The first time I reported the problem, OpenAI didn’t really give me a solution, it just gave me a credit so I hadn’t consumed my app.
My app is programmed to use the most economical model gpt-3.5-turbo. My users do not exceed 50.
The implemented model is gpt-3.5-turbo, but requests appear with other unscheduled models such as gpt-3.5-turbo-0613, gpt-3.5-turbo-16k-0613, gpt-3.5-turbo-instruct, gpt-3.5-turbo-0301. I have implemented the best security practices for the secret key, I have changed it and placed it at a higher level in the App and I also change the key frequently.
The excessive use of models that are not programmed continues, I have changed the key, I even gave it another level of security. I had to block the scheduled chat and this is why my clients are withdrawing. Please help
If you put a key in user software, it will get stolen and abused. Evidence.
You need to set up a backend service that validates user accounts and instances of app installs on devices.
Thank you for your prompt advice. I placed the key in an environment variable at the document root level, but the misuse continued. Do you think the abuse will be solved if I create a database in Firebase and save and read the key from there?
I can recommend this thread to you on the topic:
Never store your keys on client side. For now the best option is to revoke your keys.
If you’ve been collecting diagnostics, usage info correctly from your app, it can tell you which of your customer(s) have figured out access to the API key. Not saying that it’ll be of help, but you can then disable access for those customers to your app.
Good luck.