We are developing a code generation chatbot that we plan to offer on a subscription basis. We are unsure about the best way to implement OpenAI’s API key for this use case. Should we provide a unique API key to each individual user, or utilize a single key and charge users based on their individual usage?
Client software must never make calls directly to OpenAI nor should it ever have OpenAI AI keys employed by the app. That would be literally the keys to your fiefdom.
So the single key that you would use would be the one behind your own backend server that does the authorization, accounting, billing, moderating, banning, etc. of accounts.
Whether you use API key, tokens, authorization session etc depends on how the account holder is paying for their services, and if you want one subscription shared by many by uncontrolled additional users, because you didn’t think of bad actors at every facet of design.
1 Like