Hi, what are the practices for protecting our API keys when shipping mobile apps? Do you do certificate pinning or do you use proxy backend? Or maybe don’t do anything, people don’t usually go after those(wrong answer in my experience 
)?
The only practice by smart people is to set up your own backend with user accounts, and never allow your API keys in the wild.
There is no protecting API keys in client applications that make direct connections to OpenAI from those waiting for the next silly app to drop and give free API key use.
1 Like