” selection or in individual API requests decide if usage should be billed to their organization, or another member org where they are reader or owner.
You cannot snoop on the other account’s private data such as API key values. You can remove the member from the organization if you don’t want to grant them the ability to bill unlimited use, create fine-tunes, delete your assistants, etc.
If an org has 300 developers how do you control that if someone goes rogue and uses the API key excessively or if it leaks? There should be a pre-emptive way of seeing all available keys (Anthropic allows you to see all keys even as they grey out a portion of the key so you can’t read the entire key). If you can see, as an org owner, the entire key set you can decide which ones to delete to thwart any unwarranted usage.
Also, I can’t delete keys I have created myself. The trash can icon is greyed out. This is bizarre and gives me no confidence into future usage charges.
You will not be able to delete your final API key unless you first create a replacement.
Your complaints (and mine and others) about the poor system unsuitable for business administration of internal user accounts are yet unheard for over a year. Now imagine ChatGPT teams, where any member can invite new members with immediate effect on future billings.
Good points and it gives us a temporary fix on how to revoke a key.