Clarification on “Disable user API keys” in OpenAI Organization settings

API
1

Hey everyone!

I’m trying to understand the effect of the “Disable user API keys” setting in the OpenAI Platform’s Organization settings > Access Control section.

The description states:

“Disable user-based API keys across your entire organization. You can also choose to disable them on a project-by-project basis if needed.”

However, even after enabling this setting, user-linked API keys do not appear to be disabled.

Could someone clarify what this setting actually does? Does it prevent the creation of new user API keys, or should it immediately disable all existing ones?

Thanks in advance for your help!

1 Like
2

Hi and welcome to the community!

Disabling an API key should lead exactly to the expected result.
Sometimes it can take a short while for all systems to properly respond to the new state.
If the key still remains usable, please send us an update.

2 Likes
3

Thanks for your help!

I’ve waited a few days, but the issue still hasn’t been resolved.

Even after enabling the setting, user-linked API keys are still usable, so I will also reach out to OpenAI Support for further investigation.

Just to share what I have tested so far:

  1. I generated a user-linked API key.

  2. I executed a request using the API key in Postman.

  3. Despite the setting being enabled, the API request was successful, and the API key was not disabled as expected.

If I receive any useful information from OpenAI Support, I’ll share it here as well!

I appreciate your time and response!

4

Perhaps there is a misunderstanding based on the language you are using.

“user keys” in this case are the original API key style, They start with only “sk-”. They are not project keys, but are keys connected to a user profile, which the organization to which they are billed can be switched. “legacy” keys, which new user accounts don’t even have in their API platform user interface.

https://platform.openai.com/settings/profile/api-keys

This image shows a profile settings page with a notification indicating that user API keys have been replaced by project API keys, and it suggests using them for better resource control. (Captioned by AI)
This image shows a profile settings page with a notification indicating that user API keys have been replaced by project API keys, and it suggests using them for better resource control. (Captioned by AI)761×223 5.93 KB

1 Like