How to secure my API Key from the third party vendors

A vendor is developing one of my application based upon GPT 4o-mini. I have given them my API key and a budget. How can I ensure that they doesn’t use same API key for other projects or personal use?

3 Likes

When you give someone your API key, they can use it for anything, so it’s important to make sure it’s only used for your project.

To protect yourself, you can check the API usage regularly. OpenAI lets you see how much of your budget is being used. If something doesn’t look right, you’ll know.

Another idea is to create a special API key just for this project. If there’s a problem, you can turn off that key without affecting other things.

Finally, talk to the vendor. Let them know the key is only for your project. This way, everyone is clear about what’s allowed.

2 Likes

First, you can create a dedicated API key for their project and set a low usage limits to control the budget and number of requests.

If they have to spend more, they have to ask you to increase the budget by telling you why they need to spend more.

Also you can regularly monitor the API usage for any unusual activity, and request detailed usage reports from the vendor.

Make sure to include a clause in your contract that restricts the key’s use to the specific project, with penalties for misuse.

Additionally, you can also consider periodically rotate the API key.

2 Likes

So basically there’s no other way or functionality to know if it’s being used for one project or more?

Can’t we have more control over the key as for instance, my budget for a month is 5000$ but I’m unable to predict the usage per day or it’s less than my expected usage per month and vendor can utilise it for other projects as well?

Giving your key to a vendor is a terms of service violation, don’t do it.

While the vendor is developing your application they should be using their own API key. Then, after the application is developed and transferred to you, you would add your API key to the application for use in production.

3 Likes