How to validate that request coming from ChatGPT plugin?

Hello, is there any way to validate that request coming from chatgpt plugin?

Since our server allow just request from specific locations we want to enable access from plugin.

See Service Level Plugin Authentication doc

We already have oauth auth. But now we need to verify that request coming from chatgpt domain.

Yeah see the docs, you can verify the source IP ranges. And a host of other things inside the request headers will also give it away (though, could be game-able). Best bet is subnet masking

ChatGPT will call your plugin from an IP address in the CIDR block . You may wish to explicitly allowlist these IP addresses.

From OpenAI Platform

1 Like

If you do so you are also giving away opportunities for the inclusion in other chats or services that may pop up.

Bear in mind that this (and any other method for validating that a request originated from ChatGPT) is not foolproof and shouldn’t be relied upon if it’s an important requirement. It’s very likely that malicious users can bamboozle ChatGPT into making requests outside your intended scope.


e.g. a job title in a jobsearch plugin…