How to set organization usage limits?

API
3

This topic is absolutely on point. It discusses valid trepidation.

There is no usage limit that will shut you down.

  • The only response is to not put more in prepaid credits than you can afford to lose (or less, because you can go into the negative for hours before shutoff);
  • The actual response is for OpenAI to put back hard limits, and further improve the hard limit optional features.
  • Budget must be renamed in the UI, as it presents a false premise, only sending emails.

A solution is not “get emailed”.

That is all anyone wants. OpenAI used to have that for an organization, with a straightforward presentation of a monthly limit after which the API would be cut off, with explanation:

This image shows an interface for configuring API usage and spending limits, including setting a monthly budget and email notification threshold, with a visible usage limit of $120.00. (Captioned by AI)
This image shows an interface for configuring API usage and spending limits, including setting a monthly budget and email notification threshold, with a visible usage limit of $120.00. (Captioned by AI)720×309 59.3 KB

That has been removed.

The only way they suggest now when facing account abuse: go through the work of every project and to delete api keys, along with needing to find legacy user keys and delete those also, with the last not able to be deleted until replaced. Bad: every high-security application server and every user must be refreshed with new credentials.

The image provides instructions on what to do if you suspect an issue with your API key, advising to delete your API keys and contact support immediately. (Captioned by AI)
The image provides instructions on what to do if you suspect an issue with your API key, advising to delete your API keys and contact support immediately. (Captioned by AI)674×283 12.1 KB

Doing such would damage a whole bunch of setups and deployments of rights to users, and take time during continuing abuse.

  • There needs to be a master “off” switch for an organization, and the same on projects.

A project, being a stupid overloaded name for a rights sub-container in an authentication domain, makes you think that you could could give a certain amount of credit there dedicated to a project. But no: again, amount of resetting monthly usage to just get an email if exceeded.

  • There needs to be a lifetime spend limit on a project, a hard cap with tracking shown, that if set, immediately turns off usage until you increase the dollar figure further.
  • There needs to a more granular limit (that works) for recurring usage, that shuts off an application’s project for its day or week budget, detecting and limiting abuse over a maximum. The rate limiter already stops and breaks apps on many model’s requests per day rate limit; this should be the developer’s choice in dollars.
  • API key revocation shall collect a “reason” field, and report it in 403 API error messages (“you are fired”)

Thanks for taking the time to report your legitimate hesitation.

2 Likes
API-key specific rate and spending limits would be good