Connections that you make to OpenAI, using your API keys, should be coming from datacenter locations known by you. There should be no reason why you do not know how and where your API keys are being employed, such as client applications that connect directly to OpenAI and not through you.
OpenAI does not provide you a detailed log of what you are doing, neither with accounting of individual API calls and how they are costing you, nor showing the IP addresses employed.
Workers functions run on Cloudflare’s global network - a growing global network of thousands of machines distributed across hundreds of locations.
The most likely scenario is a user in an unsupported locale connects to Cloudflare and gets a geolocated instance. That then connects to OpenAI.
It seems if you want to continue, you might need your backend session to constantly be asking “geolocate my IP” to some service (hopefully with the same data as OpenAI) before sending API calls to OpenAI to protect yourself and deny some hosting locations.
This is the reply from openai customer support, which seems to be not very helpful :slight_smile - i do hope the customer support could be a bit more professional:
Finally, after some waiting and communication, the customer support team revealed the issue:
OpenAI detected that a portion of our traffic (likely ~5%) from our Cloudflare Worker app originated from China, Hong Kong, and Macau before June 2, 2024.
Lessons learned: If you plan to use OpenAI’s API key in Cloudflare Worker or other edge computing products, make sure to whitelist traffic only from regions supported by OpenAI. You can find the supported countries here: OpenAI Supported Countries.
Overall, we have had great experiences interacting with OpenAI in the past, but this time, the customer support was lacking. It seemed like they intentionally avoided revealing that they were blocking traffic from China and other regions. If I hadn’t been persistent in my inquiries, I wouldn’t have known the exact issue.
As of now, we are still uncertain if this case is resolved. Customer support hasn’t confirmed if we are still receiving traffic from non-supported countries. We are left to guess and wait.
I hope OpenAI improves its customer support in the future.