Hello, is there any way to validate that request coming from chatgpt plugin?
Since our server allow just request from specific locations we want to enable access from plugin.
We already have oauth auth. But now we need to verify that request coming from chatgpt domain.
Yeah see the docs, you can verify the source IP ranges. And a host of other things inside the request headers will also give it away (though, could be game-able). Best bet is subnet masking
ChatGPT will call your plugin from an IP address in the CIDR block
23.102.140.112/28. You may wish to explicitly allowlist these IP addresses.
From https://platform.openai.com/docs/plugins/production/ip-egress-ranges
2 Likes
If you do so you are also giving away opportunities for the inclusion in other chats or services that may pop up.
Bear in mind that this (and any other method for validating that a request originated from ChatGPT) is not foolproof and shouldn’t be relied upon if it’s an important requirement. It’s very likely that malicious users can bamboozle ChatGPT into making requests outside your intended scope.
2 Likes
e.g. a job title in a jobsearch plugin…
